axis-java-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From m4rkuz <m4r...@gmail.com>
Subject Re: Question about exposing a database as a web service...
Date Thu, 05 Mar 2009 13:22:39 GMT
mmmm

let's see when you modify your code to accept the param id
like this:

public OrderData orderDetails(int id)

You must do another client for the WS generated, query string is not the way
to pass parameter to a web service.


Regards,


Marcus V. Sánchez D.
______________________
Enterprise Developer.
Sun Certified Java Programmer (SCJP)

PD:
this line : String SQL = "SELECT * FROM `porder` WHERE order_id = "  + id ;

is a HUGE security risk.



On Wed, Mar 4, 2009 at 11:53 PM, riveraej <riveraej@gmail.com> wrote:

>
> Hi everyone!
>
> I come to you asking for help. I'm trying to mount a web service which
> consults a MySQL Database. I have already done the consult, but I can show
> all data contained in the database, or I can show data according to
> conditions setting these conditions manually in the code of the Java Class.
> Nevertheless I need to pass in some way to my class a value in order to
> make
> the SQL consult according to this.
>
> Talking in code terms... I have the next code:
>
> public class poDBService{
>
>        public OrderData orderDetails(){
>                Connection conn = (Connection)
> MessageContext.getCurrentMessageContext().getProperty(
>                        poDataServiceLifeCycle.DB_CONNECTION);
>                if (conn!=null){
>                        try{
>                                String SQL = "SELECT * FROM `porder` WHERE
> order_id=1";
>                                PreparedStatement statement =
> conn.prepareStatement(SQL);
>                                ResultSet result = statement.executeQuery();
>                                if (result.next()){
>                                        OrderData orderData = new
> OrderData();
>
>  orderData.setOrderId(result.getInt("order_id"));
>
>  orderData.setSoldTo(result.getInt("soldTo"));
>
>  orderData.setShipTo(result.getInt("shipTo"));
>
>
> I can access to my service through my browser in the address:
>
> http://localhost:8080/axis2/services/poDataService/orderDetails
>
> It correctly displays the corresponding data contained in the table porder
>
> But I need to define my SQL sentence allowing to pass it the needed
> parameter for the WHERE clause.
> I already found that some people makes it with code like the next:
>
> public class poDBService{
>
>        public OrderData orderDetails(int id){
>                Connection conn = (Connection)
> MessageContext.getCurrentMessageContext().getProperty(
>                        poDataServiceLifeCycle.DB_CONNECTION);
>                if (conn!=null){
>                        try{
>                                String SQL = "SELECT * FROM `porder` WHERE
> order_id = "  + id ;
>                                PreparedStatement statement =
> conn.prepareStatement(SQL);
>                                ResultSet result = statement.executeQuery();
>                                if (result.next()){
>                                        OrderData orderData = new
> OrderData();
>
>  orderData.setOrderId(result.getInt("order_id"));
>
>  orderData.setSoldTo(result.getInt("soldTo"));
>
>  orderData.setShipTo(result.getInt("shipTo"));
>
>
> With this code theoretically it would be possible to pass paramete id to
> the
> service in the URL address:
>
> http://localhost:8080/axis2/services/poDataService/orderDetails?id=1
>
> But when I try to do it in this way Axis returns in my web browser a Soap
> message like this:
>
> <soapenv:Reason>
> <soapenv:Text xml:lang="en-US">unknown</soapenv:Text>
> </soapenv:Reason>
>
> No error is thorwn in JBoss console window.
>
> I'm using:
> - JBoss-4.2.2.G.A.
> - Axis2-1.3
> - jdk1.5.0_17
> - mysql-connector-java-5.1.7
> - MySQL Server 5.1
>
> Any ideas what is happening? or is there another way to do this?
>
> Thanks in advance!
>
> Ernesto J. Rivera
> --
> View this message in context:
> http://www.nabble.com/Question-about-exposing-a-database-as-a-web-service...-tp22345253p22345253.html
> Sent from the Axis - User mailing list archive at Nabble.com.
>
>

Mime
View raw message