cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Saif Khaja" <ksai...@hotmail.com>
Subject Re: cannot get ESQL to work... urgent
Date Thu, 14 Sep 2000 08:53:11 GMT



>From: Sebastian Heidl <heidl@zib.de>
>Reply-To: cocoon-users@xml.apache.org
>To: cocoon-users@xml.apache.org
>Subject: Re: cannot get ESQL to work... urgent
>Date: Thu, 14 Sep 2000 12:38:39 +0200
>
>Donald Ball wrote:
> >
> >
> > <esql:query>
> >  select id,name from employee_table where id =
> >  <esql:safe-var><request:get-parameter name="id"/></esql:safe-var>
> > </esql:query>
> >
> > you got any ideas on what the safe-var function would check for?
>
>it should escape all single quotes, so it is not
>possible to inject extra SQL commands in the query string.
>
How do you pass on variables in esql file so that I can use it in the query.

I tried this but it doesnt work.

	<xsp:logic>
	String sid = request.getParameter("pubid");

<esql:execute-query>
<esql:driver>com.inet.tds.TdsDriver</esql:driver>
<esql:dburl>jdbc:inetdae6:obie?database=pubs</esql:dburl>
<esql:username>sa</esql:username>
<esql:password></esql:password>
<esql:query>
	select * from publishers
	where pub_id='<xsp:expr>sid</xsp:expr>'
</esql:query>
<esql:results>
<publisher>
<id><esql:get-string column="pub_id"/></id>
<name><esql:get-string column="pub_name"/></name>
</publisher>
</esql:results>
<esql:no-results>
<error>no results were found</error>
</esql:no-results>
</esql:execute-query>

	</xsp:logic>

But it says the variable 'sid' is not defined.
Any suggestions, how I can achieve this functionality.

Thanx,
saif.


>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
>For additional commands, e-mail: cocoon-users-help@xml.apache.org
>

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.


Mime
View raw message