Some SQL injection in Android – how to use GROUP BY and CASE when you are not allowed to do so

I suppose you’re all familiar with the “academic” examples of SQL injection when you put a AND 1=1 at the end of the SQL query and magically you get access to all kind of nasty things. I’ll show you how to use the same trick to do a SQL injection in Android, but for a good thing :)

I had the following situation: I’ve wanted to select group all the calls from the call log either by the caller name if the number was in the agenda or by number if the number was not in the agenda. To do this you need a content resolver, a URI and a projection to tell Android which columns you want to select. A typical call will look as follows:

getContentResolver().query(CallLog.Calls.CONTENT_URI, 
new String[] { projection}, selection, new String[] 
{selectionArgs}, sortOrder)

As you notice there is no way of telling android how to group the rows. But we Continue reading

How to increase Tomcat heap size in Eclipse

If you get a lot of java.lang.OutOfMemoryErrors while running your web application on Tomcat from Eclipse, it means that you should increase the heap size of your tomcat instance. To do this, follow these steps:

1. Open the Server view and double-click on the Tomcat instance. The server configuration screen will open.

2. Click on the “Open launch configuration” link from the General Information section.

3. Click on the Arguments tab and add the following at the end of the VM arguments: -Xms128m -Xmx512m.

The values for this 2 arguments may vary, depending on your needs or available memory :)

How to inject Spring beans into Servlets

This can be achieved in 3 simple steps:

1. Implement HttpRequestHandler

First of all your servlet class must implement the org.springframework.web.HttpRequestHandlerinterface and provide an implementation for the handleRequest() method just like you would override doPost().

2. Declare the servlet as a Spring Bean

You can do this by either adding the @Component(“myServlet”) annotation to the class, or declaring a bean with a name myServlet in applicationContext.xml.

   @Component("myServlet")
   public class MyServlet implements HttpRequestHandler {
...

3. Declare in web.xml a servlet named exactly as the Spring Bean

The last step is to declare a new servlet in web.xml that will have the same name as the previously declared Spring bean, in our case myServlet. The servlet class must be org.springframework.web.context.support.HttpRequestHandlerServlet.