Well I still have not done a client, I'm checking how this works and testing it in my browser. The final target is to have another WS, especifically a BPEL Process. This BPEL-WS will use the DB-WS because it will need to make consults to the DB (obviously through the orderDetails service).
So... Can't I check it through my web browser just in order to test it before I integrate it with the BPEL WS? Thanks for your recommendation about the SQL sentence, I'm changing it :) m4rkuz-2 wrote: > > mmmm > > let's see when you modify your code to accept the param id > like this: > > public OrderData orderDetails(int id) > > You must do another client for the WS generated, query string is not the > way > to pass parameter to a web service. > > > Regards, > > > Marcus V. Sánchez D. > ______________________ > Enterprise Developer. > Sun Certified Java Programmer (SCJP) > > PD: > this line : String SQL = "SELECT * FROM `porder` WHERE order_id = " + id > ; > > is a HUGE security risk. > > > > On Wed, Mar 4, 2009 at 11:53 PM, riveraej <[email protected]> wrote: > >> >> Hi everyone! >> >> I come to you asking for help. I'm trying to mount a web service which >> consults a MySQL Database. I have already done the consult, but I can >> show >> all data contained in the database, or I can show data according to >> conditions setting these conditions manually in the code of the Java >> Class. >> Nevertheless I need to pass in some way to my class a value in order to >> make >> the SQL consult according to this. >> >> Talking in code terms... I have the next code: >> >> public class poDBService{ >> >> public OrderData orderDetails(){ >> Connection conn = (Connection) >> MessageContext.getCurrentMessageContext().getProperty( >> poDataServiceLifeCycle.DB_CONNECTION); >> if (conn!=null){ >> try{ >> String SQL = "SELECT * FROM `porder` WHERE >> order_id=1"; >> PreparedStatement statement = >> conn.prepareStatement(SQL); >> ResultSet result = >> statement.executeQuery(); >> if (result.next()){ >> OrderData orderData = new >> OrderData(); >> >> orderData.setOrderId(result.getInt("order_id")); >> >> orderData.setSoldTo(result.getInt("soldTo")); >> >> orderData.setShipTo(result.getInt("shipTo")); >> >> >> I can access to my service through my browser in the address: >> >> http://localhost:8080/axis2/services/poDataService/orderDetails >> >> It correctly displays the corresponding data contained in the table >> porder >> >> But I need to define my SQL sentence allowing to pass it the needed >> parameter for the WHERE clause. >> I already found that some people makes it with code like the next: >> >> public class poDBService{ >> >> public OrderData orderDetails(int id){ >> Connection conn = (Connection) >> MessageContext.getCurrentMessageContext().getProperty( >> poDataServiceLifeCycle.DB_CONNECTION); >> if (conn!=null){ >> try{ >> String SQL = "SELECT * FROM `porder` WHERE >> order_id = " + id ; >> PreparedStatement statement = >> conn.prepareStatement(SQL); >> ResultSet result = >> statement.executeQuery(); >> if (result.next()){ >> OrderData orderData = new >> OrderData(); >> >> orderData.setOrderId(result.getInt("order_id")); >> >> orderData.setSoldTo(result.getInt("soldTo")); >> >> orderData.setShipTo(result.getInt("shipTo")); >> >> >> With this code theoretically it would be possible to pass paramete id to >> the >> service in the URL address: >> >> http://localhost:8080/axis2/services/poDataService/orderDetails?id=1 >> >> But when I try to do it in this way Axis returns in my web browser a Soap >> message like this: >> >> <soapenv:Reason> >> <soapenv:Text xml:lang="en-US">unknown</soapenv:Text> >> </soapenv:Reason> >> >> No error is thorwn in JBoss console window. >> >> I'm using: >> - JBoss-4.2.2.G.A. >> - Axis2-1.3 >> - jdk1.5.0_17 >> - mysql-connector-java-5.1.7 >> - MySQL Server 5.1 >> >> Any ideas what is happening? or is there another way to do this? >> >> Thanks in advance! >> >> Ernesto J. Rivera >> -- >> View this message in context: >> http://www.nabble.com/Question-about-exposing-a-database-as-a-web-service...-tp22345253p22345253.html >> Sent from the Axis - User mailing list archive at Nabble.com. >> >> > > -- View this message in context: http://www.nabble.com/Question-about-exposing-a-database-as-a-web-service...-tp22345253p22353848.html Sent from the Axis - User mailing list archive at Nabble.com.
