cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Saif Khaja" <>
Subject Re: cannot get ESQL to work... urgent
Date Thu, 14 Sep 2000 08:53:11 GMT

>From: Sebastian Heidl <>
>Subject: Re: cannot get ESQL to work... urgent
>Date: Thu, 14 Sep 2000 12:38:39 +0200
>Donald Ball wrote:
> >
> >
> > <esql:query>
> >  select id,name from employee_table where id =
> >  <esql:safe-var><request:get-parameter name="id"/></esql:safe-var>
> > </esql:query>
> >
> > you got any ideas on what the safe-var function would check for?
>it should escape all single quotes, so it is not
>possible to inject extra SQL commands in the query string.
How do you pass on variables in esql file so that I can use it in the query.

I tried this but it doesnt work.

	String sid = request.getParameter("pubid");

	select * from publishers
	where pub_id='<xsp:expr>sid</xsp:expr>'
<id><esql:get-string column="pub_id"/></id>
<name><esql:get-string column="pub_name"/></name>
<error>no results were found</error>


But it says the variable 'sid' is not defined.
Any suggestions, how I can achieve this functionality.


>To unsubscribe, e-mail:
>For additional commands, e-mail:

Get Your Private, Free E-mail from MSN Hotmail at

Share information about yourself, create your own public profile at

View raw message