Struts 1.3 : Preventing SQL Injection (form.field validation)
Does anyone out there have a method I could use to pass a form field variable that would check for all known SQL injection vulnerabilities (with regards to the form field only, irrespective of the method of SQL execution) and return a true/false if it passes the test? I have about 100+ forms ( 500+ fields) to validate for SQL injection vulnerabilities and was thinking of creating an abstractForm.java class and putting the validate method there and calling that in each of the MyForm.java classes validate() method. I thought initially it would be better to move everything over to use Apache commons validator, create a global rule and simply apply the global rule to every form field but it may be better to take this approach. Any thoughts on the approach or a validator classs to pattern match the field would be helpful (if you have had such a case in the past). thanks J.V. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 1.3 : Preventing SQL Injection (form.field validation)
Use Filter On 3/22/2013 7:36 PM, J.V. wrote: Does anyone out there have a method I could use to pass a form field variable that would check for all known SQL injection vulnerabilities (with regards to the form field only, irrespective of the method of SQL execution) and return a true/false if it passes the test? I have about 100+ forms ( 500+ fields) to validate for SQL injection vulnerabilities and was thinking of creating an abstractForm.java class and putting the validate method there and calling that in each of the MyForm.java classes validate() method. I thought initially it would be better to move everything over to use Apache commons validator, create a global rule and simply apply the global rule to every form field but it may be better to take this approach. Any thoughts on the approach or a validator classs to pattern match the field would be helpful (if you have had such a case in the past). thanks J.V. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts 1.3 : Preventing SQL Injection (form.field validation)
If you use JDBC prepared statements, you will not have to worry about SQL injection. Paul On Fri, Mar 22, 2013 at 6:36 PM, J.V. jvsr...@gmail.com wrote: Does anyone out there have a method I could use to pass a form field variable that would check for all known SQL injection vulnerabilities (with regards to the form field only, irrespective of the method of SQL execution) and return a true/false if it passes the test? I have about 100+ forms ( 500+ fields) to validate for SQL injection vulnerabilities and was thinking of creating an abstractForm.java class and putting the validate method there and calling that in each of the MyForm.java classes validate() method. I thought initially it would be better to move everything over to use Apache commons validator, create a global rule and simply apply the global rule to every form field but it may be better to take this approach. Any thoughts on the approach or a validator classs to pattern match the field would be helpful (if you have had such a case in the past). thanks J.V. --**--**- To unsubscribe, e-mail: user-unsubscribe@struts.**apache.orguser-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2Builder 0.5.0 has been released - now with support for Oracle, Sybase, and MS SQL Server
I'm not a big fan of code generators, but I gave Struts2Builder a try. It worked well generating a complete Struts 2 CRUD web application. I used on Mac OS 10.8.1 and with MySQL. One change I would recommend is that in the dependencies you instruct the user to add to pom.xml I think you've got an old version number for the spring-aop. Also why cannot the maven compiler settings be set to generate Java 1.6 instead of Java 1.5? Lastly, is it possible in this version to only use some of the columns in a table for generating the Java classes? I sometimes need to use existing tables that have dozens of columns but I only need a few of those columns to create/populate the state of my Java object (just to read from the table - there is no update/create back to the table)? Bruce -- View this message in context: http://struts.1045723.n5.nabble.com/Struts2Builder-0-5-0-has-been-released-now-with-support-for-Oracle-Sybase-and-MS-SQL-Server-tp5710530p5710540.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: Struts2Builder 0.5.0 has been released - now with support for Oracle, Sybase, and MS SQL Server
Hello Bruce. Thanks for writing, and thanks for trying Struts2Builder. It worked well generating a complete Struts 2 CRUD web application. I used on Mac OS 10.8.1 and with MySQL. That's good to hear. I am glad you got it working on Mac. I have not tested it there, and I haven't heard of anyone else doing so either. There's little reason to think it wouldn't work on OSX, since OSX is basically BSD Unix, but I'm glad for the confirmation. One change I would recommend is that in the dependencies you instruct the user to add to pom.xml I think you've got an old version number for the spring-aop. That could be. I am not using all the capabilities of Spring; just the dependency injection. That hasn't changed very much in quite a while, if I am not mistaken. Also why cannot the maven compiler settings be set to generate Java 1.6 instead of Java 1.5? They certainly could be. When Maven generates the starter app, it generates it at 1.5. I think if you change the Maven compiler settings to 1.6, that would work. I just didn't see a reason to do so, since EE 1.5 is still prevalent in the world. Lastly, is it possible in this version to only use some of the columns in a table for generating the Java classes? I sometimes need to use existing tables that have dozens of columns but I only need a few of those columns to create/populate the state of my Java object (just to read from the table - there is no update/create back to the table)? The checkbox on each individual column is to tell Struts2Builder whether to include that column in the List application. All columns are used in creating the Java class. I did think of this during the initial design phase, but I thought it was better to include all columns. It doesn't hurt anything to include them, and it reduces the possibility of errors. For instance, Struts2Builder allows one to add records, and an add must contain all the not-null columns. If you leave out a not-null column, the add will fail. What if someone decides not to include a not-null column? Do I force that not-null column to be included, even though the person has specified otherwise? Do I obediently ignore that not-null column, knowing that adding a row will necessarily fail? What about the display screen? I am showing a display of all columns in the row. Ignoring columns would mean the display would not (and cannot) show those columns. So based on that, I decided early on in the project that I would include all columns in the domain class. Remember, this is intended to serve as the bones of a working Struts app, not the final product. And as an aside, in most of the cases where I have said I'm not going to need that data, I usually end up needing it. --Tom
Re: Struts2Builder 0.5.0 has been released - now with support for Oracle, Sybase, and MS SQL Server
I'd like to make sure we don't turn the list into a Struts2Builder forum. Thomas wrote: Bruce wrote: Also why cannot the maven compiler settings be set to generate Java 1.6 instead of Java 1.5? I just didn't see a reason to do so, since EE 1.5 is still prevalent in the world. JEE version has nothing to do with Java version. Dave -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton https://twitter.com/dave_newton b: Bucky Bits http://buckybits.blogspot.com/ g: davelnewton https://github.com/davelnewton so: Dave Newton http://stackoverflow.com/users/438992/dave-newton
Struts2Builder 0.5.0 has been released - now with support for Oracle, Sybase, and MS SQL Server
Greetings all. Struts2Builder version 0.5.0 has been released. Struts2Builder is a Java code generation system that can automatically build a real, live, functioning Struts2 / Hibernate / Spring system for any existing Oracle, MySQL, PostgreSQL, Microsoft SQL Server, or Sybase database. Struts2Builder will log into the database, examine the metadata, and generate the source code necessary to create a CRUD (Create, Read, Update, Delete) application for every table in the target database. This is intended to serve as the bones of your Struts 2 application, upon which you can build all the extra functionality that you require. === RELEASE NOTES Version 0.5.0 contains some enhancements, and one bug fix: Enhancements: Other databases are now supported. Previous versions of Struts2Builder supported PostgreSQL and MySql only. This release adds support for Oracle, Sybase, and Microsoft SQL Server. Bug Fix: If a table has multiple complex foreign keys targeting the same base table, the Hibernate relationships based on those foreign keys were not created properly. This has been fixed. === We recommend that all users of Struts2Builder upgrade to this new release. Struts2Builder can be downloaded at http://struts2builder.sourceforge.net. Documentation is included as a pdf file in the released zip. Struts2Builder is released under the MIT license, and you are free to use this in any project, commercial or non-commercial. Enjoy! --Tom
generate SQL Hibernate Query using session
Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: generate SQL Hibernate Query using session
What does having joins have to do with not being able to map to your data model? Dave On Feb 17, 2011 8:43 PM, Jerson John jer...@cprvision.com wrote: Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: generate SQL Hibernate Query using session
Hi, Thanks for your reply. Actually I am bit confused here..What I do normally is that get the List of the model calss from the HQL Query and cast it and iterate it in jsp...Here If there values from more than one table then I can't cast it to any model class because of the difference in properties.Please advice me a approach for thisThanks in advance Many Thanks and Regards, Jerson -Original Message- From: Dave Newton [mailto:davelnew...@gmail.com] Sent: Friday, February 18, 2011 10:34 AM To: Struts Users Mailing List Subject: Re: generate SQL Hibernate Query using session What does having joins have to do with not being able to map to your data model? Dave On Feb 17, 2011 8:43 PM, Jerson John jer...@cprvision.com wrote: Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: generate SQL Hibernate Query using session
Hi, By the way My query is below select b.Name as brand,a.Name as eventname,c.Code,a.EventStartDate,a.EventEndDate,a.EventObjective,a.EventTyp e from ASSET a,Brand b,LPDCOUNTRY c where a.Brand=b.id and a.Country=c.id It also says brand property not defined...Is there any syntax error...I couldn't find any Thanks in advance Many Thanks and Regards, Jerson From: Jerson John [mailto:jer...@cprvision.com] Sent: Friday, February 18, 2011 10:53 AM To: 'Struts Users Mailing List' Subject: RE: generate SQL Hibernate Query using session Hi, Thanks for your reply. Actually I am bit confused here..What I do normally is that get the List of the model calss from the HQL Query and cast it and iterate it in jsp...Here If there values from more than one table then I can't cast it to any model class because of the difference in properties.Please advice me a approach for thisThanks in advance Many Thanks and Regards, Jerson -Original Message- From: Dave Newton [mailto:davelnew...@gmail.com] Sent: Friday, February 18, 2011 10:34 AM To: Struts Users Mailing List Subject: Re: generate SQL Hibernate Query using session What does having joins have to do with not being able to map to your data model? Dave On Feb 17, 2011 8:43 PM, Jerson John jer...@cprvision.com wrote: Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: generate SQL Hibernate Query using session
I think you may use the Composite Class in Hibernate. Query q = session.createQuery ( select new NewCompositeClass(members, classInfo.className) + from Members members, ClassInfo classInfo + where members.level = classInfo.classCode ); and you need a class:NewCompositeClass.java Regards, Mead
RE: generate SQL Hibernate Query using session
Jerson - What I would likely suggest you consider is creating a DTO object that resembles your result from the SQLQuery. You can then use one of the stock Hibernate Transformers to convert the SQL results into instances of this DTO Bean and then you can return the beans to your view to iterate over. Here's a simple example: public List getQueryUsingResultTransformer() { SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ query.setResultTransformer(new AliasToBeanResultTransformer(YourDTO.class)); return(query.list()); } Another alternative would be to iterate the result set yourself public ListYourDTO getQueryDoingSelfInstantiation() { ListYourDTO myList = new ArrayListYourDTO(); SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ List results = query.list(); Iterator i = results.iterator(); while(i.hasNext()) { Object[] row = (Object[]) i.next(); /* each row has a 0-based index for each column of query */ YourDTO dto = new YourDTO(); /* set values on dto */ myList.add(dto); } return(myList); } Both basically do the same; however I find that using the AliasToBean transformer is much cleaner code :) Chris -Original Message- From: Jerson John [mailto:jer...@cprvision.com] Sent: Thursday, February 17, 2011 7:43 PM To: user@struts.apache.org Subject: generate SQL Hibernate Query using session Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: generate SQL Hibernate Query using session
Hi, It was really a great help from you guys...Thanks a lotfinally I manged to do some way.. Appreciate ur help... Many Thanks and Regards, Jerson -Original Message- From: CRANFORD, CHRIS [mailto:chris.cranf...@setech.com] Sent: Friday, February 18, 2011 11:23 AM To: Struts Users Mailing List Subject: RE: generate SQL Hibernate Query using session Jerson - What I would likely suggest you consider is creating a DTO object that resembles your result from the SQLQuery. You can then use one of the stock Hibernate Transformers to convert the SQL results into instances of this DTO Bean and then you can return the beans to your view to iterate over. Here's a simple example: public List getQueryUsingResultTransformer() { SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ query.setResultTransformer(new AliasToBeanResultTransformer(YourDTO.class)); return(query.list()); } Another alternative would be to iterate the result set yourself public ListYourDTO getQueryDoingSelfInstantiation() { ListYourDTO myList = new ArrayListYourDTO(); SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ List results = query.list(); Iterator i = results.iterator(); while(i.hasNext()) { Object[] row = (Object[]) i.next(); /* each row has a 0-based index for each column of query */ YourDTO dto = new YourDTO(); /* set values on dto */ myList.add(dto); } return(myList); } Both basically do the same; however I find that using the AliasToBean transformer is much cleaner code :) Chris -Original Message- From: Jerson John [mailto:jer...@cprvision.com] Sent: Thursday, February 17, 2011 7:43 PM To: user@struts.apache.org Subject: generate SQL Hibernate Query using session Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: generate SQL Hibernate Query using session
Hi, Can u suggest me the best way to use datetime picker tag...It seems normal Struts 2 Tag Library does not have this... Many Thanks and Regards, Jerson CPR Vision Management Pte Ltd CRM Software Marketing E: jer...@cprvision.com T: + (65) 6535 0996 F: + (65) 6327 8085 www.cprvision.com CPR Vision - Nominated finalist for CRM, Marketing Loyalty Agency of the Year Award - Organized by Marketing Magazine -Original Message- From: CRANFORD, CHRIS [mailto:chris.cranf...@setech.com] Sent: Friday, February 18, 2011 11:23 AM To: Struts Users Mailing List Subject: RE: generate SQL Hibernate Query using session Jerson - What I would likely suggest you consider is creating a DTO object that resembles your result from the SQLQuery. You can then use one of the stock Hibernate Transformers to convert the SQL results into instances of this DTO Bean and then you can return the beans to your view to iterate over. Here's a simple example: public List getQueryUsingResultTransformer() { SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ query.setResultTransformer(new AliasToBeanResultTransformer(YourDTO.class)); return(query.list()); } Another alternative would be to iterate the result set yourself public ListYourDTO getQueryDoingSelfInstantiation() { ListYourDTO myList = new ArrayListYourDTO(); SQLQuery query = session.createSQLQuery(SELECT SOME FANCY DATA); /* do other stuff */ List results = query.list(); Iterator i = results.iterator(); while(i.hasNext()) { Object[] row = (Object[]) i.next(); /* each row has a 0-based index for each column of query */ YourDTO dto = new YourDTO(); /* set values on dto */ myList.add(dto); } return(myList); } Both basically do the same; however I find that using the AliasToBean transformer is much cleaner code :) Chris -Original Message- From: Jerson John [mailto:jer...@cprvision.com] Sent: Thursday, February 17, 2011 7:43 PM To: user@struts.apache.org Subject: generate SQL Hibernate Query using session Hi, I am trying to generate SQL query using session.createSQLQuery and returning the list object..This select query contains joins and so it cannot be mapped to any of my model objects.How can I now get the values in my jsp page using iterator tag in Struts 2... Please help me on this Many Thanks and Regards, Jerson - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
SQL Injection
Hi, Do we have any special technique in Struts for preventing sql injection, i know we can prevent it via parameterized query , but my application design do not permit so, So can anyone here help me on this, i need a function whom if i pass a value, it becomes sql injection safe., Pl. help -- Thanks and kind Regards, Abhishek jain
RE: SQL Injection
Hello, As far as I know there is nothing in struts to prevent SQL injection. And that should be done at the database level, so it is not related to Struts. Also there is no simple way of making parameters sql injection safe. You can take a look at http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They have some code that will take care of inputs depending on the Database used (they have cleaners for Oracle, Mysql and SQLServer). -Mensagem original- De: abhishek jain [mailto:abhishek.netj...@gmail.com] Enviada: quinta-feira, 18 de Março de 2010 10:31 Para: Struts Users Mailing List Assunto: SQL Injection Hi, Do we have any special technique in Struts for preventing sql injection, i know we can prevent it via parameterized query , but my application design do not permit so, So can anyone here help me on this, i need a function whom if i pass a value, it becomes sql injection safe., Pl. help -- Thanks and kind Regards, Abhishek jain - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
RE: SQL Injection
use hibernate its definitely worth trying. the SQL queries can be parameterised and the parameter names can refer to fields in an object, it handles the escaping of values to be sql safe. From: gustavo.felisbe...@wit-software.com To: user@struts.apache.org Subject: RE: SQL Injection Date: Thu, 18 Mar 2010 12:34:57 + Hello, As far as I know there is nothing in struts to prevent SQL injection. And that should be done at the database level, so it is not related to Struts. Also there is no simple way of making parameters sql injection safe. You can take a look at http://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet They have some code that will take care of inputs depending on the Database used (they have cleaners for Oracle, Mysql and SQLServer). -Mensagem original- De: abhishek jain [mailto:abhishek.netj...@gmail.com] Enviada: quinta-feira, 18 de Março de 2010 10:31 Para: Struts Users Mailing List Assunto: SQL Injection Hi, Do we have any special technique in Struts for preventing sql injection, i know we can prevent it via parameterized query , but my application design do not permit so, So can anyone here help me on this, i need a function whom if i pass a value, it becomes sql injection safe., Pl. help -- Thanks and kind Regards, Abhishek jain - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org _ Do you have a story that started on Hotmail? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/ - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: SQL ExcuteQuery
Your trouble is here: pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; When you call prepareStatement(sql) the sql string is sent to the database which prepares it (essentially does all the steps neccessary before execution). You then change the sql string and the database knows nothing about it. Change it so that the sql = line comes before the conn.prepareStatement line. Chris -Original Message- From: Nguyen Xuan Son yama...@gmail.com To: Struts Users Mailing List user@struts.apache.org Sent: Tue, Dec 8, 2009 12:59 am Subject: SQL ExcuteQuery dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp ===
SQL ExcuteQuery
dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp ===
Re: SQL ExcuteQuery
hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini
Re: SQL ExcuteQuery
sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini sushimsa...@gmail.com hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp ===
Re: SQL ExcuteQuery
Use #executeUpdate instead. Cheers Avlesh On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son yama...@gmail.com wrote: sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini sushimsa...@gmail.com hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp ===
Re: SQL ExcuteQuery
dear singgh I've tried to user the excuteUpdate but the errors appear detail is java.sql.SQLException: Can not issue executeUpdate() for SELECTs at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2320) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2280) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2265) do you have any suggestion? thanks you very much 2009/12/8 Avlesh Singh avl...@gmail.com Use #executeUpdate instead. Cheers Avlesh On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son yama...@gmail.com wrote: sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini sushimsa...@gmail.com hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp ===
Re: SQL ExcuteQuery
sorry use executeUpdate On Tue, Dec 8, 2009 at 11:53, Nguyen Xuan Son yama...@gmail.com wrote: dear singgh I've tried to user the excuteUpdate but the errors appear detail is java.sql.SQLException: Can not issue executeUpdate() for SELECTs at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:926) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2320) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2280) at com.mysql.jdbc.PreparedStatement.executeUpdate(PreparedStatement.java:2265) do you have any suggestion? thanks you very much 2009/12/8 Avlesh Singh avl...@gmail.com Use #executeUpdate instead. Cheers Avlesh On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son yama...@gmail.com wrote: sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini sushimsa...@gmail.com hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini
RE: SQL ExcuteQuery
Move your sql before the prepared statement. Sql = sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = ?; pstmtname = conn.prepareStatement(sql); pstmtname.setString(1, 123456); pstmtname.setString(2, UserID); pstmtname.executeQuery(); This will work for sure... BTB Remember this is strictly a struts mailing list. Best Regards Vishnu NV -Original Message- From: Avlesh Singh [mailto:avl...@gmail.com] Sent: Tuesday, December 08, 2009 9:10 AM To: Struts Users Mailing List Subject: Re: SQL ExcuteQuery Use #executeUpdate instead. Cheers Avlesh On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son yama...@gmail.com wrote: sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini sushimsa...@gmail.com hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- -- Sushim Saini -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === - To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org
Re: SQL ExcuteQuery
I dont see you make database connection like this for example. conn = DriverManager.getConnection (jdbc:mysql://your_host:3306/dbName,dbUser,dbPass); On Tue, Dec 8, 2009 at 10:59 AM, Nguyen Xuan Son yama...@gmail.com wrote: dear all I've written Connection conn = null; PreparedStatement pstmtname = null; pstmtname = conn.prepareStatement(sql); sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = + UserID; pstmtname.setString(1, 123456); pstmtname.executeQuery(); there is no error appear but nothing is changed in the database do you have any suggestion? thank you very much -- === Ritsumeikan University, Asia JinZai Project Master of Information Science Nguyen Xuan Son Add : Japan, Shiga-Ken, Kusatsu-Shi, Kasayama 3choume 1-18 ShiteiHaimu Rien, Room 103 Tel/Fax : 81-(0)90-3976 2246 Email: nr000...@ed.ritsumei.ac.jp Mobile : 81-(0)90-3976 2246 URL : http://www.ritsumei.jp === -- Saeed Iqbal Independant Consultant J2EE - Application Architect / Developer
SQL Optimization Tools and Procedures
Here's a Friday discussion. As an application developer, I can write SQL pretty well, but I wouldn't say that I'm an expert. My last project I did run into some design and architecture issues that needed a little bit of reworking and refactoring. To help avoid this, I want to get better and have more confidence moving forward in a project that my schema design has been optimized, or at least perform some excercise to let me know that I gave it a good effort. Any insights on how as application developers, we can perform some exercise with some tool at the early design phases that will help us give us confidence that our initial schema, indexes and queries are optimized?
Re: SQL Optimization Tools and Procedures
If you have the code in a workable configuration, you can test it easily with a SQL query job using SLAMD (http://slamd2.dev.java.net). This generate load that may point to indexing problems and other performance-related problems. On Jun 19, 2009, at 11:16 AM, Edward Song wrote: Here's a Friday discussion. As an application developer, I can write SQL pretty well, but I wouldn't say that I'm an expert. My last project I did run into some design and architecture issues that needed a little bit of reworking and refactoring. To help avoid this, I want to get better and have more confidence moving forward in a project that my schema design has been optimized, or at least perform some excercise to let me know that I gave it a good effort. Any insights on how as application developers, we can perform some exercise with some tool at the early design phases that will help us give us confidence that our initial schema, indexes and queries are optimized? -- terry.gard...@sun.com Blog: http://blogs.sun.com/terrygardner Blog: http://ff1959.wordpress.com Twitter: http://twitter.com/tgardner SLAMD: http://slamd2.dev.java.net Skype: Terry_J_Gardner Potentia vobiscum smime.p7s Description: S/MIME cryptographic signature
Re: SQL Optimization Tools and Procedures
Judge if the data model designed is optimized the business requirements matter most. First of all, one got to make sure the data model closely represents the business object relationship - functionally properly modeled; then considering the possible production usage situation info gathered before hands to do some load testing. Before knowing these, one just using a tool to blindly simulate data and judging if the data model design will perform well goes to the wrong direction. In addition, your last project ran into some design and architecture issues may not only to blame the data model. If you implied it's just a performance issue, you may tune it for the production usage situation. But it is hard to tune it before you know the possible production usage situation - not necessarily wait until application is deployed and used in production. So you must do your best gather the enough information about the production usage situation before tuning it. John On Fri, Jun 19, 2009 at 11:16 AM, Edward Song edward.s...@nuhorizons.comwrote: Here's a Friday discussion. As an application developer, I can write SQL pretty well, but I wouldn't say that I'm an expert. My last project I did run into some design and architecture issues that needed a little bit of reworking and refactoring. To help avoid this, I want to get better and have more confidence moving forward in a project that my schema design has been optimized, or at least perform some excercise to let me know that I gave it a good effort. Any insights on how as application developers, we can perform some exercise with some tool at the early design phases that will help us give us confidence that our initial schema, indexes and queries are optimized?
Dummy example Struts 2.0 - My Sql
Hello, I'm beginning wity Struts and I found the samples very useful, expecially the app struts2-showcase-2.0.11.2.war. But I'd need other sample to begin my own to make my owns aplications. ¿Is there any sample of struts2 with mysql? ¿Can anyone send my an url? Thanks in advance. Carlos Iglesias MADRID SPAIN
RE: Dummy example Struts 2.0 - My Sql
Hi. Use struts-blank.war Create your action classes and required beans. You can create your ConnectionManager class that returns connection when requested. Code Action to interact with database, take connection from your connectionManager class. This is as simple as you write in simple servlet. The difference is only that you are using specialized version of servlet i.e. Action. http://javaboutique.internet.com/Web_App_Struts/ You can use above link to have brief idea. -Original Message- From: Carlos Iglesias [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2008 3:16 PM To: user@struts.apache.org Subject: Dummy example Struts 2.0 - My Sql Hello, I'm beginning wity Struts and I found the samples very useful, expecially the app struts2-showcase-2.0.11.2.war. But I'd need other sample to begin my own to make my owns aplications. ¿Is there any sample of struts2 with mysql? ¿Can anyone send my an url? Thanks in advance. Carlos Iglesias MADRID SPAIN __ NOD32 3641 (20081126) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Dummy example Struts 2.0 - My Sql
Thanks for answering so quickly... I'll try 2008/11/26 Rajil [EMAIL PROTECTED] Hi. Use struts-blank.war Create your action classes and required beans. You can create your ConnectionManager class that returns connection when requested. Code Action to interact with database, take connection from your connectionManager class. This is as simple as you write in simple servlet. The difference is only that you are using specialized version of servlet i.e. Action. http://javaboutique.internet.com/Web_App_Struts/ You can use above link to have brief idea. -Original Message- From: Carlos Iglesias [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 26, 2008 3:16 PM To: user@struts.apache.org Subject: Dummy example Struts 2.0 - My Sql Hello, I'm beginning wity Struts and I found the samples very useful, expecially the app struts2-showcase-2.0.11.2.war. But I'd need other sample to begin my own to make my owns aplications. ¿Is there any sample of struts2 with mysql? ¿Can anyone send my an url? Thanks in advance. Carlos Iglesias MADRID SPAIN __ NOD32 3641 (20081126) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Dummy example Struts 2.0 - My Sql
I will be out of the office, and mostly without email access, until Dec 1. Please contact the One World office, 605-845-7172, with any general needs, and Danny Nickels, [EMAIL PROTECTED], at the same number, for any technical or integration issues. If this is an emergency, please feel free to call my cell at 605-848-2841. Thanks, -Stewart - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
I don't know what to call this SQL Exception.
Hi!! I know this is not struts question but I don't know this term so I cannot search the internet fot it. Two users are seeing the same page (data from database), and both of them are editing the same piece of data however, the other user submits the changes (update/delete) first. I need to inform the second user that his/her data is not the latest one. -- warmest regards, Ryan Webb - Philippines email: [EMAIL PROTECTED]
Re: I don't know what to call this SQL Exception.
