Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of SQL
execution) and return a true/false if it passes the test?
I have about 100+ forms
Use Filter
On 3/22/2013 7:36 PM, J.V. wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
(with regards to the form field only, irrespective of the method of
SQL execution) and return a true/false
If you use JDBC prepared statements, you will not have to worry about SQL
injection.
Paul
On Fri, Mar 22, 2013 at 6:36 PM, J.V. jvsr...@gmail.com wrote:
Does anyone out there have a method I could use to pass a form field
variable that would check for all known SQL injection vulnerabilities
-released-now-with-support-for-Oracle-Sybase-and-MS-SQL-Server-tp5710530p5710540.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e
Hello Bruce. Thanks for writing, and thanks for trying Struts2Builder.
It worked well generating a complete Struts 2 CRUD web application. I
used on
Mac OS 10.8.1 and with MySQL.
That's good to hear. I am glad you got it working on Mac. I have not
tested it there, and I haven't heard of
I'd like to make sure we don't turn the list into a Struts2Builder forum.
Thomas wrote:
Bruce wrote:
Also why cannot the maven compiler settings be set to generate Java 1.6
instead of Java 1.5?
I just didn't see a reason to do so, since EE 1.5 is still prevalent in
the world.
JEE
Greetings all.
Struts2Builder version 0.5.0 has been released.
Struts2Builder is a Java code generation system that can automatically
build a real, live, functioning Struts2 / Hibernate / Spring system for any
existing Oracle, MySQL, PostgreSQL, Microsoft SQL Server, or Sybase
database
Hi,
I am trying to generate SQL query using session.createSQLQuery and
returning the list object..This select query contains joins and so it cannot
be mapped to any of my model objects.How can I now get the values in my jsp
page using iterator tag in Struts 2...
Please help me on this
Many
What does having joins have to do with not being able to map to your data
model?
Dave
On Feb 17, 2011 8:43 PM, Jerson John jer...@cprvision.com wrote:
Hi,
I am trying to generate SQL query using session.createSQLQuery and
returning the list object..This select query contains joins and so
in properties.Please advice me a approach
for thisThanks in advance
Many Thanks and Regards,
Jerson
-Original Message-
From: Dave Newton [mailto:davelnew...@gmail.com]
Sent: Friday, February 18, 2011 10:34 AM
To: Struts Users Mailing List
Subject: Re: generate SQL Hibernate Query using session
couldn't find any
Thanks in advance
Many Thanks and Regards,
Jerson
From: Jerson John [mailto:jer...@cprvision.com]
Sent: Friday, February 18, 2011 10:53 AM
To: 'Struts Users Mailing List'
Subject: RE: generate SQL Hibernate Query using session
Hi,
Thanks for your reply.
Actually I am bit
I think you may use the Composite Class in Hibernate.
Query q = session.createQuery
( select new NewCompositeClass(members, classInfo.className) +
from Members members, ClassInfo classInfo +
where members.level = classInfo.classCode );
and you need a class:NewCompositeClass.java
Jerson -
What I would likely suggest you consider is creating a DTO object that
resembles your result from the SQLQuery. You can then use one of the
stock Hibernate Transformers to convert the SQL results into instances
of this DTO Bean and then you can return the beans to your view to
iterate
Users Mailing List
Subject: RE: generate SQL Hibernate Query using session
Jerson -
What I would likely suggest you consider is creating a DTO object that
resembles your result from the SQLQuery. You can then use one of the
stock Hibernate Transformers to convert the SQL results into instances
CPR Vision - Nominated finalist for CRM, Marketing Loyalty Agency of the
Year Award - Organized by Marketing Magazine
-Original Message-
From: CRANFORD, CHRIS [mailto:chris.cranf...@setech.com]
Sent: Friday, February 18, 2011 11:23 AM
To: Struts Users Mailing List
Subject: RE: generate SQL
Hi,
Do we have any special technique in Struts for preventing sql injection, i
know we can prevent it via parameterized query , but my application design
do not permit so,
So can anyone here help me on this, i need a function whom if i pass a
value, it becomes sql injection safe.,
Pl. help
Hello,
As far as I know there is nothing in struts to prevent SQL injection. And
that should be done at the database level, so it is not related to Struts.
