cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Saif Khaja" <ksai...@hotmail.com>
Subject Re: cannot get ESQL to work... urgent
Date Thu, 14 Sep 2000 11:16:01 GMT

>>
>>Donald Ball wrote:
>> >
>> >
>> > <esql:query>
>> >  select id,name from employee_table where id =
>> >  <esql:safe-var><request:get-parameter name="id"/></esql:safe-var>
>> > </esql:query>
>> >
>> > you got any ideas on what the safe-var function would check for?
>>
>>it should escape all single quotes, so it is not
>>possible to inject extra SQL commands in the query string.
>>
>How do you pass on variables in esql file so that I can use it in the 
>query.
>
>I tried this but it doesnt work.
>
>	<xsp:logic>
>	String sid = request.getParameter("pubid");
...
><esql:query>
>	select * from publishers
>	where pub_id='<xsp:expr>sid</xsp:expr>'
></esql:query>
...
></esql:execute-query>
>
>	</xsp:logic>
>
>But it says the variable 'sid' is not defined.
>Any suggestions, how I can achieve this functionality.

This works. But I still dont know why it is not able to identify the 
variable.
<esql:query>
	select * from publishers
	where pub_id='<xsp:expr>request.getParameter("pubid")</xsp:expr>'
</esql:query>

>
>Thanx,
>saif.
>
>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.


Mime
View raw message