Return-Path: Delivered-To: apmail-xml-cocoon-users-archive@xml.apache.org Received: (qmail 47462 invoked by uid 500); 7 Nov 2002 15:57:38 -0000 Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: Reply-To: cocoon-users@xml.apache.org Delivered-To: mailing list cocoon-users@xml.apache.org Received: (qmail 47277 invoked from network); 7 Nov 2002 15:57:28 -0000 Message-ID: <001d01c28676$7a2e9010$c301a8c0@Uindos> From: "marco scotoni" To: References: <000b01c28672$5a6b2440$c301a8c0@Uindos> <3DCA8A81.4060402@kaon.com> Subject: Re: XSP+logic Date: Thu, 7 Nov 2002 16:58:13 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Thx the problem is that i have to replace a substring from the result of query... but there arent methods or tag to do it... ----- Original Message ----- From: "Ilya A. Kriveshko" To: Sent: Thursday, November 07, 2002 4:45 PM Subject: Re: XSP+logic > Search the mailing list archives for SQL injection - your page is > vulnerable. > Use

name="num"/>

in your query. > > I don't see a closing '>' on the tag in the beginning of the > file. I would have expected it to give you a different error, though. > > Your problem is coming from the last in the file: > > > String Prova; > > > > You either meant to declare a String variable Prova, for which you > should do with tags, or > you meant to output "String Prova;", for which you should have used quotes. > > So, it's either: > > String Prova; > > > or > > > "String Prova;" > > > Also, it would be faster if you opened the database connection once, and > then placed all your queries inside of it: > > > xmlns:esql="http://apache.org/cocoon/SQL/v2" > xmlns:xsp-request="http://apache.org/xsp/request/2.0"> > > > static String replace(String str, String pattern, String replace) { > int s = 0; > int e = 0; > StringBuffer result = new StringBuffer(); > while ((e = str.indexOf(pattern, s)) >= 0) { > result.append(str.substring(s, e)); > result.append(replace); > s = e+pattern.length(); > } > result.append(str.substring(s)); > return result.toString(); > } > > > > > > trafomec > > > select distinct nome_prod, data_prod from tabella_prodotto > where id_prod= > > request.getParameter("num") > > > >

> > > > > > > > > select distinct id_ufoto,link,desc_foto from tabella_foto where > id_foto= > > request.getParameter("num") > > > > >

> > > > > > > > > SELECT DISTINCT tabella_at.nome_at as nome_at, > tabella_cf.nome_cf as nome_cf > FROM tabella_at, tabella_cf, tabella_famiglia, > tabella_prodotto > WHERE tabella_famiglia.id_at=tabella_at.id_at AND > tabella_famiglia.id_cf=tabella_cf.id_cf AND > tabella_famiglia.id_fa=4 AND > tabella_prodotto.id_fa=4 > > > > >

> > > > > > > > > select distinct specifiche from tabella_prodotto where id_prod=4 > > > > > "String Prova;" > > > > > > > > > marco scotoni wrote: > > >Hi, i have an error on this .xsp page but i can't solve....help plz > > > >Error: > >org.apache.cocoon.ProcessingException: Language Exception: > >org.apache.cocoon.components.language.LanguageException: Error compiling > >query_prod_xsp: > >Line 1113, column 18: ')' expected > >Line 1114, column 11: illegal start of expression > >Line 1113, column 11: variable String not found in class > >org.apache.cocoon.www.mount.html_pdf.query_prod_xsp > >Line 0, column 0: > >3 errors > > > > > > > >Page .xsp > > > > > > >xmlns:xsp="http://apache.org/xsp" > >xmlns:esql="http://apache.org/cocoon/SQL/v2" > >xmlns:xsp-request="http://apache.org/xsp/request/2.0" > > > > > > > >static String replace(String str, String pattern, String replace) { > >int s = 0; > >int e = 0; > >StringBuffer result = new StringBuffer(); > >while ((e = str.indexOf(pattern, s)) >= 0) { > >result.append(str.substring(s, e)); > >result.append(replace); > >s = e+pattern.length(); > >} > >result.append(str.substring(s)); > >return result.toString(); > >} > > > > > > > > > > > > > >trafomec > > > >select distinct nome_prod, data_prod from tabella_prodotto where > >id_prod=request.getParameter("num") > > > > > > > >

> >

> > > > > > > > > > > > > > > > > >trafomec > > > >select distinct id_ufoto,link,desc_foto from tabella_foto where > >id_foto=request.getParameter("num") > > > > > > > > > >

> >

> > > > > > > > > > > > > > > > > >trafomec > > > >select distinct tabella_at.nome_at as nome_at, > >tabella_cf.nome_cf as nome_cf from > >tabella_at,tabella_cf,tabella_famiglia,tabella_prodotto where > >tabella_famiglia.id_at=tabella_at.id_at and > >tabella_famiglia.id_cf=tabella_cf.id_cf and tabella_famiglia.id_fa=4 and > >tabella_prodotto.id_fa=4 > > > > > > > >

> >

> > > > > > > > > > > > > > > >trafomec > > > >select distinct specifiche from tabella_prodotto where > >id_prod=4 > > > > > > > > > >String Prova; > > > > > > > > > > > > > > > > > > > >__________________________________________________________________ > >Dark Schneider > >ICQ#: 13815557 > >Current ICQ status: > >+ More ways to contact me > >__________________________________________________________________ > > > > > >--------------------------------------------------------------------- > >Please check that your question has not already been answered in the > >FAQ before posting. > > > >To unsubscribe, e-mail: > >For additional commands, e-mail: > > > > > > > > > > > > --------------------------------------------------------------------- > Please check that your question has not already been answered in the > FAQ before posting. > > To unsubscribe, e-mail: > For additional commands, e-mail: --------------------------------------------------------------------- Please check that your question has not already been answered in the FAQ before posting. To unsubscribe, e-mail: For additional commands, e-mail: