Thanks -----Ursprüngliche Nachricht----- Von: Ilya A. Kriveshko [mailto:ilya@;kaon.com] Gesendet: Mittwoch, 13. November 2002 18:25 An: [EMAIL PROTECTED] Betreff: Re: AW: esql / xsp <- query for date
Please, read the recent SQL injection thread: your query is vulnerable. Use <esql:parameter> to secure it: <esql:query> select * from IDM_info where Info_datum = #<esql:parameter><xsp-request:get-parameter name="date"/></esql:parameter># </esql:query -- Ilya Scherler, Thorsten wrote: >Hello Cedric, > ><By this, I mean that if Info_datum is '11/11/2002 <17:12:05.000', it will not equal >'11/11/2002 00:00:00.000' <which is the date you are passing as argument. > ><How to actually narrow the date depends on the type of <database you are using in >the background. > >So for ODBC Access 97 u have to use ## to narrow the date, right! > >because: ><esql:query> >select * from IDM_info where Info_datum = #<xsp-request:get-parameter name="date"/># > ></esql:query > >is working fine! > >Thanks a lot for the hint! > >Good luck, >Cedric > >-----Original Message----- >From: Scherler, Thorsten [mailto:Thorsten.Scherler@;weidmueller.de] >Sent: 13 November 2002 17:09 >To: [EMAIL PROTECTED] >Subject: AW: esql / xsp <- query for date > > >Jepp! > >That way I don't an error but neither any result! > >-----Ursprüngliche Nachricht----- >Von: Cedric Picard [mailto:C.Picard@;kainos.com] >Gesendet: Mittwoch, 13. November 2002 18:03 >An: [EMAIL PROTECTED] >Betreff: RE: esql / xsp <- query for date > > >Have you tried '11/11/2002' instead? > >I would expect esql to use a Java Date class to wrap the date string into a Date >object, which is then converted to the format used in the database by the JDBC driver. > >Cedric > >-----Original Message----- >From: Scherler, Thorsten [mailto:Thorsten.Scherler@;weidmueller.de] >Sent: 13 November 2002 17:00 >To: Cocoon-Users (E-Mail) >Subject: esql / xsp <- query for date > > >Hello group, > >I have a big problem! > >I want to do the following: > >I have a query on a database. It is working fine! > >I can do the following with every field but the date: >e.g. >http//...?id=1 > >but as soon as I but ?date='11.11.2002' > >it blows! > >So trying the following blows it too: ><esql:query> >select * from IDM_info where Info_datum = '11.11.02' </esql:query> > >My db is access 97 but that should be ok because I use the odbc:jdbc - bridge. > >So how can I get all data where the date is e.g. 13.11.2002? > > > >>Mit freundlichem Gruss, >> >>Thorsten Scherler >>Marketing / Telefonmarketing >> >>Weidmüller GmbH & Co. >>P.O. Box 2807 >>33058 Paderborn >>Tel.:+ 49 - 5252-960-350 >>Fax:+ 49 - 5252-960-116 >>eMail: [EMAIL PROTECTED] http://www.weidmueller.de >> >> >> >> > >--------------------------------------------------------------------- >Please check that your question has not already been answered in the >FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > >To unsubscribe, e-mail: <[EMAIL PROTECTED]> >For additional commands, e-mail: <[EMAIL PROTECTED]> > > > >-- > >This e-mail is confidential and is intended for the named recipient only. If you >receive it in error please destroy the message and all copies. Kainos Software Ltd. >does not accept liability for damage sustained as a result of malicious software >(e.g. viruses). Kainos does not accept liability for, or permit, the creation of >contracts on its behalf by e-mail, the publication of any defamatory statement by its >employees by e-mail, or changes subsequently made to the original message. The >Company's registered office is located at 4-6 Upper Crescent, Belfast, BT7 1NT, >Northern Ireland, Tel +44 28 9057 1100. > >--------------------------------------------------------------------- >Please check that your question has not already been answered in the >FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > >To unsubscribe, e-mail: <[EMAIL PROTECTED]> >For additional commands, e-mail: <[EMAIL PROTECTED]> > > >--------------------------------------------------------------------- >Please check that your question has not already been answered in the >FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > >To unsubscribe, e-mail: <[EMAIL PROTECTED]> >For additional commands, e-mail: <[EMAIL PROTECTED]> > > > >-- > >This e-mail is confidential and is intended for the named recipient only. If >you receive it in error please destroy the message and all copies. Kainos >Software Ltd. does not accept liability for damage sustained as a result of >malicious software (e.g. viruses). Kainos does not accept liability for, or >permit, the creation of contracts on its behalf by e-mail, the publication of >any defamatory statement by its employees by e-mail, or changes subsequently >made to the original message. The Company's registered office is located at >4-6 Upper Crescent, Belfast, BT7 1NT, Northern Ireland, Tel +44 28 9057 1100. > >--------------------------------------------------------------------- >Please check that your question has not already been answered in the >FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > >To unsubscribe, e-mail: <[EMAIL PROTECTED]> >For additional commands, e-mail: <[EMAIL PROTECTED]> > > >--------------------------------------------------------------------- >Please check that your question has not already been answered in the >FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> > >To unsubscribe, e-mail: <[EMAIL PROTECTED]> >For additional commands, e-mail: <[EMAIL PROTECTED]> > > > > --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]> --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html> To unsubscribe, e-mail: <[EMAIL PROTECTED]> For additional commands, e-mail: <[EMAIL PROTECTED]>