rodrigovilar · November 10, 2017 13:12
diff --git a/AppTest.java b/AppTest.java

 import java.sql.Connection;
 import java.sql.DriverManager;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;

 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;

 public class AppTest {

 	private static Connection connection;

 	@BeforeClass
 	public static void criarTabela() throws Exception {
 		Class.forName("org.hsqldb.jdbc.JDBCDriver");
 		connection = novaConexao();
 		Statement comandoCriacaoTabela = novoComando(connection);
 		int resultCode = comandoCriacaoTabela
 				.executeUpdate("CREATE TABLE Pais ( sigla varchar(3) not null, nome varchar(15) not null )");
 		System.out.println("Resultado criacao: " + resultCode);
 	}

 	@Test
 	public void carregarPostGresql() throws ClassNotFoundException {
 		Class.forName("org.postgresql.Driver");
 	}

 	@Test
 	public void carregarSqlServer() throws ClassNotFoundException {
 		Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
 	}

 	@Test
 	public void carregarHSQLDB() throws ClassNotFoundException {
 		Class.forName("org.hsqldb.jdbc.JDBCDriver");
 	}

 	@Test
 	public void abrirConexao() throws SQLException {
 		novaConexao();
 	}

 	@Test
 	public void inserirRegistros() throws Exception {
 		int resultCode = inserirTresPaises(connection);
 		System.out.println("Resultado insercao: " + resultCode);
 	}

 	@Test
 	public void inserirRegistrosComPreparedStatement() throws Exception {
 		inserirPaisComPreparedStatement(connection, "CUB", "Cuba");
 		inserirPaisComPreparedStatement(connection, "CHI", "China");
 		inserirPaisComPreparedStatement(connection, "NKO", "Coreia do Norte");

 		PreparedStatement comandoLer = connection.prepareStatement("SELECT * FROM Pais");

 		ResultSet rs = comandoLer.executeQuery();

 		imprimirPaises(rs);
 	}

 	@Ignore
 	@Test
 	public void lerRegistros() throws Exception {
 		inserirTresPaises(connection);

 		Statement comandoLer = novoComando(connection);
 		ResultSet rs = comandoLer.executeQuery("SELECT * FROM Pais");

 		imprimirPaises(rs);
 	}

 	@Ignore
 	@Test
 	public void lerRegistrosComWhere() throws Exception {
 		inserirTresPaises(connection);

 		String query = "B%";
 		Statement comandoLer = connection.createStatement();
 		ResultSet rs = comandoLer.executeQuery("SELECT * FROM Pais WHERE nome LIKE '" + query + "'");

 		imprimirPaises(rs);
 	}

 	@Test
 	public void lerRegistrosComPreparedStatementEAtaque() throws Exception {
 		inserirTresPaises(connection);

 		String query = "'B'; DELETE FROM Pais; SELECT * FROM Pais WHERE nome LIKE ''";
 		PreparedStatement comandoLer = connection.prepareStatement("SELECT * FROM Pais WHERE nome LIKE ?");
 		comandoLer.setString(1, query);

 		ResultSet rs = comandoLer.executeQuery();

 		imprimirPaises(rs);

 		comandoLer.setString(1, "B%");
 		rs = comandoLer.executeQuery();

 		imprimirPaises(rs);

 	}

 	private static Connection novaConexao() throws SQLException {
 		return DriverManager.getConnection("jdbc:hsqldb:file:testdb", "SA", "");
 	}

 	private static Statement novoComando(Connection connection) throws SQLException {
 		return connection.createStatement();
 	}

 	private int inserirTresPaises(Connection connection) throws SQLException {
 		Statement comandoInserir = novoComando(connection);
 		int resultCode = comandoInserir.executeUpdate(
 				"INSERT INTO Pais VALUES ('BRA', 'Brasil'), ('EUA', 'Estados Unidos'), " + " ('ITA', 'Italia')");
 		return resultCode;
 	}

 	private int inserirPaisComPreparedStatement(Connection connection, String sigla, String nome) throws SQLException {

 		PreparedStatement comandoInserir = 
 				connection.prepareStatement("INSERT INTO Pais VALUES (?, ?)");
 		comandoInserir.setString(1, sigla);
 		comandoInserir.setString(2, nome);

 		return comandoInserir.executeUpdate();
 	}

 	private void imprimirPaises(ResultSet rs) throws SQLException {
 		while (rs.next()) {
 			System.out.println(rs.getString("sigla") + "/" + rs.getString("nome"));
 		}
 	}

