cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rayed Al-Rashed <ra...@mail.com>
Subject Re: How to escape parameters used in SQL?
Date Thu, 12 Oct 2000 18:57:49 GMT
I installed the latest development snapshot of cocoon, and I
converted my code to esql taglib, but I get this error
  "[ODBC Paradox Driver]Invalid use of null pointer"
any ideas what does this mean, is it something with my code

<esql:execute-query>
  <esql:driver>sun.jdbc.odbc.JdbcOdbcDriver</esql:driver>
  <esql:dburl>jdbc:odbc:MYDB</esql:dburl>
  <esql:statement>
    INSERT INTO news(Title,Body)
    VALUES ('<request:get-parameter name="title"/>', 
    <esql:parameter><request:get-parameter
name="body"/></esql:parameter> );
  </esql:statement>

  <esql:error-results>
  <message><esql:get-message/></message>
  <stacktrace><esql:get-stacktrace/></stacktrace>
  </esql:error-results>
</esql:execute-query>


and does "<esql:statement>" replace "<esql:query>"
Thanks alot guys

- Rayed



Donald Ball wrote:
> 
> On Wed, 11 Oct 2000, Matthew Cordes wrote:
> 
> > In my database (Oracle) you can escape a single quote ( ' ) with another
> > single quote, thus
> >
> >     SELECT * FROM names where last_name = 'O'' Donnell'
> >
> > should work, but a better solution is prepared statements.  It isn't
> > too hard to rework the sql taglib to add support for a setString( int,
> > String) tag to do the same thing as the PreparedStatement's method of
> > the same name.
> >
> > I think I over heard someone saying prepared statements were on the
> > todo list for the esql, so maybe someday soon that will be another
> > option.
> 
> it's there already in cvs. try it:
> 
> <esql:statement>select * from department_table where name =
> <esql:parameter><request:get-parameter name="name"/></esql:parameter>
> </esql:statement>
> 
> defaults to string but you can make it be anything you want by adding a
> type attribute (e.g. type="int"). i think anyway. i have received _no_
> feedback since initially adding this, so speak up if you want a say in the
> syntax or features.
> 
> - donald
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org

Mime
View raw message