On 03.Jul.2001 -- 02:16 PM, Gustavo Mejia wrote:
> Hi !!
>
> I am making a query passing it from a JSP file, my code is very simple
> but I got an error:
>
> java.lang.RuntimeException: Error executed prepared
> statement: ?
> at
>
> My code is the next:
>
> <esql:query>
> <esql:parameter type="string">
> <request:get-parameter name="pQuery"/>
> </esql:parameter>
> </esql:query>
>
> and I send the variable pQuery using the URL, something like:
>
> http://localhost/cocoon/m3/query_m3.xml?pQuery=select * from inmuebles
>
> I don't know what the error is, I think it is because the spaces in the
> query, I tried also putting my query directly, (no like a parameter) and
> it works fine.
>
> Could you help me ? how can I fix this error !!
Hi, I'm not 100% sure about this, but I believe JDBC's prepared
statements allow only replacement of one or more parameter, not of a
complete (sub) query, e.g.
"select * from person where social_sec_id=? and salary<?"
By using <esql:parameter> a prepared statement is
created, but your intent is a dynamic query, so if you omit the
<esql:parameter> and use
<esql:query>
<request:get-parameter name="pQuery"/>
</esql:query>
you'll be fine. This way no prepared statement is generated.
Of course you'll need to escape illegal characters in your request
string. The browser does that automatically when submitting forms;
the request api does as well.
Chris.
--
C h r i s t i a n H a u l
[EMAIL PROTECTED]
fingerprint: 99B0 1D9D 7919 644A 4837 7D73 FEF9 6856 335A 9E08
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faqs.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>