Also there is no simple way of making parameters sql injection safe. You
can take a look at
http://www.owasp.org/index.php
use hibernate its definitely worth trying.
the SQL queries can be parameterised and the parameter names can refer to
fields in an object, it handles the escaping of values to be sql safe.
From: gustavo.felisbe...@wit-software.com
To: user
Your trouble is here:
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID =
+ UserID;
When you call prepareStatement(sql) the sql string is sent to the database
which prepares it (essentially does all the steps neccessary
dear all
I've written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID =
+ UserID;
pstmtname.setString(1, 123456);
pstmtname.executeQuery();
there is no error appear
hi Nguyen Xuan Son
use
pstmtname.executeQuery() instead of pstmtname.executeQuery();
On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote:
dear all
I've written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql
written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
ROW_ID
=
+ UserID;
pstmtname.setString(1, 123456);
pstmtname.executeQuery();
there is no error appear
of pstmtname.executeQuery();
On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com wrote:
dear all
I've written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET
= null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
ROW_ID
=
+ UserID;
pstmtname.setString(1, 123456);
pstmtname.executeQuery();
there is no error appear
();
On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son yama...@gmail.com
wrote:
dear all
I've written
Connection conn = null;
PreparedStatement pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE
Move your sql before the prepared statement.
Sql = sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ?
WHERE ROW_ID = ?;
pstmtname = conn.prepareStatement(sql);
pstmtname.setString(1, 123456);
pstmtname.setString(2, UserID);
pstmtname.executeQuery();
This will work for sure... BTB
pstmtname = null;
pstmtname = conn.prepareStatement(sql);
sql = UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID
=
+ UserID;
pstmtname.setString(1, 123456);
pstmtname.executeQuery();
there is no error appear but nothing is changed in the database
do you have any
Here's a Friday discussion.
As an application developer, I can write SQL pretty well, but I wouldn't say
that I'm an expert. My last project I did run into some design and
architecture issues that needed a little bit of reworking and
refactoring. To help avoid this, I want to get better
If you have the code in a workable configuration, you can test it
easily with a SQL query job using SLAMD (http://slamd2.dev.java.net).
This generate load that may point to indexing problems and other
performance-related problems.
On Jun 19, 2009, at 11:16 AM, Edward Song wrote:
Here's
information about the production
usage situation before tuning it.
John
On Fri, Jun 19, 2009 at 11:16 AM, Edward Song edward.s...@nuhorizons.comwrote:
Here's a Friday discussion.
As an application developer, I can write SQL pretty well, but I wouldn't
say
that I'm an expert. My last project
Hello,
I'm beginning wity Struts and I found the samples very useful, expecially
the app struts2-showcase-2.0.11.2.war.
But I'd need other sample to begin my own to make my owns aplications.
¿Is there any sample of struts2 with mysql?
¿Can anyone send my an url?
Thanks in advance.
Carlos
:16 PM
To: user@struts.apache.org
Subject: Dummy example Struts 2.0 - My Sql
Hello,
I'm beginning wity Struts and I found the samples very useful, expecially
the app struts2-showcase-2.0.11.2.war.
But I'd need other sample to begin my own to make my owns aplications.
¿Is there any sample of struts2
Message-
From: Carlos Iglesias [mailto:[EMAIL PROTECTED]
Sent: Wednesday, November 26, 2008 3:16 PM
To: user@struts.apache.org
Subject: Dummy example Struts 2.0 - My Sql
Hello,
I'm beginning wity Struts and I found the samples very useful, expecially
the app struts2-showcase-2.0.11.2.war
I will be out of the office, and mostly without email access, until Dec 1.
Please contact the One World office, 605-845-7172, with any general needs, and
Danny Nickels, [EMAIL PROTECTED], at the same number, for any technical or
integration issues.
