RE: SQL Injection

2010-03-18 Thread adam pinder 

 
use hibernate its definitely worth trying. 
 
the SQL queries can be parameterised and the parameter names can refer to 
fields in an object, it handles the escaping of values to be sql safe.
 



> From: gustavo.felisbe...@wit-software.com
> To: user@struts.apache.org
> Subject: RE: SQL Injection
> Date: Thu, 18 Mar 2010 12:34:57 +
>
> Hello,
> As far as I know there is nothing in struts to prevent SQL injection. And
> that should be done at the database level, so it is not related to Struts.
>
> Also there is no simple way of making parameters "sql injection safe". You
> can take a look at
> http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They
> have some code that will take care of inputs depending on the Database used
> (they have "cleaners" for Oracle, Mysql and SQLServer).
>
> -Mensagem original-
> De: abhishek jain [mailto:abhishek.netj...@gmail.com]
> Enviada: quinta-feira, 18 de Março de 2010 10:31
> Para: Struts Users Mailing List
> Assunto: SQL Injection
>
> Hi,
> Do we have any special technique in Struts for preventing sql injection, i
> know we can prevent it via parameterized query , but my application design
> do not permit so,
> So can anyone here help me on this, i need a function whom if i pass a
> value, it becomes sql injection safe.,
> Pl. help
> --
> Thanks and kind Regards,
> Abhishek jain
>
>
> -
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
> 
_
Do you have a story that started on Hotmail? Tell us now
http://clk.atdmt.com/UKM/go/195013117/direct/01/
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

RE: SQL Injection

2010-03-18 Thread Gustavo Felisberto 
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.

Also there is no simple way of making parameters "sql injection safe". You
can take a look at
http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They
have some code that will take care of inputs depending on the Database used
(they have "cleaners" for Oracle, Mysql and SQLServer).

-Mensagem original-
De: abhishek jain [mailto:abhishek.netj...@gmail.com] 
Enviada: quinta-feira, 18 de Março de 2010 10:31
Para: Struts Users Mailing List
Assunto: SQL Injection

Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
-- 
Thanks and kind Regards,
Abhishek jain


-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: SQL ExcuteQuery

2009-12-08 Thread musomesa 

 Your trouble is here:


pstmtname = conn.prepareStatement(sql);
 sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID =
" + UserID;


 
When you call prepareStatement(sql) the sql string is sent to the database 
which "prepares" it (essentially does all the steps neccessary before 
execution). You then change the sql string and the database knows nothing about 
it.

Change it so that the sql = line comes before the conn.prepareStatement line.

 

Chris
 

 

-Original Message-
From: Nguyen Xuan Son 
To: Struts Users Mailing List 
Sent: Tue, Dec 8, 2009 12:59 am
Subject: SQL ExcuteQuery


dear all
I've written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
 sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID =
" + UserID;
pstmtname.setString(1, "123456");
pstmtname.executeQuery();

there is no error appear but nothing is changed in the database
do you have any suggestion?
thank you very much

-- 
===
Ritsumeikan University, Asia JinZai Project
Master of Information Science
Nguyen Xuan Son

Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu
Rien, Room 103
Tel/Fax  : 81-(0)90-3976 2246
Email: nr000...@ed.ritsumei.ac.jp
Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
===

Re: SQL ExcuteQuery

2009-12-07 Thread Saeed Iqbal 
I dont see you make database connection like this for example.

conn = DriverManager.getConnection

("jdbc:mysql://your_host:3306/dbName","dbUser","dbPass");



On Tue, Dec 8, 2009 at 10:59 AM, Nguyen Xuan Son  wrote:

> dear all
> I've written
> Connection conn = null;
> PreparedStatement pstmtname = null;
> pstmtname = conn.prepareStatement(sql);
>  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID
> =
> " + UserID;
> pstmtname.setString(1, "123456");
> pstmtname.executeQuery();
>
> there is no error appear but nothing is changed in the database
> do you have any suggestion?
> thank you very much
>
> --
> ===
> Ritsumeikan University, Asia JinZai Project
> Master of Information Science
> Nguyen Xuan Son
>
> Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> ShiteiHaimu
> Rien, Room 103
> Tel/Fax  : 81-(0)90-3976 2246
> Email: nr000...@ed.ritsumei.ac.jp
> Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> ===
>



-- 
Saeed Iqbal
Independant Consultant
J2EE - Application Architect / Developer

RE: SQL ExcuteQuery

2009-12-07 Thread Vishnu Vyasan Nelliparmbil 
Move your sql before the prepared statement.
Sql =" sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ?
WHERE ROW_ID = ?";
pstmtname = conn.prepareStatement(sql);

pstmtname.setString(1, "123456");
pstmtname.setString(2, UserID);

pstmtname.executeQuery();

This will work for sure... BTB Remember this is strictly a struts
mailing list.

