On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> I use JRUN4 and Mysql.
> I have com.mysql.jdbc.Driver OpenSource and org.gjt.mm.mysql.Driver by
> Macromedia.
> Are there Class database vendor provides?
Yes, both of those classes are implementations of the JDBC "Driver"
interface that come ultimately from the database vendor. I don't use
MySQL, so I don't know offhand if they produce their own pooling
DataSource. You can, however, use Jakarta Commons's DBCP.
> > Security. Using '?' and <c:param> ensures that any dangerous characters
> > will be escaped. By "dangerous," I mean characters like a single quote
> > (') that could alter the sense of your SQL statement and end up hijacking
> > it to produce unintended results.
>
> Ok, but I think the true problem is about INSERT or DELETE. Select is
> not very dangerous. or no?
Hijacked SELECT statements can be dangerous if you're concerned about who
gains read-only access to your data.
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <mailto:taglibs-user-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:taglibs-user-help@;jakarta.apache.org>
