> From: Andy Moller [mailto:[EMAIL PROTECTED]
> Subject: Re: Tomcat 4.x (Major Problem)
<snip>
> String[] value1 = (request.getParameterValues("value_1") != null)
> ? request.getParameterValues("value_1")
> : new String[0];
<snip>
> String singleVal1= value1[i];
<snip>
> query=
> "insert into
sample_table(id,val1,common_name,val2)"
> + " values (sequence.nextVal,"
> + singleVal1
> + ",'"
> + commonName
> + "','"
> + val2[j]
> + "')";
<snip>
> However, the actual query printout (that cause an exception, and the
> behavior I cannot justify)
> "insert into sample_table(id,val1,common_name,val2) values(
> sequence.nextVal,nameB,'nameA','valueB1')"
There's nothing in your code that checks the value_1 parameter set for
being numeric or having other inappropriate values; consequently, you're
at the mercy of the client to submit valid data. No evidence here of
anything but insufficiently robust programming.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you
received this in error, please contact the sender and delete the e-mail
and its attachments from all computers.
---------------------------------------------------------------------
To start a new topic, e-mail: [email protected]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
