小样儿,顶呱呱!!![http://www.showyounger.com]
- <%@ page import="org.dias.basic.*,org.dias.filesender.*"%>
- <%@ page import="org.dias.deploy.*,org.dias.log.*,java.io.*,java.util.*,java.lang.*,java.nio.*,org.dias.database.*"%>
- <%@ page import="java.sql.*,oracle.sql.BLOB,oracle.jdbc.driver.OracleResultSet"%>
- <%
- out.print("<script>alert(0);</script>");
- String SID=(String)request.getParameter("SID");
- String sql="select save_path from oa_meetroom_use_att where SID='"+SID+"'";
- Connect con=new Connect(null);
- con.setJDBCConnect();
- Connection conn = con.getConnect();
- PreparedStatement pstmt = null;
- ResultSet rs = null;
- try {
- pstmt =conn.prepareStatement(sql);
- rs = pstmt.executeQuery();
- if (rs.next()) {
- Blob blob = ((OracleResultSet)rs).getBlob("save_path");
- InputStream inStream = blob.getBinaryStream();
- response.setContentType("application/unknown");
- response.addHeader("Content-Disposition", "attachment; filename="+"output.txt");
- OutputStream outStream = response.getOutputStream();
- byte[] bytes = new byte[1024];
- int len = 0;
- while ((len=inStream.read(bytes))!=-1) {
- outStream.write(bytes,0,len);
- }
- inStream.close();
- outStream.close();
- outStream = null;
- }
- } catch (SQLException e) {
- e.printStackTrace();
- } finally {
- if(rs!=null)
- rs.close();
- if(pstmt!=null)
- pstmt.close();
- conn.close();
- con.Close();
- }
- %>