Optimistic locking will give you some information. One way to do this is to have a column in your database table that denotes a version number, which is incremented every time the row changes. Include that value in your form, and then you will be able compare the form version to the database version, making sure they are the same before performing the update. Owen On Wed, Aug 6, 2008 at 8:21 PM, ryan webb [EMAIL PROTECTED] wrote: Hi!! I know this is not struts question but I don't know this term so I cannot search the internet fot it. Two users are seeing the same page (data from database), and both of them are editing the same piece of data however, the other user submits the changes (update/delete) first. I need to inform the second user that his/her data is not the latest one. -- warmest regards, Ryan Webb - Philippines email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
--- Mike Duffy [EMAIL PROTECTED] wrote: Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. d. [1] http://xkcd.com/327/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts Validator to Prevent SQL Injection Attacks
Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? Thx. Mike Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Mike- There are actually 2 situations to be mindful of (Not a salesman for these folks but acutenix had a very good tutorial) SQLInjection Solution might use a JS Validator.. but just in case JS validator passes it on the Server side to look for AND /OR funky conditional 1=1 comes to mind and return error if (AND / OR / == ) or any possible SQLInjections are found http://www.acunetix.com/websitesecurity/sql-injection2.htm XSS Scripting solution might use JS Validator to scan for html tags in the input form or table or input comes to mind but just in case JS validatpr passes it on the Server side you want to look for html tags like form table or input and return error if (form table or input ) of the following are found http://www.acunetix.com/websitesecurity/xss.htm I also dont use cookies to maintain State but thats Orthogonal to this topic HTH/ M-- - Original Message - From: Mike Duffy [EMAIL PROTECTED] To: user@struts.apache.org Sent: Thursday, November 15, 2007 12:42 PM Subject: Struts Validator to Prevent SQL Injection Attacks Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? Thx. Mike Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Antonio, Prepared statements if created correctly will work, but if your statements are created dynamically with text strings as the values instead of ? placeholders problems can occur. See the link from Gary Affonso's post: http://forum.hibernate.org/viewtopic.php?t=960817start=0postdays=0postorder=asc And page 16 of the following link: http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf Thx. Mike --- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote: From: Antonio Petrelli [EMAIL PROTECTED] Subject: Re: Struts Validator to Prevent SQL Injection Attacks To: Struts Users Mailing List user@struts.apache.org, [EMAIL PROTECTED] Date: Thursday, November 15, 2007, 11:21 AM 2007/11/15, Mike Duffy [EMAIL PROTECTED]: No matter where this is done, the basic problem is we have single quotes, double quotes, ampersands, semicolons, and parenthesis in our data. This may be off topic, but does not is suffice to use prepared statement and parameters to avoid such attacks? Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Dave Newton wrote: --- Mike Duffy [EMAIL PROTECTED] wrote: Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. Agreed. If you're using Hibernate (or even raw JDBC with parameterized statements), you get scrubbing automagically... http://forum.hibernate.org/viewtopic.php?t=960817start=0postdays=0postorder=asc Note that it *is* possible to go wrong with Hibernate (and even easier to go wrong with JDBC), so read up on how you can accidentally break automagic scrubbing support. Like Dave said, this is probably not something you want to do in an Interceptor (or even in your Service layer). You almost certainly want want this in your DAO layer and you probably want to rely on your underlying DAO tool to do the right thing. Just be sure to write unit tests (or in this case, integration tests) for the DAO methods to test the scrubbing. If you're using Spring and its DAO support (you are, aren't you? :-) writing both the DAO (either Hibernate or JDBC) is *really* easy and it has integration testing support that makes unit-testing the DAO's *really* awesome. Did I mention that I like Spring? :-) - Gary - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
No matter where this is done, the basic problem is we have single quotes, double quotes, ampersands, semicolons, and parenthesis in our data. After Googleing on this topic for an hour or so I do not see an elegant solution, other than possibly filtering on SQL key words (DROP, ALTER, etc.). Has anyone created an elegant solution for this problem within the Struts framework? Mike --- On Thu, 11/15/07, Dave Newton [EMAIL PROTECTED] wrote: From: Dave Newton [EMAIL PROTECTED] Subject: Re: Struts Validator to Prevent SQL Injection Attacks To: Struts Users Mailing List user@struts.apache.org, [EMAIL PROTECTED] Date: Thursday, November 15, 2007, 9:56 AM --- Mike Duffy [EMAIL PROTECTED] wrote: Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. d. [1] http://xkcd.com/327/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Get easy, one-click access to your favorites. Make Yahoo! your homepage. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Hi Mike. my comments below. Mike Duffy wrote: Thx Gary. That is good information. We are actually using JBoss with EJB 3.0, which uses Hibernate under the covers, so I am assuming we are covered. Not that sure.. if your DAO uses SQL strings in the queries (Hibernate lets you do that), then you're not covered. But if you use the placeholder and HQL or the Criteria APIs, then you're covered. Mike --- On Thu, 11/15/07, Gary Affonso [EMAIL PROTECTED] wrote: From: Gary Affonso [EMAIL PROTECTED] Subject: Re: Struts Validator to Prevent SQL Injection Attacks To: Struts Users Mailing List user@struts.apache.org Cc: [EMAIL PROTECTED] Date: Thursday, November 15, 2007, 11:13 AM Dave Newton wrote: --- Mike Duffy [EMAIL PROTECTED] wrote: Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. Agreed. If you're using Hibernate (or even raw JDBC with parameterized statements), you get scrubbing automagically... http://forum.hibernate.org/viewtopic.php?t=960817start=0postdays=0postorder=asc Note that it *is* possible to go wrong with Hibernate (and even easier to go wrong with JDBC), so read up on how you can accidentally break automagic scrubbing support. Like Dave said, this is probably not something you want to do in an Interceptor (or even in your Service layer). You almost certainly want want this in your DAO layer and you probably want to rely on your underlying DAO tool to do the right thing. Just be sure to write unit tests (or in this case, integration tests) for the DAO methods to test the scrubbing. If you're using Spring and its DAO support (you are, aren't you? :-) writing both the DAO (either Hibernate or JDBC) is *really* easy and it has integration testing support that makes unit-testing the DAO's *really* awesome. Did I mention that I like Spring? :-) - Gary - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
2007/11/15, Mike Duffy [EMAIL PROTECTED]: No matter where this is done, the basic problem is we have single quotes, double quotes, ampersands, semicolons, and parenthesis in our data. This may be off topic, but does not is suffice to use prepared statement and parameters to avoid such attacks? Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
2007/11/15, Mike Duffy [EMAIL PROTECTED]: Prepared statements if created correctly will work, but if your statements are created dynamically with text strings as the values instead of ? placeholders problems can occur. I wonder why do you create query strings this way: you can always create a query dinamically, with a variable number of parameters. In the PDF you sent, there is this sentence: snip SQL Statements using bind variables are generally immune to SQL Injection attacks as the Oracle database will use the value of the bind variable exclusively and not interpret the contents of the variable in any way. PL/SQL and JDBC allow for bind variables. Bind variables should be extensively used for both security and performance reasons. /snip I think you have no excuse :-) Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Thx Gary. That is good information. We are actually using JBoss with EJB 3.0, which uses Hibernate under the covers, so I am assuming we are covered. Mike --- On Thu, 11/15/07, Gary Affonso [EMAIL PROTECTED] wrote: From: Gary Affonso [EMAIL PROTECTED] Subject: Re: Struts Validator to Prevent SQL Injection Attacks To: Struts Users Mailing List user@struts.apache.org Cc: [EMAIL PROTECTED] Date: Thursday, November 15, 2007, 11:13 AM Dave Newton wrote: --- Mike Duffy [EMAIL PROTECTED] wrote: Does anyone have a great solution for a validator that will prevent users from entering malicious SQL into form entry text fields? I'm not sure that belongs in a validator; unless you never need to allow the use of a single quote. It is, hoever unlikely, conceivable that Little Bobby Tables[1] actually exists in the real world. Personally I'd put escaping either in a separate interceptor or on the business logic/pre-business logic data scrubbing side of things. Agreed. If you're using Hibernate (or even raw JDBC with parameterized statements), you get scrubbing automagically... http://forum.hibernate.org/viewtopic.php?t=960817start=0postdays=0postorder=asc Note that it *is* possible to go wrong with Hibernate (and even easier to go wrong with JDBC), so read up on how you can accidentally break automagic scrubbing support. Like Dave said, this is probably not something you want to do in an Interceptor (or even in your Service layer). You almost certainly want want this in your DAO layer and you probably want to rely on your underlying DAO tool to do the right thing. Just be sure to write unit tests (or in this case, integration tests) for the DAO methods to test the scrubbing. If you're using Spring and its DAO support (you are, aren't you? :-) writing both the DAO (either Hibernate or JDBC) is *really* easy and it has integration testing support that makes unit-testing the DAO's *really* awesome. Did I mention that I like Spring? :-) - Gary - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Struts Validator to Prevent SQL Injection Attacks
Whoops sorry Mike, I misread your post, and I did not notice that you was confirming what I wrote before. Sorry Antonio 2007/11/15, Mike Duffy [EMAIL PROTECTED]: Antonio, Prepared statements if created correctly will work, but if your statements are created dynamically with text strings as the values instead of ? placeholders problems can occur. See the link from Gary Affonso's post: http://forum.hibernate.org/viewtopic.php?t=960817start=0postdays=0postorder=asc And page 16 of the following link: http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf Thx. Mike --- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote: From: Antonio Petrelli [EMAIL PROTECTED] Subject: Re: Struts Validator to Prevent SQL Injection Attacks To: Struts Users Mailing List user@struts.apache.org, [EMAIL PROTECTED] Date: Thursday, November 15, 2007, 11:21 AM 2007/11/15, Mike Duffy [EMAIL PROTECTED]: No matter where this is done, the basic problem is we have single quotes, double quotes, ampersands, semicolons, and parenthesis in our data. This may be off topic, but does not is suffice to use prepared statement and parameters to avoid such attacks? Antonio - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
using jstl sql tags for displaying date from database
Hi all, In my web application I want to put current date into the header segment of each page. And I want that the date should come from the database. How can I achieve this using jstl 1.1 sql tags. Can anybody provide me a code snippet that I can put in my jsp page? Thank you.
FW: using jstl sql tags for displaying date from database
_ From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 3:16 PM To: 'user@struts.apache.org' Subject: using jstl sql tags for displaying date from database Hi all, In my web application I want to put current date into the header segment of each page. And I want that the date should come from the database. How can I achieve this using jstl 1.1 sql tags. Can anybody provide me a code snippet that I can put in my jsp page? Thank you.
Re: using jstl sql tags for displaying date from database
--- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidscs=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
Do u have the solution or just wasting my time??? -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:09 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
I'm showing you the solution, but I'm not going to do your job for you. Now if you think about the question, that about how you would cope with adjusting the time on one server (the web server) by a fixed offset (if the database server is in another timezone), you'll see how you can do it without hitting your network and the database for each occasion where you want to get the time for a query. I've got no reason to waste your time, having seen your entirely flash website I can see why you need to do something about it. (sheesh, this reminds me of having to deal with students when I worked at a university). -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:47 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Do u have the solution or just wasting my time??? -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:09 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] RE: using jstl sql tags for displaying date from database
--- Ambaris Mohanty wrote: Do u have the solution or just wasting my time??? The irony here is thick enough to slice. d. Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
Ok thanks for your reply n showing me the way. It seems you didn't get my question write. Let me explain it to you... When I query the database normally using sql:query/ tag I get a result set consisting of multiple rows, which I can display using using the c:forEach/ tag. But how to handle query like select sysdate from dual? The whole application is based upon struts framework. I have used struts 1.2.9. I thought jstl sql tag would be a better option to execute such small query since it's very simple. So, I'm trying to get it done using jstl. Can u help? AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:20 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I'm showing you the solution, but I'm not going to do your job for you. Now if you think about the question, that about how you would cope with adjusting the time on one server (the web server) by a fixed offset (if the database server is in another timezone), you'll see how you can do it without hitting your network and the database for each occasion where you want to get the time for a query. I've got no reason to waste your time, having seen your entirely flash website I can see why you need to do something about it. (sheesh, this reminds me of having to deal with students when I worked at a university). -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:47 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Do u have the solution or just wasting my time??? -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:09 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: using jstl sql tags for displaying date from database
Ambaris, I think it's quite the opposite here, but anyway... the fact is it's database dependent. Depending on the DB you may be able use select now() as a query and if it doesn't work consult you DB manual. The question has nothing to do with struts Oz On 05/06/2007, at 9:46 PM, Ambaris Mohanty wrote: Do u have the solution or just wasting my time??? -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:09 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. __ __ Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities +for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: using jstl sql tags for displaying date from database
I still don't understand why you're not using the server to get the date and explicitly including it in the query, for example; jsp:useBean id=now class=java.util.Date / sql:query var=books select * from table where date = ? sql:param value=${now} / /sql:query Or even doing all of the above in an action and using the jsp to display the results. Using the database as a timesource is something 99.9% of developers advise strongly against, isn't very well supported, and just isn't what a database is designed to do, hence why there is very little support for it. -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 13:19 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Ok thanks for your reply n showing me the way. It seems you didn't get my question write. Let me explain it to you... When I query the database normally using sql:query/ tag I get a result set consisting of multiple rows, which I can display using using the c:forEach/ tag. But how to handle query like select sysdate from dual? The whole application is based upon struts framework. I have used struts 1.2.9. I thought jstl sql tag would be a better option to execute such small query since it's very simple. So, I'm trying to get it done using jstl. Can u help? AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:20 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I'm showing you the solution, but I'm not going to do your job for you. Now if you think about the question, that about how you would cope with adjusting the time on one server (the web server) by a fixed offset (if the database server is in another timezone), you'll see how you can do it without hitting your network and the database for each occasion where you want to get the time for a query. I've got no reason to waste your time, having seen your entirely flash website I can see why you need to do something about it. (sheesh, this reminds me of having to deal with students when I worked at a university). -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:47 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Do u have the solution or just wasting my time??? -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 5:09 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason these aren't synchronized using NTP or a similar protocol would be...? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:33 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database Because the application is all about generating reports from the data in the database. So I want to display the database server time and not the web server time. It makes more sense to the users. AM -Original Message- From: Al Sutton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:54 PM To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database And the reason for not using the server time would be..? -Original Message- From: Ambaris Mohanty [mailto:[EMAIL PROTECTED] Sent: 05 June 2007 12:21 To: 'Struts Users Mailing List' Subject: RE: using jstl sql tags for displaying date from database I want to display the same time in all the client machines irrespective of their location. -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 05, 2007 4:34 PM To: Struts Users Mailing List Subject: Re: using jstl sql tags for displaying date from database --- Ambaris Mohanty wrote: And I want that the date should come from the database. Why would you want the current date to come from the database? d. Got a little couch potato? Check out fun summer activities for kids. http://search.yahoo.com/search?fr=oni_on_mailp=summer+activities+for+kidsc s=bz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
RE: [OT] Re: Struts 1.1 issue (myEclipse+Jboss 3.2.5+SQL Server 2000)
Dave, Thanks for your response. I have got your point and will try to follow the guidelines from my next mail on. I was basically interested in knowing all the steps that are required to connect to a remote SQL server 2000 using Struts on JBoss. After a night of trial and errors, I have finally established the connection. I am listing the steps to perform this task. It may be helpful to few people. ** Steps to configure JBoss for MS SQL Server database and Struts 1) MS SQL Server driver classes are required in the Classpath. Copy MS SQL Server JDBC driver class; jar files mssqlserver.jar, msbase.jar, msutil.jar to the server/default/lib directory. 2) To configure with non-XA MS SQL Server datasource-copy /docs/examples/jca/mssql-ds.xml to /server/default/deploy directory. 3) To configure with MS SQL Server XA datasource copy /docs/examples/jca/mssql-xa-ds.xml to /server/default/deploy dir. Modify mssql-ds.xml configuration file. Driver Class and Connection URL settings for MS SQL Server JDBC Drivers are as follows: 3.1) driver-classcom.microsoft.jdbc.sqlserver.SQLServerDriver /driver-class 3.2) connection-url jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=MyDatabase /connection-url 4) To configure with XA JDBC driver for MS SQL Server modify the mssql-xa-ds.xml configuration file. 4.1) driver-classcom.microsoft.jdbcx.sqlserver.SQLServerDataSource/driver- class 5) The standardjbosscmp-jdbc.xml configuration file is configured with Hypersonic database. To configure JBoss server with MS SQL Server modify /server/default/conf/standardjbosscmp-jdbc.xml configuration file. 6) Make the changes as: jbosscmp-jdbc defaults datasourcejava:/MSSQLDS/datasource datasource-mappingMS SQLSERVER2000/datasource-mapping /defaults /jbosscmp-jdbc 7) Modify login-config.xml configuration file with MS SQL Server database settings. Add the following application- policy/ element to login-config.xml. application-policy name = MSSQLDbRealm authentication login-module code = org.jboss.resource.security.ConfiguredIdentityLoginModule flag = required module-option name = principalsa/module-option module-option name = userNamesa/module-option module-option name = passwordpassword/module-option module-option name = managedConnectionFactoryNamejboss.jca:service=LocalTxCM,name=MSSQLDS /module-option /login-module /authentication /application-policy By modifying the mssql-ds.xml, standardjbosscmp-jdbc.xml and login-config.xml the JBoss 4.0 server is configured to be used with a MS SQL Server database. 8) Download these two files to use data connection using Struts and copy them to the server/default/lib directory. 1. Commons-pool-1.2.jar 2. Commons-dbcp-1.2.1.jar Regards, Jitendra -Original Message- From: Dave Newton [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 08, 2006 5:48 PM To: Struts Users Mailing List Subject: [OT] Re: Struts 1.1 issue (myEclipse+Jboss 3.2.5+SQL Server 2000) Jitendra Kumar wrote: Using the above I simply want to print the records of any table in my SQL Server 2K DB. The problem: I am not able to do the above. I have tried changing some files in Jboss. I have copied some jars of DB Drivers in WEB-INF/lib folder etc. http://www.catb.org/~esr/faqs/smart-questions.html http://www.catb.org/%7Eesr/faqs/smart-questions.html By what mechanism would you expect us to be able to answer this question? Besides the fact that this has absolutely nothing to do with Struts, you have provided essentially zero information that would allow us to even BEGIN to help. Do you get an error? If so, what error? What JARS are you using? How are you accessing the database? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts 1.1 issue (myEclipse+Jboss 3.2.5+SQL Server 2000)
I am writing this mail after spending a lot of time struggling with the stuff mentioned in subject line. My Setup 1. myEclipse IDE 2. Struts Version 1.1 3. JDK 1.5 4. Jboss 3.2.5 (Please don't ask me to go to Jboss mailing list :-( ) 5. SQL Server 2000 (This server is running on a remote win 2000 server) I am developing this application on a win 2K prof environ. The Requirement: Using the above I simply want to print the records of any table in my SQL Server 2K DB. The problem: I am not able to do the above. I have tried changing some files in Jboss. I have copied some jars of DB Drivers in WEB-INF/lib folder etc. If any of you are using the above environment or have knowledge about the same then please tell me the procedure in steps to achieve the above mentioned target. Thanks in advance Regards, Jitendra Kumar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Struts 1.1 issue (myEclipse+Jboss 3.2.5+SQL Server 2000)
Jitendra Kumar wrote: Using the above I simply want to print the records of any table in my SQL Server 2K DB. The problem: I am not able to do the above. I have tried changing some files in Jboss. I have copied some jars of DB Drivers in WEB-INF/lib folder etc. http://www.catb.org/~esr/faqs/smart-questions.html http://www.catb.org/%7Eesr/faqs/smart-questions.html By what mechanism would you expect us to be able to answer this question? Besides the fact that this has absolutely nothing to do with Struts, you have provided essentially zero information that would allow us to even BEGIN to help. Do you get an error? If so, what error? What JARS are you using? How are you accessing the database? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
For sql experts
SELECT DEPTNUM.REF_VALUE, CAMNUM.REF_VALUE, (SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt)) NOTE FROM PARTY_REFERENCE DEPTNUM, PARTY_REFERENCE CAMNUM, PARTY_ASSOC REL WHERE DEPTNUM.PARTY_ID = REL.TO_PARTY_ID AND REL.FROM_PARTY_ID = CAMNUM.PARTY_ID AND DEPTNUM.PARTY_REF_TYPE_CD = 'TYPE1 AND CAMNUM.PARTY_REF_TYPE_CD = 'TYPE2' The problem is the the sub query SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt is not working. My requirement is in the sub query I want to select those notes with last_update_dt is maximun for each party. Any help is appriciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: For sql experts
FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID might have to be... FROM PARTY_NOTE PN1 WHERE PN1.PARTY_ID What happens if you get more than one last_update_dt equal to the maximum? Gluck Jonnalagadda, Sumithra [EMAIL PROTECTED] wrote: SELECT DEPTNUM.REF_VALUE, CAMNUM.REF_VALUE, (SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt)) NOTE FROM PARTY_REFERENCE DEPTNUM, PARTY_REFERENCE CAMNUM, PARTY_ASSOC REL WHERE DEPTNUM.PARTY_ID = REL.TO_PARTY_ID AND REL.FROM_PARTY_ID = CAMNUM.PARTY_ID AND DEPTNUM.PARTY_REF_TYPE_CD = 'TYPE1 AND CAMNUM.PARTY_REF_TYPE_CD = 'TYPE2' The problem is the the sub query SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt is not working. My requirement is in the sub query I want to select those notes with last_update_dt is maximun for each party. Any help is appriciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre.
RE: For sql experts
Try this: SELECT DEPTNUM.REF_VALUE ,CAMNUM.REF_VALUE ,PN1.NOTE_TEXT FROM PARTY_REFERENCE DEPTNUM , PARTY_REFERENCE CAMNUM , PARTY_ASSOC REL , PARTY_NOTE PN1 WHERE DEPTNUM.PARTY_ID = REL.TO_PARTY_ID AND REL.FROM_PARTY_ID = CAMNUM.PARTY_ID AND DEPTNUM.PARTY_REF_TYPE_CD = 'TYPE1' AND CAMNUM.PARTY_REF_TYPE_CD = 'TYPE2' AND PN1.PARTY_ID = DEPTNUM.PARTY_ID AND PN1.last_update_dt = (select max(pn2.last_update_dt) from PARTY_NOTE pn2 WHERE PN1.PARTY_ID = pn2.PARTY_ID) -Original Message- From: ALEX HYDE [mailto:[EMAIL PROTECTED] Sent: Friday, February 03, 2006 10:25 AM To: Struts Users Mailing List Subject: Re: For sql experts FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID might have to be... FROM PARTY_NOTE PN1 WHERE PN1.PARTY_ID What happens if you get more than one last_update_dt equal to the maximum? Gluck Jonnalagadda, Sumithra [EMAIL PROTECTED] wrote: SELECT DEPTNUM.REF_VALUE, CAMNUM.REF_VALUE, (SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt)) NOTE FROM PARTY_REFERENCE DEPTNUM, PARTY_REFERENCE CAMNUM, PARTY_ASSOC REL WHERE DEPTNUM.PARTY_ID = REL.TO_PARTY_ID AND REL.FROM_PARTY_ID = CAMNUM.PARTY_ID AND DEPTNUM.PARTY_REF_TYPE_CD = 'TYPE1 AND CAMNUM.PARTY_REF_TYPE_CD = 'TYPE2' The problem is the the sub query SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID = DEPTNUM.PARTY_ID and max(pn1.last_update_dt is not working. My requirement is in the sub query I want to select those notes with last_update_dt is maximun for each party. Any help is appriciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: Is there a very simple MVC for ASP 2005 w/ a tutorial? Something to show my poor friend about taking SQL out of ASP but very simple.
tia, .V - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT: Is there a very simple MVC for ASP 2005 w/ a tutorial? Something to show my poor friend about taking SQL out of ASP but very simple.
http://opensource2.atlassian.com/confluence/oss/display/IBATIS/Quick+Start+Guide -T. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ot]Date utilitiy to take date String, add a day, and return sql date?
I need to see if anyone has a utility to take a String date, add 1 day, and return a java.sql.Date -- Thanks Mick Knutson (925) 951-4126 HP Consulting Services Safeway (Blackhawk Fastword Project) J2EE Architect --- MMS safeway.com made the following annotations. -- Warning: All e-mail sent to this address will be received by the Safeway corporate e-mail system, and is subject to archival and review by someone other than the recipient. This e-mail may contain information proprietary to Safeway and is intended only for the use of the intended recipient(s). If the reader of this message is not the intended recipient(s), you are notified that you have received this message in error and that any review, dissemination, distribution or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately. == - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [ot]Date utilitiy to take date String, add a day, and return sql date?
Mick Knutson wrote: I need to see if anyone has a utility to take a String date, add 1 day, and return a java.sql.Date I'd probably check out the Calendar class. Dave Newton Technical Lead, MonkeyLips Omnigalgomon Project - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [ot]Date utilitiy to take date String, add a day, and return sql date?
Mick, You can refer following code but still you have to convert the type in the last because this method returns string. public static String addDaysToDate( String strDate, String noofDays, String dateFormat ) throws Exception { Calendar calendar = Calendar.getInstance(); String str_dt = ; SimpleDateFormat formatter = new SimpleDateFormat( dateFormat ); Date input_dt = formatter.parse( strDate ); calendar.setTime( input_dt ); calendar.add( Calendar.DATE, Integer.parseInt( noofDays ) ); Date result_dt = calendar.getTime(); str_dt = formatter.format( result_dt ); return str_dt; } Hope it helps Sunil Dave Newton [EMAIL PROTECTED] 10/17/2005 11:37 PM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject Re: [ot]Date utilitiy to take date String, add a day, and return sql date? Mick Knutson wrote: I need to see if anyone has a utility to take a String date, add 1 day, and return a java.sql.Date I'd probably check out the Calendar class. Dave Newton Technical Lead, MonkeyLips Omnigalgomon Project - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [ot]Date utilitiy to take date String, add a day, and return sql date?
[EMAIL PROTECTED] wrote: [...] public static String addDaysToDate( String strDate, String noofDays, String dateFormat ) throws Exception noofDays? What are those? Days 30 minutes offset from everywhere else? ;-) L. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Validation of input field requires SQL. Better to put it in Form or in Action?
In general, ActionForm validation is limited to the most basic input validation, mostly making sure that incoming strings can be parsed into a specific type. If you need to issue a SQL query to ensure valid data, that sounds like a business logic operation, and probably makes more sense in the Action or even the business layer. -- Jeff On 9/20/05, gollinger [EMAIL PROTECTED] wrote: Hi In my HTML-Form I'm sending a number to a action. If the number is valid will be decided by a sql-query. I'm not sure to put this select in the ActionForms validate method or in the action with a corresponding forward. What would be the better way? Thanks for any opinions! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Validation of input field requires SQL. Better to put it in Form or in Action?
Hi In my HTML-Form I'm sending a number to a action. If the number is valid will be decided by a sql-query. I'm not sure to put this select in the ActionForms validate method or in the action with a corresponding forward. What would be the better way? Thanks for any opinions! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Storing images in SQL BLOBs
Hi all I got my app storing and retrieving images from MySQL database - what a mistake! A simple image of 130k took 8 seconds to appear on the page. This is a huge time to sit and stare at a large blank space on the screen. I can't help thinking that this is a bug (performance problem) somewhere. What could the servlet / database / whatever be doing for such a long time? No need to respond. Kind regards mc FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Storing images in SQL BLOBs
Hi all (Gosh, I'm starting to feel like a regular on this list...) After my experiences below I have rewritten my application to store the images in a local sub-directory, however when I ran this new version the sub-directory was created under the Tomcat/bin directory - not really appropriate. Should I be trying to reference my application directory and store the images under my /WEB-INF directory? Do I have to setup a special directory on the server that can be referenced by Tomcat to serve the images directly? What are others doing? Also, if you are referencing this directory in your application, is it hard-coded or do you have an entry in your 'context.xml'? What sort of entry do you use? Kind regards mc On 7 Sep 2005 at 10:55, Murray Collingwood wrote: Hi all I got my app storing and retrieving images from MySQL database - what a mistake! A simple image of 130k took 8 seconds to appear on the page. This is a huge time to sit and stare at a large blank space on the screen. I can't help thinking that this is a bug (performance problem) somewhere. What could the servlet / database / whatever be doing for such a long time? No need to respond. Kind regards mc FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Storing images in SQL BLOBs
I guess it depends if you are trying to restrict access to these images. To make all images available for anyone, put them into /images, for example. If you want to not allow any direct access to them, you could create a directory under /WEB-INF and put them there. You would then have to create something to serve the images up to browser. Or set up container managed security, put them into /auth/images, then put a security constraint on /auth/images so that only users with the required role is allowed to view the images. Murray Collingwood wrote: Hi all (Gosh, I'm starting to feel like a regular on this list...) After my experiences below I have rewritten my application to store the images in a local sub-directory, however when I ran this new version the sub-directory was created under the Tomcat/bin directory - not really appropriate. Should I be trying to reference my application directory and store the images under my /WEB-INF directory? Do I have to setup a special directory on the server that can be referenced by Tomcat to serve the images directly? What are others doing? Also, if you are referencing this directory in your application, is it hard-coded or do you have an entry in your 'context.xml'? What sort of entry do you use? Kind regards mc -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Storing images in SQL BLOBs
How do I find the path actual path to /images assuming of course that /images is a url reference? Is there something like $STRUTS_ROOT? Kind regards mc On 7 Sep 2005 at 14:50, Jason Lea wrote: I guess it depends if you are trying to restrict access to these images. To make all images available for anyone, put them into /images, for example. If you want to not allow any direct access to them, you could create a directory under /WEB-INF and put them there. You would then have to create something to serve the images up to browser. Or set up container managed security, put them into /auth/images, then put a security constraint on /auth/images so that only users with the required role is allowed to view the images. Murray Collingwood wrote: Hi all (Gosh, I'm starting to feel like a regular on this list...) After my experiences below I have rewritten my application to store the images in a local sub-directory, however when I ran this new version the sub-directory was created under the Tomcat/bin directory - not really appropriate. Should I be trying to reference my application directory and store the images under my /WEB-INF directory? Do I have to setup a special directory on the server that can be referenced by Tomcat to serve the images directly? What are others doing? Also, if you are referencing this directory in your application, is it hard-coded or do you have an entry in your 'context.xml'? What sort of entry do you use? Kind regards mc -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Storing images in SQL BLOBs
Oh right, you need to discover the location automatically. Something like this might work: request.getSession().getServletContext().getRealPath(/images); That should give you the full path to /images. Murray Collingwood wrote: How do I find the path actual path to /images assuming of course that /images is a url reference? Is there something like $STRUTS_ROOT? Kind regards mc On 7 Sep 2005 at 14:50, Jason Lea wrote: I guess it depends if you are trying to restrict access to these images. To make all images available for anyone, put them into /images, for example. If you want to not allow any direct access to them, you could create a directory under /WEB-INF and put them there. You would then have to create something to serve the images up to browser. Or set up container managed security, put them into /auth/images, then put a security constraint on /auth/images so that only users with the required role is allowed to view the images. Murray Collingwood wrote: Hi all (Gosh, I'm starting to feel like a regular on this list...) After my experiences below I have rewritten my application to store the images in a local sub-directory, however when I ran this new version the sub-directory was created under the Tomcat/bin directory - not really appropriate. Should I be trying to reference my application directory and store the images under my /WEB-INF directory? Do I have to setup a special directory on the server that can be referenced by Tomcat to serve the images directly? What are others doing? Also, if you are referencing this directory in your application, is it hard-coded or do you have an entry in your 'context.xml'? What sort of entry do you use? Kind regards mc -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- Jason Lea
Re: Storing images in SQL BLOBs
Thanks Jason I'm having a strange issue with serving up these images. I'm getting a socket write error from the following code. There are 3 images, the details follow the code. The first two images appear, the third fails to appear. response.setContentLength((int) f.length()); response.setContentType(application/x-file-download); response.setHeader(Content-disposition, attachment; filename= + name ); System.err.println( + response.toString()); FileInputStream fis = new FileInputStream(f); ServletOutputStream sos = response.getOutputStream(); byte[] buffer = new byte[32768]; int n = 0; int x = 0; while ((n = fis.read(buffer)) != -1) { System.err.println( x = + x++ + n = + n); sos.write(buffer, 0, n); } fis.close(); sos.flush(); } catch (Exception e) { System.err.println( Error serving image: + request.getParameter(local)); e.printStackTrace(); } Image 1 bytes: 7734 Image 2 bytes: 79279 Image 3 bytes: 2871052 (image called 2_another quite night on tour.tif) The generated log file: [EMAIL PROTECTED] x = 0 n = 7734 [EMAIL PROTECTED] x = 0 n = 32768 x = 1 n = 32768 [EMAIL PROTECTED] x = 0 n = 32768 x = 1 n = 32768 x = 2 n = 32768 x = 3 n = 32768 x = 4 n = 32768 x = 5 n = 32768 x = 6 n = 32768 x = 7 n = 32768 x = 8 n = 32768 x = 9 n = 32768 x = 2 n = 13743 x = 10 n = 32768 Error serving image: 2_another quite night on tour.tif ClientAbortException: java.net.SocketException: Connection reset by peer: socket write error at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:366) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:323) at org.apache.catalina.connector.OutputBuffer.writeBytes(OutputBuffer.java:392) at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:381) at org.apache.catalina.connector.CoyoteOutputStream.write(CoyoteOutputStream.java:76 ) at com.bpx.website.controller.action.Image.execute(Image.java:54) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.ja va:419) Appreciate any help. Kind regards mc On 7 Sep 2005 at 15:33, Jason Lea wrote: Oh right, you need to discover the location automatically. Something like this might work: request.getSession().getServletContext().getRealPath(/images); That should give you the full path to /images. Murray Collingwood wrote: How do I find the path actual path to /images assuming of course that /images is a url reference? Is there something like $STRUTS_ROOT? Kind regards mc On 7 Sep 2005 at 14:50, Jason Lea wrote: I guess it depends if you are trying to restrict access to these images. To make all images available for anyone, put them into /images, for example. If you want to not allow any direct access to them, you could create a directory under /WEB-INF and put them there. You would then have to create something to serve the images up to browser. Or set up container managed security, put them into /auth/images, then put a security constraint on /auth/images so that only users with the required role is allowed to view the images. Murray Collingwood wrote: Hi all (Gosh, I'm starting to feel like a regular on this list...) After my experiences below I have rewritten my application to store the images in a local sub-directory, however when I ran this new version the sub-directory was created under the Tomcat/bin directory - not really appropriate. Should I be trying to reference my application directory and store the images under my /WEB-INF directory? Do I have to setup a special directory on the server that can be referenced by Tomcat to serve the images directly? What are others doing? Also, if you are referencing this directory in your application, is it hard-coded or do you have an entry in your 'context.xml'? What sort of entry do you use? Kind regards mc -- Jason Lea - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/91 - Release Date: 6/09/2005 FOCUS Computing Mob: 0415 24 26 24 [EMAIL PROTECTED] http://www.focus-computing.com.au -- Jason Lea FOCUS Computing Mob: 0415 24 26 24
Re: Storing images in SQL BLOBs
On Wed, 2005-09-07 at 14:16 +1000, Murray Collingwood wrote: Thanks Jason I'm having a strange issue with serving up these images. I'm getting a socket write error from the following code. There are 3 images, the details follow the code. The first two images appear, the third fails to appear. From the error it looks like the browser has decided to close the connection in the middle for some reason. It could be for various reasons - like timeout or a bug or it decides that it can't handle the file type. You should accommodate for this error anyway because even when everything is dandy the network or the client may go down at any stage. What do you see on the browser's side? Can you try using wget/curl instead of a web browser? Cheers, --Amos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to pass sql variable from jsp to Action?
I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to pass sql variable from jsp to Action?
I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳場 [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated.
AW: How to pass SQL variable from JSP to Action?
Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳場 [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to pass SQL variable from JSP to Action?
Richard Are you suggesting something like Hibernate or iBatis? Daniel 2005/9/1, R. Markham [EMAIL PROTECTED]: Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳�� [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to pass SQL variable from JSP to Action?
No he is saying don’t look up data in a JSP. Look it up in a Struts action and place in the presentation layer via an ActionForm etc before showing the JSP -Original Message- From: ??? [mailto:[EMAIL PROTECTED] Sent: 01 September 2005 15:09 To: Struts Users Mailing List Subject: Re: How to pass SQL variable from JSP to Action? Richard Are you suggesting something like Hibernate or iBatis? Daniel 2005/9/1, R. Markham [EMAIL PROTECTED]: Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳�� [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to pass SQL variable from JSP to Action?
Thanks 2005/9/1, Mark Benussi [EMAIL PROTECTED]: No he is saying don't look up data in a JSP. Look it up in a Struts action and place in the presentation layer via an ActionForm etc before showing the JSP -Original Message- From: ??? [mailto:[EMAIL PROTECTED] Sent: 01 September 2005 15:09 To: Struts Users Mailing List Subject: Re: How to pass SQL variable from JSP to Action? Richard Are you suggesting something like Hibernate or iBatis? Daniel 2005/9/1, R. Markham [EMAIL PROTECTED]: Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳�� [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to pass SQL variable from JSP to Action?
After 2nd thought, what if I want to display a no of lines which are actually links html:link. How can it be done with selecting data in Action via ActionForm and displaying them by jsp? 2005/9/1, Mark Benussi [EMAIL PROTECTED]: No he is saying don't look up data in a JSP. Look it up in a Struts action and place in the presentation layer via an ActionForm etc before showing the JSP -Original Message- From: ??? [mailto:[EMAIL PROTECTED] Sent: 01 September 2005 15:09 To: Struts Users Mailing List Subject: Re: How to pass SQL variable from JSP to Action? Richard Are you suggesting something like Hibernate or iBatis? Daniel 2005/9/1, R. Markham [EMAIL PROTECTED]: Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳�� [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to pass SQL variable from JSP to Action?
I just read the Struts user guide again. Is it the right track to go? In Action: ResultSet rs = ...; ResultSetDynaClass rsdc = new ResultSetDynaClass(rs); Iterator rows = rsdc.iterator(); while (rows.hasNext()) { DynaBean row = (DynaBean) rows.next(); ... process this row ... } rs.close(); In JSP: logic-el:iterate name=stringbean property=stringArray id=foo indexId=ctr html-el:text name=stringbean property=labelValue[${ctr}].label / /logic-el:iterate 2005/9/2, 梁炳�� [EMAIL PROTECTED]: After 2nd thought, what if I want to display a no of lines which are actually links html:link. How can it be done with selecting data in Action via ActionForm and displaying them by jsp? 2005/9/1, Mark Benussi [EMAIL PROTECTED]: No he is saying don't look up data in a JSP. Look it up in a Struts action and place in the presentation layer via an ActionForm etc before showing the JSP -Original Message- From: ??? [mailto:[EMAIL PROTECTED] Sent: 01 September 2005 15:09 To: Struts Users Mailing List Subject: Re: How to pass SQL variable from JSP to Action? Richard Are you suggesting something like Hibernate or iBatis? Daniel 2005/9/1, R. Markham [EMAIL PROTECTED]: Hallo Nobody(??) It is bad practice to put SQL Statement in a JSP page. Regards Richard Markham -Ursprüngliche Nachricht- Von: ??? [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. September 2005 05:30 An: Struts Users Mailing List Betreff: Re: How to pass sql variable from jsp to Action? I wonder if it is a proper way to do it because the 1st query displays a no of rows with different group ids. Can the html:link pass a value to Action? If it can, it is excellent. Should it be done like this? change the layout from a no of links html:link to a no of forms html:form In each form, it has hidden value of group id. How will you do this? Thank you very much for your help. 2005/9/1, 梁炳�� [EMAIL PROTECTED]: I retrieve a group id by JSP. sql:query ...SELECT group_id../ When user clicks a link html:link .../ Before another page is shown, in my struts-config.xml, I try to make a ActionForward function to capture the group_id and then update a session attribute . Then the resulting jsp is like this sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? / Is this a proper way to do this? I do not know how to write in the Action class so that it can retrieve the sql value from the passing in jsp file. Your help is very much appreicated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
Erik Weber wrote: As far as the implementation goes, there is no reason to be scared of switches and loops. (But favor polymorphism/virtual functions over a giant loop.) However, you should get rid of all those concat operators and use StringBuffer.append instead. The performance will improve significantly. thanks Eric polymorphism - that was the word I needed :-) now google can help me ... -- Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
is there a better way of creating SQL queries from form objects ?
Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); -- Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: is there a better way of creating SQL queries from form objec ts ?
