On Wed, 30 Oct 2002, Lorenzo Sicilia wrote: > I use JRUN4 and Mysql. > I have com.mysql.jdbc.Driver OpenSource and org.gjt.mm.mysql.Driver by > Macromedia. > Are there Class database vendor provides?
Yes, both of those classes are implementations of the JDBC "Driver" interface that come ultimately from the database vendor. I don't use MySQL, so I don't know offhand if they produce their own pooling DataSource. You can, however, use Jakarta Commons's DBCP. > > Security. Using '?' and <c:param> ensures that any dangerous characters > > will be escaped. By "dangerous," I mean characters like a single quote > > (') that could alter the sense of your SQL statement and end up hijacking > > it to produce unintended results. > > Ok, but I think the true problem is about INSERT or DELETE. Select is > not very dangerous. or no? Hijacked SELECT statements can be dangerous if you're concerned about who gains read-only access to your data. -- Shawn Bayern "JSTL in Action" http://www.jstlbook.com -- To unsubscribe, e-mail: <mailto:taglibs-user-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:taglibs-user-help@;jakarta.apache.org>