package com.baidu.springbootservlet.servlet;

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.springframework.beans.propertyeditors.CustomBooleanEditor;

@WebServlet(urlPatterns = {"/mysql"})
/* loaded from: input_file:com/baidu/springbootservlet/servlet/Mysql.class */
public class Mysql extends HttpServlet {
    @Override // javax.servlet.http.HttpServlet
    protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        doPost(httpServletRequest, httpServletResponse);
    }

    @Override // javax.servlet.http.HttpServlet
    protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("id");
        if (parameter == null) {
            parameter = CustomBooleanEditor.VALUE_1;
        }
        try {
            System.out.println(parameter);
            httpServletResponse.getWriter().println(runQuery(parameter));
        } catch (SQLException e) {
            e.printStackTrace();
        }
    }

    private String runQuery(String str) throws SQLException {
        Connection connection = null;
        Statement statement = null;
        ResultSet resultSet = null;
        try {
            try {
                Class.forName("com.mysql.jdbc.Driver");
                connection = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "test", "test");
                statement = connection.createStatement();
                resultSet = statement.executeQuery("SELECT * FROM vuln WHERE id = " + str);
                String formatResult = formatResult(resultSet);
                if (resultSet != null) {
                    resultSet.close();
                }
                if (statement != null) {
                    statement.close();
                }
                if (connection != null) {
                    connection.close();
                }
                return formatResult;
            } catch (Exception e) {
                String str2 = "<P> Error: <PRE> " + e + " </PRE> </P>\n";
                if (resultSet != null) {
                    resultSet.close();
                }
                if (statement != null) {
                    statement.close();
                }
                if (connection != null) {
                    connection.close();
                }
                return str2;
            }
        } catch (Throwable th) {
            if (resultSet != null) {
                resultSet.close();
            }
            if (statement != null) {
                statement.close();
            }
            if (connection != null) {
                connection.close();
            }
            throw th;
        }
    }

    private String formatResult(ResultSet resultSet) throws SQLException {
        StringBuilder sb = new StringBuilder();
        if (!resultSet.next()) {
            sb.append("<P> No matching rows.<P>\n");
            return sb.toString();
        }
        do {
            sb.append(resultSet.getString(2) + IOUtils.LINE_SEPARATOR_UNIX);
        } while (resultSet.next());
        return sb.toString();
    }
}