If this is an emergency, please feel free to
Hi!!
I know this is not struts question but I don't know this term so I cannot
search the internet fot it.
Two users are seeing the same page (data from database), and both of them
are editing the same
piece of data however, the other user submits the changes (update/delete)
first.
I need to
Optimistic locking will give you some information. One way to do
this is to have a column in your database table that denotes a version
number, which is incremented every time the row changes. Include that
value in your form, and then you will be able compare the form version
to the database
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from entering malicious SQL
into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote. It is,
hoever unlikely
Does anyone have a great solution for a validator that will prevent users from
entering malicious SQL into form entry text fields?
Thx.
Mike
Get easy, one-click access to your favorites.
Make Yahoo
and return error if (AND / OR / == ) or any possible SQLInjections are found
http://www.acunetix.com/websitesecurity/sql-injection2.htm
XSS Scripting
solution might use
JS Validator to scan for html tags in the input form or table or input comes
to mind
but just in case JS validatpr passes
=0postorder=asc
And page 16 of the following link:
http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf
Thx.
Mike
--- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote:
From: Antonio Petrelli [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL
Dave Newton wrote:
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from entering malicious SQL
into form entry text fields?
I'm not sure that belongs in a validator; unless you
never need to allow the use of a single quote
No matter where this is done, the basic problem is we have single quotes,
double quotes, ampersands, semicolons, and parenthesis in our data.
After Googleing on this topic for an hour or so I do not see an elegant
solution, other than possibly filtering on SQL key words (DROP, ALTER, etc
Hi Mike.
my comments below.
Mike Duffy wrote:
Thx Gary.
That is good information.
We are actually using JBoss with EJB 3.0, which uses Hibernate under
the covers, so I am assuming we are covered.
Not that sure.. if your DAO uses SQL strings in the queries (Hibernate
lets you do
2007/11/15, Mike Duffy [EMAIL PROTECTED]:
No matter where this is done, the basic problem is we have single quotes,
double quotes, ampersands, semicolons, and parenthesis in our data.
This may be off topic, but does not is suffice to use prepared
statement and parameters to avoid such attacks?
a query dinamically, with a variable number of parameters.
In the PDF you sent, there is this sentence:
snip
SQL Statements using bind variables are generally immune to SQL
Injection attacks as the Oracle
database will use the value of the bind variable exclusively and not
interpret the contents
to Prevent SQL Injection Attacks
To: Struts Users Mailing List user@struts.apache.org
Cc: [EMAIL PROTECTED]
Date: Thursday, November 15, 2007, 11:13 AM
Dave Newton wrote:
--- Mike Duffy [EMAIL PROTECTED] wrote:
Does anyone have a great solution for a validator
that will prevent users from
Thx.
Mike
--- On Thu, 11/15/07, Antonio Petrelli [EMAIL PROTECTED] wrote:
From: Antonio Petrelli [EMAIL PROTECTED]
Subject: Re: Struts Validator to Prevent SQL Injection Attacks
To: Struts Users Mailing List user@struts.apache.org, [EMAIL PROTECTED]
Date: Thursday, November 15, 2007
Hi all,
In my web application I want to put current date into the header segment of
each page. And I want that the date should come from the database. How can I
achieve this using jstl 1.1 sql tags. Can anybody provide me a code snippet
that I can put in my jsp page?
Thank you.
_
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 3:16 PM
To: 'user@struts.apache.org'
Subject: using jstl sql tags for displaying date from database
Hi all,
In my web application I want to put current date into the header segment of
each page
--- Ambaris Mohanty wrote:
And I want that the date should come from the
database.
Why would you want the current date to come from the
database?
d.
Got a little couch potato?
Check out fun summer
I want to display the same time in all the client machines irrespective of
their location.
-Original Message-
From: Dave Newton [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 4:34 PM
To: Struts Users Mailing List
Subject: Re: using jstl sql tags for displaying date from database
And the reason for not using the server time would be..?
-Original Message-
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: 05 June 2007 12:21
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
I want to display the same time
4:54 PM
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
And the reason for not using the server time would be..?
