Christian Haul [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 06, 2002 4:28 PM
To: [EMAIL PROTECTED]
Subject: Re: Request parameters for SQL arguments
On 06.Dec.2002 -- 04:13 PM, [EMAIL PROTECTED] wrote:
> I use ESQL, the beginning of my page is like this : type="xsp"?>
>
&g
On 06.Dec.2002 -- 04:13 PM, [EMAIL PROTECTED] wrote:
> I use ESQL, the beginning of my page is like this :
>
>
>
> http://apache.org/xsp";
>xmlns:esql="http://apache.org/cocoon/SQL/v2";>
>
>
>
> personnel
>
>
OTECTED] [mailto:[EMAIL PROTECTED]]
Gesendet: Freitag, 6. Dezember 2002 16:04
An: [EMAIL PROTECTED]
Betreff: RE: Request parameters for SQL arguments
If I write :
select * From AllTask Where wfID=1
It's alright, but when I write:
select * From AllTask Where wfID= Then I get following error: &quo
If I write :
select * From AllTask Where wfID=1
It's alright, but when I write:
select * From AllTask Where wfID=
Then I get following error:
"typeStatus report
message
descriptionThe requested resource () is not available."
Do I have to add something in my pipeline?
On 06.Dec.2002 -- 03:47 PM, Scherler, Thorsten wrote:
> Sorry, that is much better (use ):
>
> select * From AllTask Where wfID=name="myID"/>
Please imagine what happens if myID evaluates to "; update AllTasks set done = 1; --"
IOW you should use around it to have esql use a PreparedStatement.