 }

	import java.sql.Connection;
	import java.sql.DriverManager;
	import java.sql.PreparedStatement;
	import java.sql.ResultSet;
	import java.sql.SQLException;
	import java.sql.Statement;

	import org.junit.BeforeClass;
	import org.junit.Ignore;
	import org.junit.Test;

	public class AppTest {

	private static Connection connection;

	@BeforeClass
	public static void criarTabela() throws Exception {
	Class.forName("org.hsqldb.jdbc.JDBCDriver");
	connection = novaConexao();
	Statement comandoCriacaoTabela = novoComando(connection);
	int resultCode = comandoCriacaoTabela
	.executeUpdate("CREATE TABLE Pais ( sigla varchar(3) not null, nome varchar(15) not null )");
	System.out.println("Resultado criacao: " + resultCode);
	}

	@Test
	public void carregarPostGresql() throws ClassNotFoundException {
	Class.forName("org.postgresql.Driver");
	}

	@Test
	public void carregarSqlServer() throws ClassNotFoundException {
	Class.forName("com.microsoft.sqlserver.jdbc.SQLServerDriver");
	}

	@Test
	public void carregarHSQLDB() throws ClassNotFoundException {
	Class.forName("org.hsqldb.jdbc.JDBCDriver");
	}

	@Test
	public void abrirConexao() throws SQLException {
	novaConexao();
	}

	@Test
	public void inserirRegistros() throws Exception {
	int resultCode = inserirTresPaises(connection);
	System.out.println("Resultado insercao: " + resultCode);
	}

	@Test
	public void inserirRegistrosComPreparedStatement() throws Exception {
	inserirPaisComPreparedStatement(connection, "CUB", "Cuba");
	inserirPaisComPreparedStatement(connection, "CHI", "China");
	inserirPaisComPreparedStatement(connection, "NKO", "Coreia do Norte");

	PreparedStatement comandoLer = connection.prepareStatement("SELECT * FROM Pais");

	ResultSet rs = comandoLer.executeQuery();

	imprimirPaises(rs);
	}

	@Ignore
	@Test
	public void lerRegistros() throws Exception {
	inserirTresPaises(connection);

	Statement comandoLer = novoComando(connection);
	ResultSet rs = comandoLer.executeQuery("SELECT * FROM Pais");

	imprimirPaises(rs);
	}

	@Ignore
	@Test
	public void lerRegistrosComWhere() throws Exception {
	inserirTresPaises(connection);

	String query = "B%";
	Statement comandoLer = connection.createStatement();
	ResultSet rs = comandoLer.executeQuery("SELECT * FROM Pais WHERE nome LIKE '" + query + "'");

	imprimirPaises(rs);
	}

	@Test
	public void lerRegistrosComPreparedStatementEAtaque() throws Exception {
	inserirTresPaises(connection);

	String query = "'B'; DELETE FROM Pais; SELECT * FROM Pais WHERE nome LIKE ''";
	PreparedStatement comandoLer = connection.prepareStatement("SELECT * FROM Pais WHERE nome LIKE ?");
	comandoLer.setString(1, query);

	ResultSet rs = comandoLer.executeQuery();

	imprimirPaises(rs);

	comandoLer.setString(1, "B%");
	rs = comandoLer.executeQuery();

	imprimirPaises(rs);

	}

	private static Connection novaConexao() throws SQLException {
	return DriverManager.getConnection("jdbc:hsqldb:file:testdb", "SA", "");
	}

	private static Statement novoComando(Connection connection) throws SQLException {
	return connection.createStatement();
	}

	private int inserirTresPaises(Connection connection) throws SQLException {
	Statement comandoInserir = novoComando(connection);
	int resultCode = comandoInserir.executeUpdate(
	"INSERT INTO Pais VALUES ('BRA', 'Brasil'), ('EUA', 'Estados Unidos'), " + " ('ITA', 'Italia')");
	return resultCode;
	}

	private int inserirPaisComPreparedStatement(Connection connection, String sigla, String nome) throws SQLException {

	PreparedStatement comandoInserir =
	connection.prepareStatement("INSERT INTO Pais VALUES (?, ?)");
	comandoInserir.setString(1, sigla);
	comandoInserir.setString(2, nome);

	return comandoInserir.executeUpdate();
	}

	private void imprimirPaises(ResultSet rs) throws SQLException {
	while (rs.next()) {
	System.out.println(rs.getString("sigla") + "/" + rs.getString("nome"));
	}
	}

	}