cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rayed Al-Rashed <ra...@mail.com>
Subject Re: How to escape parameters used in SQL?
Date Fri, 13 Oct 2000 06:07:17 GMT
Unfortunately it didn't work, here is the code, and the stack trace.
But isn't there a simple way to escape single quotes in simple
queries, because it is needed for drivers that don't support prepared
statements any way.

-------------------------------------------------------
<esql:execute-query>
  <esql:driver>sun.jdbc.odbc.JdbcOdbcDriver</esql:driver>
  <esql:dburl>jdbc:odbc:MYDB</esql:dburl>
  <esql:statement>
  INSERT INTO news(Title,Body)
     VALUES (<esql:parameter><request:get-parameter  
name="title"/></esql:parameter>
     , <esql:parameter><request:get-parameter
name="body"/></esql:parameter> );
  </esql:statement>
</esql:execute-query>
-------------------------------------------------------
java.sql.SQLException: [Microsoft][ODBC Paradox Driver]Invalid use of
null pointer at
sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:4089) at
sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:4246) at
sun.jdbc.odbc.JdbcOdbc.SQLExecDirect(JdbcOdbc.java:1172) at
sun.jdbc.odbc.JdbcOdbcStatement.execute(JdbcOdbcStatement.java:206) at
sun.jdbc.odbc.JdbcOdbcStatement.executeQuery(JdbcOdbcStatement.java:131)
at
_C_._Program_Files._Apache_Group._Apache._htdocs._news._article_add._esql_execute_query_Nf67f957c(_article_add.java,
Compiled Code) at
_C_._Program_Files._Apache_Group._Apache._htdocs._news._article_add.populateDocument(_article_add.java:383)
at
org.apache.cocoon.processor.xsp.XSPPage.getDocument(XSPPage.java:96)
at
org.apache.cocoon.processor.xsp.XSPProcessor.process(XSPProcessor.java,
Compiled Code) at
org.apache.cocoon.Engine.handle(Engine.java, Compiled Code) at
org.apache.cocoon.Cocoon.service(Cocoon.java:167) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:588) at
org.apache.jserv.JServConnection.processRequest(JServConnection.java:317)
at
org.apache.jserv.JServConnection.run(JServConnection.java:188) at
java.lang.Thread.run(Thread.java:479) 
-------------------------------------------------------

Thanks

- Rayed


Donald Ball wrote:
> 
> On Thu, 12 Oct 2000, Rayed Al-Rashed wrote:
> 
> > I installed the latest development snapshot of cocoon, and I
> > converted my code to esql taglib, but I get this error
> >   "[ODBC Paradox Driver]Invalid use of null pointer"
> > any ideas what does this mean, is it something with my code
> >
> > <esql:execute-query>
> >   <esql:driver>sun.jdbc.odbc.JdbcOdbcDriver</esql:driver>
> >   <esql:dburl>jdbc:odbc:MYDB</esql:dburl>
> >   <esql:statement>
> >     INSERT INTO news(Title,Body)
> >     VALUES ('<request:get-parameter name="title"/>',
> >     <esql:parameter><request:get-parameter
> > name="body"/></esql:parameter> );
> >   </esql:statement>
> >
> >   <esql:error-results>
> >   <message><esql:get-message/></message>
> >   <stacktrace><esql:get-stacktrace/></stacktrace>
> >   </esql:error-results>
> > </esql:execute-query>
> 
> i think you need to parameterize both arguments, title and body. i'm not
> sure though. if that doesn't work, post the full stack trace. note i have
> no idea if the JDBC-ODBC bridge supports prepared statements or not. i
> highly recommend you do not use that driver in production environments.
> 
> > and does "<esql:statement>" replace "<esql:query>"
> 
> yes. although i suppose i could check and see if there is a esql:parameter
> element underneath or not and switch standard query v.s. prepared
> statement based on that... any thoughts?
> 
> - donald
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: cocoon-users-unsubscribe@xml.apache.org
> For additional commands, e-mail: cocoon-users-help@xml.apache.org

Mime
View raw message