Best Regards
Vishnu NV

-Original Message-
From: Avlesh Singh [mailto:avl...@gmail.com] 
Sent: Tuesday, December 08, 2009 9:10 AM
To: Struts Users Mailing List
Subject: Re: SQL ExcuteQuery

Use #executeUpdate instead.

Cheers
Avlesh

On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son 
wrote:

> sorry saini but i dont see any different from your answer
> thank you
>
> 2009/12/8 Sushim Saini 
>
> > hi Nguyen Xuan Son
> > use
> > pstmtname.executeQuery() instead of pstmtname.executeQuery();
> >
> > On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son 
wrote:
> >
> > > dear all
> > > I've written
> > > Connection conn = null;
> > > PreparedStatement pstmtname = null;
> > > pstmtname = conn.prepareStatement(sql);
> > >  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ?
WHERE
> > ROW_ID
> > > =
> > > " + UserID;
> > > pstmtname.setString(1, "123456");
> > > pstmtname.executeQuery();
> > >
> > > there is no error appear but nothing is changed in the database
> > > do you have any suggestion?
> > > thank you very much
> > >
> > > --
> > >
===
> > > Ritsumeikan University, Asia JinZai Project
> > > Master of Information Science
> > > Nguyen Xuan Son
> > >
> > > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > > ShiteiHaimu
> > > Rien, Room 103
> > > Tel/Fax  : 81-(0)90-3976 2246
> > > Email: nr000...@ed.ritsumei.ac.jp
> > > Mobile   : 81-(0)90-3976 2246  URL  :
http://www.ritsumei.jp
> > >
===
> > >
> >
> >
> >
> > --
> > --
> > Sushim Saini
> >
>
>
>
> --
>
===
> Ritsumeikan University, Asia JinZai Project
> Master of Information Science
> Nguyen Xuan Son
>
> Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> ShiteiHaimu
> Rien, Room 103
> Tel/Fax  : 81-(0)90-3976 2246
> Email: nr000...@ed.ritsumei.ac.jp
> Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
>
===
>

-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org

Re: SQL ExcuteQuery

2009-12-07 Thread Sushim Saini 
sorry use executeUpdate

On Tue, Dec 8, 2009 at 11:53, Nguyen Xuan Son  wrote:

> dear singgh
> I've tried to user the excuteUpdate but the errors appear
> detail is
>
> java.sql.SQLException: Can not issue executeUpdate() for SELECTs
>at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
>at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
>at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926)
>at
> com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2320)
>at
> com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2280)
>at
> com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2265)
>
> do you have any suggestion?
>
> thanks you very much
>
>
> 2009/12/8 Avlesh Singh 
>
> > Use #executeUpdate instead.
> >
> > Cheers
> > Avlesh
> >
> > On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son 
> > wrote:
> >
> > > sorry saini but i dont see any different from your answer
> > > thank you
> > >
> > > 2009/12/8 Sushim Saini 
> > >
> > > > hi Nguyen Xuan Son
> > > > use
> > > > pstmtname.executeQuery() instead of pstmtname.executeQuery();
> > > >
> > > > On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son 
> > wrote:
> > > >
> > > > > dear all
> > > > > I've written
> > > > > Connection conn = null;
> > > > > PreparedStatement pstmtname = null;
> > > > > pstmtname = conn.prepareStatement(sql);
> > > > >  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
> > > > ROW_ID
> > > > > =
> > > > > " + UserID;
> > > > > pstmtname.setString(1, "123456");
> > > > > pstmtname.executeQuery();
> > > > >
> > > > > there is no error appear but nothing is changed in the database
> > > > > do you have any suggestion?
> > > > > thank you very much
> > > > >
> > > > > --
> > > > >
> > ===
> > > > > Ritsumeikan University, Asia JinZai Project
> > > > > Master of Information Science
> > > > > Nguyen Xuan Son
> > > > >
> > > > > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > > > > ShiteiHaimu
> > > > > Rien, Room 103
> > > > > Tel/Fax  : 81-(0)90-3976 2246
> > > > > Email: nr000...@ed.ritsumei.ac.jp
> > > > > Mobile   : 81-(0)90-3976 2246  URL  :
> http://www.ritsumei.jp
> > > > >
> > ===
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > --
> > > > Sushim Saini
> > > >
> > >
> > >
> > >
> > > --
> > > ===
> > > Ritsumeikan University, Asia JinZai Project
> > > Master of Information Science
> > > Nguyen Xuan Son
> > >
> > > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > > ShiteiHaimu
> > > Rien, Room 103
> > > Tel/Fax  : 81-(0)90-3976 2246
> > > Email: nr000...@ed.ritsumei.ac.jp
> > > Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> > > ===
> > >
> >
>
>
>
> --
> ===
> Ritsumeikan University, Asia JinZai Project
> Master of Information Science
> Nguyen Xuan Son
>
> Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> ShiteiHaimu
> Rien, Room 103
> Tel/Fax  : 81-(0)90-3976 2246
> Email: nr000...@ed.ritsumei.ac.jp
> Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> ===
>