Sean, Have you thought about constructing a DAO/Adapater object that receives your input, and then does the notorious SQL-string building on the inside? If you cannot get the elegant solution, you should at least make it appear elegant by wrapping it inside of the DAO layer. -Original Message- From: Sean Burlington [mailto:[EMAIL PROTECTED] Sent: Monday, May 09, 2005 10:38 AM To: Struts Users Mailing List Subject: is there a better way of creating SQL queries from form objects ? Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); -- Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Notice: This e-mail message, together with any attachments, contains information of Merck Co., Inc. (One Merck Drive, Whitehouse Station, New Jersey, USA 08889), and/or its affiliates (which may be known outside the United States as Merck Frosst, Merck Sharp Dohme or MSD and in Japan, as Banyu) that may be confidential, proprietary copyrighted and/or legally privileged. It is intended solely for the use of the individual or entity named on this message. If you are not the intended recipient, and have received this message in error, please notify us immediately by reply e-mail and then delete it from your system. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
Look into using iBATIS http://www.ibatis.com. It's easy to use and will handle this kind of dynamic SQL very nicel (the PDF instruction manual is nice. Look at the SQL Maps documentatoin under Dynamic Mapped Statements.) Sean Burlington wrote the following on 5/9/2005 10:37 AM: Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); -- Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objec ts ?
Benedict, Paul C wrote: Sean, Have you thought about constructing a DAO/Adapater object that receives your input, and then does the notorious SQL-string building on the inside? If you cannot get the elegant solution, you should at least make it appear elegant by wrapping it inside of the DAO layer. yes - I've done that bit :-) I'm a solo in-house programmer and sometimes I worry that I'm doing things like this badly. your comment notorious SQL-string building makes me think maybe I'm not doing so bad and that this is just a pain Cheers for the advice -- Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
Rick Reumann wrote: Look into using iBATIS http://www.ibatis.com. It's easy to use and will handle this kind of dynamic SQL very nicel (the PDF instruction manual is nice. Look at the SQL Maps documentatoin under Dynamic Mapped Statements.) that's a bigger change in coding than I was thinking of ... but interesting - what advantages does this have over hibernate ? -- Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
As far as the implementation goes, there is no reason to be scared of switches and loops. (But favor polymorphism/virtual functions over a giant loop.) However, you should get rid of all those concat operators and use StringBuffer.append instead. The performance will improve significantly. Erik Sean Burlington wrote: Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
Erik Weber wrote: As far as the implementation goes, there is no reason to be scared of switches and loops. (But favor polymorphism/virtual functions over a giant loop.) Sorry, I meant over a giant switch, not loop! However, you should get rid of all those concat operators and use StringBuffer.append instead. The performance will improve significantly. Erik Sean Burlington wrote: Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is there a better way of creating SQL queries from form objects ?
Hi Sean, iBatis works like a charm for what you're describing. You don't have to learn a new language. Just use SQLMaps and you're done. Good Luck. Aladin Sean Burlington wrote: Hi all, this is such a common problem that I'm sure there must be loads of advice on how to deal with it - I just can't find it. I have a database containing many records Searches can be performed on several text fields - and refined by boolean fields. The html form thus consist of several text inputs and several checkboxes. Only one text box should ever be filled in. I can work out the resultant sql query by using lots of if statements as below but it just doesn't seem very elegant ... I could also break the search down into several forms and so different actions - but this seems overly complex. String query = select order from po where; String searchTerm = ; if (!.equals(search.getCode())){ query += code=?; searchTerm = search.getCode(); } else if (!.equals(search.getParish())){ query += parish=?; searchTerm = search.getParish(); } else if (!.equals(search.getDetails())){ query += details=?; searchTerm = search.getDetails(); } if (search.isActiveMods()){ query += and active; } if (search.isActiveReclass()){ query += and reclass; } PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, searchTerm); - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] How to transpose a table in MS SQL Server 2000
So, I have the following table: id month val1val2total 1 jan 1 2 3 2 feb 3 4 7 And I'd like it transformed to: ID VAL COL1COL2 1 month jan feb 2 val11 3 3 val22 4 4 total 3 7 I'm guessing that it's possible, as I've seen variants of this type of tranformation. I have googled this, but the solutions (I've found) are considerably more complicated and revolve around summing/aggregating, when I just need to change the structure of the results. Has anybody seen a solution that fits this problem? Thanks, Dennis [EMAIL PROTECTED] 04/08/2005 09:26 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject [OT] RE: concurrency problem As I hit the send button, something tickled in the back of my mind, and I began to remember that the spec forbids thread primitiives on bean methods and that the EJB container is responsible for handling concurrent access. Sounds like your provider might have a defect. Dennis [EMAIL PROTECTED] 04/08/2005 09:13 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject RE: concurrency problem You're synchronizing on an object which is unique for each user, which might explain why more than 1 thread can concurrently enter the critsec. Wouldn't a better solution be to declare the method as synchronized? Dennis Kalra, Ashwani [EMAIL PROTECTED] 04/08/2005 08:53 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject RE: concurrency problem Isnt that valid when request is going to same action. In my scenario, different actions are invoked quickly and all the actions have this call to SFSB. Which I want to synchronise Thanks Regds Ashwani Ext: 1860 -Original Message- From: James Mitchell [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 6:04 PM To: Struts Users Mailing List Subject: Re: concurrency problem You'd be better off implementing token processing. Struts includes token generation and helper methods to ensure only one valid request is handled at a time. Look at the struts example application (mailreader) for an example. For detailed info on why this pattern works, see: http://www.amazon.com/exec/obidos/tg/detail/-/0201634988/ref=l pr_g_1/102-8250064-5792120?v=glances=books -- James Mitchell Software Engineer / Open Source Evangelist Consulting / Mentoring / Freelance EdgeTech, Inc. 678.910.8017 AIM: jmitchtx Yahoo: jmitchtx MSN: [EMAIL PROTECTED] - Original Message - From: Kalra, Ashwani [EMAIL PROTECTED] To: Struts (E-mail) user@struts.apache.org Sent: Friday, April 08, 2005 7:10 AM Subject: concurrency problem I am facing concurrency problem in following scenario. All our action classes call same stateful session bean . Each action class obtains the reference from HTTPSession object and calls one and only one business method. To prevent the concurrent access to this instance which occurs when user immediately presses two links quickly in succession I am using the following code block execute(...) //execute methods of Action class { //Obtain the session from Request.User will always be in session here session=request.getSession() Synchronised(session) { //call ejb's business method. } } However sometimes more than one thread is able to pass through, And I get exception from Appserver. As 2 threads are not allowed for statefull Session bean. Can there be problem in above code. Is it ok to synchronise on session object. Thanks Regds Ashwani Ext: 1860 This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error,
RE: [OT] How to transpose a table in MS SQL Server 2000
I don't 100% understand your tables. Where does ID come from (the values 1 2 exist in the first view, but 1,2,3,4 in the second). Are the totals derived? Give me the SQL for the first view and I'll have a look. Paul -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 08 April 2005 14:46 To: Struts Users Mailing List Subject: [OT] How to transpose a table in MS SQL Server 2000 So, I have the following table: id month val1val2total 1 jan 1 2 3 2 feb 3 4 7 And I'd like it transformed to: ID VAL COL1COL2 1 month jan feb 2 val11 3 3 val22 4 4 total 3 7 I'm guessing that it's possible, as I've seen variants of this type of tranformation. I have googled this, but the solutions (I've found) are considerably more complicated and revolve around summing/aggregating, when I just need to change the structure of the results. Has anybody seen a solution that fits this problem? Thanks, Dennis [EMAIL PROTECTED] 04/08/2005 09:26 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject [OT] RE: concurrency problem As I hit the send button, something tickled in the back of my mind, and I began to remember that the spec forbids thread primitiives on bean methods and that the EJB container is responsible for handling concurrent access. Sounds like your provider might have a defect. Dennis [EMAIL PROTECTED] 04/08/2005 09:13 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject RE: concurrency problem You're synchronizing on an object which is unique for each user, which might explain why more than 1 thread can concurrently enter the critsec. Wouldn't a better solution be to declare the method as synchronized? Dennis Kalra, Ashwani [EMAIL PROTECTED] 04/08/2005 08:53 AM Please respond to Struts Users Mailing List user@struts.apache.org To Struts Users Mailing List user@struts.apache.org cc Subject RE: concurrency problem Isnt that valid when request is going to same action. In my scenario, different actions are invoked quickly and all the actions have this call to SFSB. Which I want to synchronise Thanks Regds Ashwani Ext: 1860 -Original Message- From: James Mitchell [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 6:04 PM To: Struts Users Mailing List Subject: Re: concurrency problem You'd be better off implementing token processing. Struts includes token generation and helper methods to ensure only one valid request is handled at a time. Look at the struts example application (mailreader) for an example. For detailed info on why this pattern works, see: http://www.amazon.com/exec/obidos/tg/detail/-/0201634988/ref=l pr_g_1/102-8250064-5792120?v=glances=books -- James Mitchell Software Engineer / Open Source Evangelist Consulting / Mentoring / Freelance EdgeTech, Inc. 678.910.8017 AIM: jmitchtx Yahoo: jmitchtx MSN: [EMAIL PROTECTED] - Original Message - From: Kalra, Ashwani [EMAIL PROTECTED] To: Struts (E-mail) user@struts.apache.org Sent: Friday, April 08, 2005 7:10 AM Subject: concurrency problem I am facing concurrency problem in following scenario. All our action classes call same stateful session bean . Each action class obtains the reference from HTTPSession object and calls one and only one business method. To prevent the concurrent access to this instance which occurs when user immediately presses two links quickly in succession I am using the following code block execute(...) //execute methods of Action class { //Obtain the session from Request.User will always be in session here session=request.getSession() Synchronised(session) { //call ejb's business method. } } However sometimes more than one thread is able to pass through, And I get exception from Appserver. As 2 threads are not allowed for statefull Session bean. Can there be problem in above code. Is it ok to synchronise on session object. Thanks Regds Ashwani Ext: 1860 This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute