38 try {
39 conn =
40 conn = DriverManager.getConnection(DB_URL, "user", "");
41 Statement s = conn.createStatement(); 42 s.execute("SELECT userName, isWin FROM users WHERE uid = " + req.getParameter("ticket") + ";");
43 ResultSet r = s.getResultSet();
44
37
38 try {
39 conn =
40 conn = DriverManager.getConnection(DB_URL, "user", ""); 41 Statement s = conn.createStatement();
42 s.execute("SELECT userName, isWin FROM users WHERE uid = " + req.getParameter("ticket") + ";");
43 ResultSet r = s.getResultSet();
36 Boolean b = Boolean.parseBoolean(req.getParameter("winCondition"));
37
38 try {
39 conn = 40 conn = DriverManager.getConnection(DB_URL, "user", "");
41 Statement s = conn.createStatement();
42 s.execute("SELECT userName, isWin FROM users WHERE uid = " + req.getParameter("ticket") + ";");
A web server generally only creates one instance of servlet or JSP class (i.e., treats the class as a Singleton), and will have multiple threads invoke methods on that instance to service multiple simultaneous requests.
class MyServlet extends HttpServlet {
private HashMap<String, User> users; // This field may be left open to concurrent modification.
// ...
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setStatus(200);
resp.setHeader("Content-Type", "application/json");
String name = req.getParameter("name");
users.put(name, ...); // This access is not synchronized and could result in concurrent modification of users.
}
}
Accessing such variables without synchronizing on them could allow ConcurrentModificationException
s. This could also result in race conditions occurring between threads that modify the concerned field.
Consider using some form of synchronization to ensure that such variables can be accessed safely in a concurrent context.
private synchronized doOperationOnUsers(String name) {
// users is only modified within this method.
users.put(name, ...);
}