I also fixed some more SQLite bugs! My SQLite functions now get and set data. A perfect example of this is the bug below, which I fixed today. I got errors such as "No such column: " then the username specified (I had a "create" username command, which created permissions for a user). I solved this with the code below.
The bug was in these lines:
connection.prepareStatement("INSERT INTO USERS (UserID, Password) VALUES (" + userID + ", " + password + ");");
connection.prepareStatement("INSERT INTO PERMISSIONS (UserID, PermissionsList) VALUES (" + userID + ", " + "permissionsCreated:true);");
The issue is this: when you store values to SQLite databases, specifically Strings, they need to be surrounded by 's, or single quotes. My code above didn't do this. I fixed it with the lines below.
connection.prepareStatement("INSERT INTO USERS (UserID, Password) VALUES (" + "'" + userID + "'" + ", " + "'" + password + "'" + ");");
connection.prepareStatement("INSERT INTO PERMISSIONS (UserID, PermissionsList) VALUES (" + "'" + userID + "'" + ", " + "'permissionsCreated:true');");
As you can see, the new lines fix this issue. They insert my provided strings, while also adding single quotes around them.
SQLite injection is still vulnerable. That will come with a fix next week.
Overall, I'm proud of what I finished this week. Although it was mainly bugfixes, they were major bugfixes, and my server is now functioning as it should!
Goals for next week:
ReplyDelete1. Setup a github repository to host your application.
2. Put the source for both the server and the client into your repo.
The client and server are two separate applications, and should go into two separate projects. It should be possible to check out your server and your client separately. I want to be able to check them out and run them myself.