1. Willkommen bei SQL-Insekten!



    %joyride_info1



  2. %joyride_info2



  3. %joyride_login




  4. %joyride_details



  5. %joyride_details



  6. %joyride_hints1



  7. %joyride_hints2



  8. %joyride_menu



  9. %joyride_info3


  10. %joyride_info4


  11. %joyride_info5

Level: 1

Tipps:

SQL-Insekten

Genug geredet, los gehts!

Hintergrund-Code Erzeugte SQL-Query

public static User login(String uname, String pw) throws InternalServerErrorException {
 try {
  conn = DriverManager.getConnection(...);
  Statement stmt = conn.createStatement();
  ResultSet rs = stmt.executeQuery("SELECT benutzername " + 
                 "FROM benutzer " +
                 "WHERE benutzername ='" + uname + "' " +
                 "AND passwort ='"+ md5(pw) + "';");
  if (rs.next()){
    return new User(rs.getString("benutzername"));
  }
  return null;
 }
 catch (SQLException e) {
  throw new InternalServerErrorException();
 }
}
//...
def print_search(user_input):
  try:   
    conn = psycopg2.connect(...)
    cur = conn.cursor()
    cur.execute("SELECT produkt_id, marke, groesse, preis "
                "FROM schuhe "
                "WHERE marke='" + user_input + "';")
    row = cur.fetchone()
    while row is not None:
      print("<tr>")
      for col in row: print("<td>"+str(col)+"</td>")
      print("</tr>")
      row = cur.fetchone()
      cur.close()
  except (MySQLdb.Error, MySQLdb.Warning) as e:
    print("Internal Server Error")
# ...
$conn = new PDO(...);
$qu = "SELECT marke, groesse, preis ";
$qu .= "FROM schuhe ";
$qu .= "WHERE produkt_id=".$_GET["produkt_id"];
$stmt = $conn->query($qu);
$res = $stmt->fetch();

echo <<<OUTPUT
<b>Marke:</b> {$res["marke"]}<br>
<b>Größe:</b> {$res["groesse"]}<br>
<b>Preis:</b> {$res["preis"]}€
OUTPUT;