-Original Message-
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: 05 June 2007 12:21
To: 'Struts Users Mailing
And the reason these aren't synchronized using NTP or a similar protocol
would be...?
-Original Message-
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: 05 June 2007 12:33
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
Do u have the solution or just wasting my time???
-Original Message-
From: Al Sutton [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 5:09 PM
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
And the reason these aren't synchronized
worked at a
university).
-Original Message-
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: 05 June 2007 12:47
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
Do u have the solution or just wasting my time???
-Original Message
--- Ambaris Mohanty wrote:
Do u have the solution or just wasting my time???
The irony here is thick enough to slice.
d.
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel
like select sysdate from dual?
The whole application is based upon struts framework. I have used struts
1.2.9. I thought jstl sql tag would be a better option to execute such small
query since it's very simple. So, I'm trying to get it done using jstl. Can
u help?
AM
-Original Message-
From
, Ambaris Mohanty wrote:
Do u have the solution or just wasting my time???
-Original Message-
From: Al Sutton [mailto:[EMAIL PROTECTED]
Sent: Tuesday, June 05, 2007 5:09 PM
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
And the reason
-
From: Ambaris Mohanty [mailto:[EMAIL PROTECTED]
Sent: 05 June 2007 13:19
To: 'Struts Users Mailing List'
Subject: RE: using jstl sql tags for displaying date from database
Ok thanks for your reply n showing me the way. It seems you didn't get my
question write. Let me explain it to you
Dave,
Thanks for your response. I have got your point and will try to follow
the guidelines from my next mail on.
I was basically interested in knowing all the steps that are required to
connect to a remote SQL server 2000 using Struts on JBoss.
After a night of trial and errors, I have finally
I am writing this mail after spending a lot of time struggling with the
stuff mentioned in subject line.
My Setup
1. myEclipse IDE
2. Struts Version 1.1
3. JDK 1.5
4. Jboss 3.2.5 (Please don't ask me to go to Jboss mailing list :-( )
5. SQL Server 2000 (This server is running on a remote win
Jitendra Kumar wrote:
Using the above I simply want to print the records of any table in my SQL
Server 2K DB.
The problem:
I am not able to do the above. I have tried changing some files in Jboss. I
have copied some jars of DB Drivers in WEB-INF/lib folder etc.
http://www.catb.org/~esr
SELECT DEPTNUM.REF_VALUE, CAMNUM.REF_VALUE,
(SELECT PN1.NOTE_TEXT FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID =
DEPTNUM.PARTY_ID and max(pn1.last_update_dt)) NOTE
FROM PARTY_REFERENCE DEPTNUM,
PARTY_REFERENCE CAMNUM,
PARTY_ASSOC REL
WHERE DEPTNUM.PARTY_ID = REL.TO_PARTY_ID
AND REL.FROM_PARTY_ID =
FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID
might have to be...
FROM PARTY_NOTE PN1 WHERE PN1.PARTY_ID
What happens if you get more than one last_update_dt
equal to the maximum?
Gluck
Jonnalagadda, Sumithra [EMAIL PROTECTED] wrote:
SELECT DEPTNUM.REF_VALUE, CAMNUM.REF_VALUE,
, 2006 10:25 AM
To: Struts Users Mailing List
Subject: Re: For sql experts
FROM PARTY_NOTE PN 1WHERE PN.1PARTY_ID
might have to be...
FROM PARTY_NOTE PN1 WHERE PN1.PARTY_ID
What happens if you get more than one last_update_dt equal to the
maximum?
Gluck
Jonnalagadda, Sumithra
tia,
.V
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://opensource2.atlassian.com/confluence/oss/display/IBATIS/Quick+Start+Guide
-T.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
I need to see if anyone has a utility to take a String date, add 1 day,
and return a java.sql.Date
--
Thanks
Mick Knutson
(925) 951-4126
HP Consulting Services
Safeway (Blackhawk Fastword Project)
J2EE Architect
---
MMS safeway.com made the following annotations.
Mick Knutson wrote:
I need to see if anyone has a utility to take a String date, add 1 day,
and return a java.sql.Date
I'd probably check out the Calendar class.
Dave Newton
Technical Lead, MonkeyLips Omnigalgomon Project
utilitiy to take date String, add a day, and return sql date?
Mick Knutson wrote:
I need to see if anyone has a utility to take a String date, add 1 day,
and return a java.sql.Date
I'd probably check out the Calendar class.
Dave Newton
Technical Lead, MonkeyLips Omnigalgomon Project
[EMAIL PROTECTED] wrote:
[...]
public static String addDaysToDate( String strDate, String noofDays,
String dateFormat ) throws Exception
noofDays? What are those? Days 30 minutes offset from everywhere else? ;-)
L.
In general, ActionForm validation is limited to the most basic input
validation, mostly making sure that incoming strings can be parsed
into a specific type. If you need to issue a SQL query to ensure
valid data, that sounds like a business logic operation, and probably
makes more sense
Hi In my HTML-Form I'm sending a number to a action.
If the number is valid will be decided by a sql-query.
I'm not sure to put this select in the ActionForms validate
method or in the action with a corresponding forward.
What would be the better way?
Thanks for any opinions
Hi all
I got my app storing and retrieving images from MySQL database - what a mistake!
A simple image of 130k took 8 seconds to appear on the page. This is a huge
time to
sit and stare at a large blank space on the screen.
I can't help thinking that this is a bug (performance problem)
Hi all (Gosh, I'm starting to feel like a regular on this list...)
After my experiences below I have rewritten my application to store the images
in a
local sub-directory, however when I ran this new version the sub-directory was
created
under the Tomcat/bin directory - not really
I guess it depends if you are trying to restrict access to these images.
To make all images available for anyone, put them into /images, for example.
If you want to not allow any direct access to them, you could create a
directory under /WEB-INF and put them there. You would then have to
How do I find the path actual path to /images assuming of course that
/images is a
url reference?
Is there something like $STRUTS_ROOT?
Kind regards
mc
On 7 Sep 2005 at 14:50, Jason Lea wrote:
I guess it depends if you are trying to restrict access to these images.
To make all images
Oh right, you need to discover the location automatically.
Something like this might work:
request.getSession().getServletContext().getRealPath(/images);
That should give you the full path to /images.
Murray Collingwood wrote:
How do I find the path actual path to /images assuming of
Thanks Jason
I'm having a strange issue with serving up these images. I'm getting a socket
write
error from the following code. There are 3 images, the details follow the
code. The
first two images appear, the third fails to appear.
response.setContentLength((int)
On Wed, 2005-09-07 at 14:16 +1000, Murray Collingwood wrote:
Thanks Jason
I'm having a strange issue with serving up these images. I'm getting a
socket write
error from the following code. There are 3 images, the details follow the
code. The
first two images appear, the third fails
this
sql:query SELECT someValue FROM .. WHERE group_id = ???groupId??? /
Is this a proper way to do this?
I do not know how to write in the Action class so that
it can retrieve the sql value from the passing in jsp file.
Your help is very much appreicated
that
it can retrieve the sql value from the passing in jsp file.
Your help is very much appreicated.
Hallo Nobody(??)
It is bad practice to put SQL Statement in a JSP page.
Regards
Richard Markham
-Ursprüngliche Nachricht-
Von: ??? [mailto:[EMAIL PROTECTED]
Gesendet: Donnerstag, 1. September 2005 05:30
An: Struts Users Mailing List
Betreff: Re: How to pass sql variable from jsp
Richard
Are you suggesting something like Hibernate or iBatis?
Daniel
2005/9/1, R. Markham [EMAIL PROTECTED]:
Hallo Nobody(??)
It is bad practice to put SQL Statement in a JSP page.
Regards
Richard Markham
-Ursprüngliche Nachricht-
Von: ??? [mailto:[EMAIL PROTECTED
to pass SQL variable from JSP to Action?
