AW: AW: xsp-element equivalent to xsl:param?

Fri, 31 Jan 2003 06:47:28 -0800 

Hello Andrew,

my final xsp should look like this:
...
<dataset>
  <xsp:logic>
 try{
     String timeOfDay = (new
SimpleDateFormat("MM/dd/yyyy")).format(request.getParameter("date"));
}catch(Exception e){}
 </xsp:logic>
<esql:connection>
<esql:pool>IDC2_int</esql:pool>
<esql:execute-query>
<esql:query>
 select * from info_bericht  where country ='<xsp-request:get-parameter 
name="GETcountry"/>'   AND  Info_datum = #<xsp:expr>timeOfDay</xsp:expr>#
 </esql:query>
...

like I stated before, as soon I get rid off the logic my query is successful.

Like you told me before my method now starts after the first xml element:

snip from IDC2_info_int_xsp.java
  /**
* Generate XML data.
*/
  public void generate() throws SAXException, IOException, ProcessingException {
  this.contentHandler.startDocument();
 AttributesImpl xspAttr = new AttributesImpl();

...

this.contentHandler.startElement(
  "",
  "dataset",
  "dataset",
  xspAttr
);
xspAttr.clear();


 this.characters("\n  ");
  
 try{
 String timeOfDay = (new
SimpleDateFormat("MM/dd/yyyy")).format(request.getParameter("date"));
}catch(Exception e){}
 
 this.characters("\n\t\t");
  ... 


-----Urspr�ngliche Nachricht-----
Von: Andrew Timberlake [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 31. Januar 2003 15:30
An: [EMAIL PROTECTED]
Betreff: Re: AW: xsp-element equivalent to xsl:param?


On Fri, 2003-01-31 at 16:09, Scherler, Thorsten wrote:
> Hello Jan,
> 
> I couldn't find the error.
> 
> But I attached it.
> 
I was reading your previous post in which you posted your xsp source.
Instead of this:
<esql:execute-query>
    <esql:query>
         select * from info_bericht  where country ='<xsp-request:get-parameter
name="GETcountry"/>' AND  Info_datum = #<xsp-request:get-parameter name="date"/>#
    </esql:query>

Try this:
<esql:execute-query>
    <esql:query>
         select * from info_bericht  where country = 
<esql:parameter><xsp-request:get-parameter
name="GETcountry"/></esql:parameter> AND  Info_datum = 
<esql:parameter><xsp-request:get-parameter name="date"/></esql:parameter>
    </esql:query>

This will then use a PreparedStatement which is safer from possible SQL exploit.

Other than that, the XSP source didn't show where you were using the direct access to 
parameters.getParameter() or request.getParameter()

Andrew

Andrew


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>


---------------------------------------------------------------------
Please check that your question  has not already been answered in the
FAQ before posting.     <http://xml.apache.org/cocoon/faq/index.html>

To unsubscribe, e-mail:     <[EMAIL PROTECTED]>
For additional commands, e-mail:   <[EMAIL PROTECTED]>

Reply via email to