-- 
--
Sushim Saini

Re: SQL ExcuteQuery

2009-12-07 Thread Nguyen Xuan Son 
dear singgh
I've tried to user the excuteUpdate but the errors appear
detail is

java.sql.SQLException: Can not issue executeUpdate() for SELECTs
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)
at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926)
at 
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2320)
at 
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2280)
at 
com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2265)

do you have any suggestion?

thanks you very much


2009/12/8 Avlesh Singh 

> Use #executeUpdate instead.
>
> Cheers
> Avlesh
>
> On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son 
> wrote:
>
> > sorry saini but i dont see any different from your answer
> > thank you
> >
> > 2009/12/8 Sushim Saini 
> >
> > > hi Nguyen Xuan Son
> > > use
> > > pstmtname.executeQuery() instead of pstmtname.executeQuery();
> > >
> > > On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son 
> wrote:
> > >
> > > > dear all
> > > > I've written
> > > > Connection conn = null;
> > > > PreparedStatement pstmtname = null;
> > > > pstmtname = conn.prepareStatement(sql);
> > > >  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
> > > ROW_ID
> > > > =
> > > > " + UserID;
> > > > pstmtname.setString(1, "123456");
> > > > pstmtname.executeQuery();
> > > >
> > > > there is no error appear but nothing is changed in the database
> > > > do you have any suggestion?
> > > > thank you very much
> > > >
> > > > --
> > > >
> ===
> > > > Ritsumeikan University, Asia JinZai Project
> > > > Master of Information Science
> > > > Nguyen Xuan Son
> > > >
> > > > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > > > ShiteiHaimu
> > > > Rien, Room 103
> > > > Tel/Fax  : 81-(0)90-3976 2246
> > > > Email: nr000...@ed.ritsumei.ac.jp
> > > > Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> > > >
> ===
> > > >
> > >
> > >
> > >
> > > --
> > > --
> > > Sushim Saini
> > >
> >
> >
> >
> > --
> > ===
> > Ritsumeikan University, Asia JinZai Project
> > Master of Information Science
> > Nguyen Xuan Son
> >
> > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > ShiteiHaimu
> > Rien, Room 103
> > Tel/Fax  : 81-(0)90-3976 2246
> > Email: nr000...@ed.ritsumei.ac.jp
> > Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> > ===
> >
>



-- 
===
Ritsumeikan University, Asia JinZai Project
Master of Information Science
Nguyen Xuan Son

Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu
Rien, Room 103
Tel/Fax  : 81-(0)90-3976 2246
Email: nr000...@ed.ritsumei.ac.jp
Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
===

Re: SQL ExcuteQuery

2009-12-07 Thread Avlesh Singh 
Use #executeUpdate instead.

Cheers
Avlesh

On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son  wrote:

> sorry saini but i dont see any different from your answer
> thank you
>
> 2009/12/8 Sushim Saini 
>
> > hi Nguyen Xuan Son
> > use
> > pstmtname.executeQuery() instead of pstmtname.executeQuery();
> >
> > On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son  wrote:
> >
> > > dear all
> > > I've written
> > > Connection conn = null;
> > > PreparedStatement pstmtname = null;
> > > pstmtname = conn.prepareStatement(sql);
> > >  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
> > ROW_ID
> > > =
> > > " + UserID;
> > > pstmtname.setString(1, "123456");
> > > pstmtname.executeQuery();
> > >
> > > there is no error appear but nothing is changed in the database
> > > do you have any suggestion?
> > > thank you very much
> > >
> > > --
> > > ===
> > > Ritsumeikan University, Asia JinZai Project
> > > Master of Information Science
> > > Nguyen Xuan Son
> > >
> > > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > > ShiteiHaimu
> > > Rien, Room 103
> > > Tel/Fax  : 81-(0)90-3976 2246
> > > Email: nr000...@ed.ritsumei.ac.jp
> > > Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> > > ===
> > >
> >
> >
> >
> > --
> > --
> > Sushim Saini
> >
>
>
>
> --
> ===
> Ritsumeikan University, Asia JinZai Project
> Master of Information Science
> Nguyen Xuan Son
>
> Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> ShiteiHaimu
> Rien, Room 103
> Tel/Fax  : 81-(0)90-3976 2246
> Email: nr000...@ed.ritsumei.ac.jp
> Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> ===
>

