Thanks
-----Ursprüngliche Nachricht-----
Von: Ilya A. Kriveshko [mailto:ilya@;kaon.com]
Gesendet: Mittwoch, 13. November 2002 18:25
An: [EMAIL PROTECTED]
Betreff: Re: AW: esql / xsp <- query for date
Please, read the recent SQL injection thread: your query is vulnerable.
Use <esql:parameter> to secure it:
<esql:query>
select * from IDM_info
where Info_datum = #<esql:parameter><xsp-request:get-parameter
name="date"/></esql:parameter># </esql:query
--
Ilya
Scherler, Thorsten wrote:
>Hello Cedric,
>
><By this, I mean that if Info_datum is '11/11/2002 <17:12:05.000', it will not equal
>'11/11/2002 00:00:00.000' <which is the date you are passing as argument.
>
><How to actually narrow the date depends on the type of <database you are using in
>the background.
>
>So for ODBC Access 97 u have to use ## to narrow the date, right!
>
>because:
><esql:query>
>select * from IDM_info where Info_datum = #<xsp-request:get-parameter name="date"/>#
>
></esql:query
>
>is working fine!
>
>Thanks a lot for the hint!
>
>Good luck,
>Cedric
>
>-----Original Message-----
>From: Scherler, Thorsten [mailto:Thorsten.Scherler@;weidmueller.de]
>Sent: 13 November 2002 17:09
>To: [EMAIL PROTECTED]
>Subject: AW: esql / xsp <- query for date
>
>
>Jepp!
>
>That way I don't an error but neither any result!
>
>-----Ursprüngliche Nachricht-----
>Von: Cedric Picard [mailto:C.Picard@;kainos.com]
>Gesendet: Mittwoch, 13. November 2002 18:03
>An: [EMAIL PROTECTED]
>Betreff: RE: esql / xsp <- query for date
>
>
>Have you tried '11/11/2002' instead?
>
>I would expect esql to use a Java Date class to wrap the date string into a Date
>object, which is then converted to the format used in the database by the JDBC driver.
>
>Cedric
>
>-----Original Message-----
>From: Scherler, Thorsten [mailto:Thorsten.Scherler@;weidmueller.de]
>Sent: 13 November 2002 17:00
>To: Cocoon-Users (E-Mail)
>Subject: esql / xsp <- query for date
>
>
>Hello group,
>
>I have a big problem!
>
>I want to do the following:
>
>I have a query on a database. It is working fine!
>
>I can do the following with every field but the date:
>e.g.
>http//...?id=1
>
>but as soon as I but ?date='11.11.2002'
>
>it blows!
>
>So trying the following blows it too:
><esql:query>
>select * from IDM_info where Info_datum = '11.11.02' </esql:query>
>
>My db is access 97 but that should be ok because I use the odbc:jdbc - bridge.
>
>So how can I get all data where the date is e.g. 13.11.2002?
>
>
>
>>Mit freundlichem Gruss,
>>
>>Thorsten Scherler
>>Marketing / Telefonmarketing
>>
>>Weidmüller GmbH & Co.
>>P.O. Box 2807
>>33058 Paderborn
>>Tel.:+ 49 - 5252-960-350
>>Fax:+ 49 - 5252-960-116
>>eMail: [EMAIL PROTECTED] http://www.weidmueller.de
>>
>>
>>
>>
>
>---------------------------------------------------------------------
>Please check that your question has not already been answered in the
>FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
>To unsubscribe, e-mail: <[EMAIL PROTECTED]>
>For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
>--
>
>This e-mail is confidential and is intended for the named recipient only. If you
>receive it in error please destroy the message and all copies. Kainos Software Ltd.
>does not accept liability for damage sustained as a result of malicious software
>(e.g. viruses). Kainos does not accept liability for, or permit, the creation of
>contracts on its behalf by e-mail, the publication of any defamatory statement by its
>employees by e-mail, or changes subsequently made to the original message. The
>Company's registered office is located at 4-6 Upper Crescent, Belfast, BT7 1NT,
>Northern Ireland, Tel +44 28 9057 1100.
>
>---------------------------------------------------------------------
>Please check that your question has not already been answered in the
>FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
>To unsubscribe, e-mail: <[EMAIL PROTECTED]>
>For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>---------------------------------------------------------------------
>Please check that your question has not already been answered in the
>FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
>To unsubscribe, e-mail: <[EMAIL PROTECTED]>
>For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
>--
>
>This e-mail is confidential and is intended for the named recipient only. If
>you receive it in error please destroy the message and all copies. Kainos
>Software Ltd. does not accept liability for damage sustained as a result of
>malicious software (e.g. viruses). Kainos does not accept liability for, or
>permit, the creation of contracts on its behalf by e-mail, the publication of
>any defamatory statement by its employees by e-mail, or changes subsequently
>made to the original message. The Company's registered office is located at
>4-6 Upper Crescent, Belfast, BT7 1NT, Northern Ireland, Tel +44 28 9057 1100.
>
>---------------------------------------------------------------------
>Please check that your question has not already been answered in the
>FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
>To unsubscribe, e-mail: <[EMAIL PROTECTED]>
>For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>---------------------------------------------------------------------
>Please check that your question has not already been answered in the
>FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
>
>To unsubscribe, e-mail: <[EMAIL PROTECTED]>
>For additional commands, e-mail: <[EMAIL PROTECTED]>
>
>
>
>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