Richard
Are you suggesting something like Hibernate or iBatis?
Daniel
2005/9/1, R. Markham [EMAIL PROTECTED]:
Hallo Nobody(??)
It is bad practice to put SQL Statement in a JSP page.
Regards
Richard Markham
-Ursprüngliche Nachricht
2005 15:09
To: Struts Users Mailing List
Subject: Re: How to pass SQL variable from JSP to Action?
Richard
Are you suggesting something like Hibernate or iBatis?
Daniel
2005/9/1, R. Markham [EMAIL PROTECTED]:
Hallo Nobody(??)
It is bad practice to put SQL Statement in a JSP
in a Struts action and place in the presentation layer via an
ActionForm etc before showing the JSP
-Original Message-
From: ??? [mailto:[EMAIL PROTECTED]
Sent: 01 September 2005 15:09
To: Struts Users Mailing List
Subject: Re: How to pass SQL variable from JSP to Action?
Richard
and place in the presentation layer via an
ActionForm etc before showing the JSP
-Original Message-
From: ??? [mailto:[EMAIL PROTECTED]
Sent: 01 September 2005 15:09
To: Struts Users Mailing List
Subject: Re: How to pass SQL variable from JSP to Action?
Richard
Are you
Erik Weber wrote:
As far as the implementation goes, there is no reason to be scared of
switches and loops. (But favor polymorphism/virtual functions over a
giant loop.) However, you should get rid of all those concat operators
and use StringBuffer.append instead. The performance will improve
text inputs and several checkboxes.
Only one text box should ever be filled in.
I can work out the resultant sql query by using lots of if statements as
below but it just doesn't seem very elegant ...
I could also break the search down into several forms and so different
actions - but this seems
Sean,
Have you thought about constructing a DAO/Adapater object that receives your
input, and then does the notorious SQL-string building on the inside? If you
cannot get the elegant solution, you should at least make it appear elegant
by wrapping it inside of the DAO layer.
-Original
Look into using iBATIS http://www.ibatis.com. It's easy to use and will
handle this kind of dynamic SQL very nicel (the PDF instruction manual
is nice. Look at the SQL Maps documentatoin under Dynamic Mapped
Statements.)
Sean Burlington wrote the following on 5/9/2005 10:37 AM:
Hi all
Benedict, Paul C wrote:
Sean,
Have you thought about constructing a DAO/Adapater object that receives your
input, and then does the notorious SQL-string building on the inside? If you
cannot get the elegant solution, you should at least make it appear elegant
by wrapping it inside of the DAO layer
Rick Reumann wrote:
Look into using iBATIS http://www.ibatis.com. It's easy to use and will
handle this kind of dynamic SQL very nicel (the PDF instruction manual
is nice. Look at the SQL Maps documentatoin under Dynamic Mapped
Statements.)
that's a bigger change in coding than I was thinking
thus consist of several text inputs and several checkboxes.
Only one text box should ever be filled in.
I can work out the resultant sql query by using lots of if statements
as below but it just doesn't seem very elegant ...
I could also break the search down into several forms and so different
on several text fields - and refined by
boolean fields.
The html form thus consist of several text inputs and several
checkboxes.
Only one text box should ever be filled in.
I can work out the resultant sql query by using lots of if statements
as below but it just doesn't seem very elegant ...
I
just can't find it.
I have a database containing many records
Searches can be performed on several text fields - and refined by
boolean fields.
The html form thus consist of several text inputs and several checkboxes.
Only one text box should ever be filled in.
I can work out the resultant sql
So, I have the following table:
id month val1val2total
1 jan 1 2 3
2 feb 3 4 7
And I'd like it transformed to:
ID VAL COL1COL2
1 month jan feb
2 val11 3
3 val22 4
4 total
I don't 100% understand your tables. Where does ID come from (the values 1
2 exist in the first view, but 1,2,3,4 in the second).
Are the totals derived?
Give me the SQL for the first view and I'll have a look.
Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL
1 - 100 of 147 matches
Mail list logo