Re: SQL ExcuteQuery

2009-12-07 Thread Nguyen Xuan Son 
sorry saini but i dont see any different from your answer
thank you

2009/12/8 Sushim Saini 

> hi Nguyen Xuan Son
> use
> pstmtname.executeQuery() instead of pstmtname.executeQuery();
>
> On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son  wrote:
>
> > dear all
> > I've written
> > Connection conn = null;
> > PreparedStatement pstmtname = null;
> > pstmtname = conn.prepareStatement(sql);
> >  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
> ROW_ID
> > =
> > " + UserID;
> > pstmtname.setString(1, "123456");
> > pstmtname.executeQuery();
> >
> > there is no error appear but nothing is changed in the database
> > do you have any suggestion?
> > thank you very much
> >
> > --
> > ===
> > Ritsumeikan University, Asia JinZai Project
> > Master of Information Science
> > Nguyen Xuan Son
> >
> > Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> > ShiteiHaimu
> > Rien, Room 103
> > Tel/Fax  : 81-(0)90-3976 2246
> > Email: nr000...@ed.ritsumei.ac.jp
> > Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> > ===
> >
>
>
>
> --
> --
> Sushim Saini
>



-- 
===
Ritsumeikan University, Asia JinZai Project
Master of Information Science
Nguyen Xuan Son

Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu
Rien, Room 103
Tel/Fax  : 81-(0)90-3976 2246
Email: nr000...@ed.ritsumei.ac.jp
Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
===

Re: SQL ExcuteQuery

2009-12-07 Thread Sushim Saini 
hi Nguyen Xuan Son
use
pstmtname.executeQuery() instead of pstmtname.executeQuery();

On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son  wrote:

> dear all
> I've written
> Connection conn = null;
> PreparedStatement pstmtname = null;
> pstmtname = conn.prepareStatement(sql);
>  sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID
> =
> " + UserID;
> pstmtname.setString(1, "123456");
> pstmtname.executeQuery();
>
> there is no error appear but nothing is changed in the database
> do you have any suggestion?
> thank you very much
>
> --
> ===
> Ritsumeikan University, Asia JinZai Project
> Master of Information Science
> Nguyen Xuan Son
>
> Add   : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18
> ShiteiHaimu
> Rien, Room 103
> Tel/Fax  : 81-(0)90-3976 2246
> Email: nr000...@ed.ritsumei.ac.jp
> Mobile   : 81-(0)90-3976 2246  URL  : http://www.ritsumei.jp
> ===
>



-- 
--
Sushim Saini

Re: SQL Optimization Tools and Procedures

2009-06-19 Thread john feng 
Judge if the data model designed is optimized the business requirements
matter most. First of all, one got  to make sure the data model
closely represents the business object relationship - functionally properly
modeled; then considering the possible production usage situation info
gathered before hands to do some load testing. Before knowing these, one
just using a tool to blindly simulate data and judging if the data model
design will perform well goes to the wrong direction.

In addition, your last project ran into some design and architecture issues
may not only to blame the data model. If you implied it's just a performance
issue, you may tune it for the production usage situation. But it is hard to
tune it before you know the possible production usage situation - not
necessarily wait until application is deployed and used in production. So
you must do your best gather the enough information about the production
usage situation before tuning it.

John
On Fri, Jun 19, 2009 at 11:16 AM, Edward Song wrote:

> Here's a Friday discussion.
>
> As an application developer, I can write SQL pretty well, but I wouldn't
> say
> that I'm an expert.  My last project I did run into some design and
> architecture issues that needed a little bit of reworking and
> refactoring.  To help avoid this, I want to get better and have more
> confidence moving forward in a project that my schema design has been
> optimized, or at least perform some excercise to let me know that I gave it
> a good effort.
>
> Any insights on how as application developers, we can perform some exercise
> with some tool at the early design phases that will help us give us
> confidence that our initial schema, indexes and queries are optimized?
>

Re: SQL Optimization Tools and Procedures

2009-06-19 Thread Terry Gardner 
If you have the code in a workable configuration, you can test it  
easily with a SQL query job using SLAMD (http://slamd2.dev.java.net).  
This generate load that may point to indexing problems and other  
performance-related problems.


On Jun 19, 2009, at 11:16 AM, Edward Song wrote:


Here's a Friday discussion.

As an application developer, I can write SQL pretty well, but I  
wouldn't say

that I'm an expert.  My last project I did run into some design and
architecture issues that needed a little bit of reworking and
refactoring.  To help avoid this, I want to get better and have more
confidence moving forward in a project that my schema design has been
optimized, or at least perform some excercise to let me know that I  
gave it

a good effort.

Any insights on how as application developers, we can perform some  
exercise

with some tool at the early design phases that will help us give us
confidence that our initial schema, indexes and queries are optimized?



--
terry.gard...@sun.com
Blog: http://blogs.sun.com/terrygardner
Blog: http://ff1959.wordpress.com
Twitter: http://twitter.com/tgardner
SLAMD: http://slamd2.dev.java.net
Skype: Terry_J_Gardner

"Potentia vobiscum"





smime.p7s
Description: S/MIME cryptographic signature

Re: SQL

2005-02-16 Thread DGraham 
Depending on WHY you need the string, p6spy might solve your problem: 
http://www.p6spy.com

Dennis


"CRANFORD, CHRIS" <[EMAIL PROTECTED]> 
02/16/2005 07:47 AM
Please respond to
"Struts Users Mailing List" 


To

cc

Subject
SQL






This may be slightly off-topic but I'm sure others may have ran into this 
issue.  If I have created a CallableStatement object using a SQL string, 
is there anyway to retreive that SQL string from the CallableStatement 
object ?

___
Chris Cranford
Programmer/Developer
SETECH Inc. & Companies
6302 Fairview Rd, Suite 201
Charlotte, NC  28210
Phone: (704) 362-9423, Fax: (704) 362-9409, Mobile: (704) 650-1042 
Email: [EMAIL PROTECTED]

Re: [OT] Re: SQL

2005-02-16 Thread Martin Gainty 
I concur with Erik..
The only thing I can add is to Trap the SQL Statement and store in session 
variable or bean property before you do the CallableStatement.execute..that 
way you can reference the string later on.
HTH,
Martin-
- Original Message - 
From: "Erik Weber" <[EMAIL PROTECTED]>
To: "Struts Users Mailing List" 
Sent: Wednesday, February 16, 2005 9:12 AM
Subject: [OT] Re: SQL


I don't know if there is an easier or more driver-independent way, but some 
JDBC drivers have a debug mode that can be enabled. Sorry, I don't have any 
specifics for you.

Erik
CRANFORD, CHRIS wrote:
This may be slightly off-topic but I'm sure others may have ran into this 
issue.  If I have created a CallableStatement object using a SQL string, 
is there anyway to retreive that SQL string from the CallableStatement 
object ?

___
Chris Cranford
Programmer/Developer
SETECH Inc. & Companies
6302 Fairview Rd, Suite 201
Charlotte, NC  28210
Phone: (704) 362-9423, Fax: (704) 362-9409, Mobile: (704) 650-1042 Email: 
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OT] Re: SQL

2005-02-16 Thread Erik Weber 
I don't know if there is an easier or more driver-independent way, but 
some JDBC drivers have a debug mode that can be enabled. Sorry, I don't 
have any specifics for you.

Erik
CRANFORD, CHRIS wrote:
This may be slightly off-topic but I'm sure others may have ran into this 
issue.  If I have created a CallableStatement object using a SQL string, is 
there anyway to retreive that SQL string from the CallableStatement object ?
___
Chris Cranford
Programmer/Developer
SETECH Inc. & Companies
6302 Fairview Rd, Suite 201
Charlotte, NC  28210
Phone: (704) 362-9423, Fax: (704) 362-9409, Mobile: (704) 650-1042 
Email: [EMAIL PROTECTED]

 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SQL

2005-02-16 Thread Vic 
Which DAO are you using?
.V
CRANFORD, CHRIS wrote:
This may be slightly off-topic but I'm sure others may have ran into this 
issue.  If I have created a CallableStatement object using a SQL string, is 
there anyway to retreive that SQL string from the CallableStatement object ?
___
Chris Cranford
Programmer/Developer
SETECH Inc. & Companies
6302 Fairview Rd, Suite 201
Charlotte, NC  28210
Phone: (704) 362-9423, Fax: (704) 362-9409, Mobile: (704) 650-1042 
Email: [EMAIL PROTECTED]

 


--
Forums, Boards, Blogs and News in RiA 
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]