cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Painter-Wakefield <paint...@mc.duke.edu>
Subject Re: ESQL INSERT
Date Tue, 30 Mar 2004 15:15:29 GMT




The immediate problem I see is in how you are passing your String
parameters into the SQL statement.  The strings you are passing in do not
end up in the SQL statement with quotes around them (unless the user is
entering them on the form!), so the database is probably getting syntax
errors, which I think you should be seeing.  You have two choices to fix
this:

Each place you have an expression like <xsp:expr>news_title</xsp:expr>

1. (potentially a security risk)  change to
'<xsp:expr>news_title</xsp:expr>'

2. (much better) change to
      <esql:parameter
type="string"><xsp:expr>news_title</xsp:expr></esql:parameter>

HTH

-Christopher



|---------+---------------------------->
|         |           olivier demah    |
|         |           <odemah@messagio.|
|         |           com>             |
|         |                            |
|         |           03/30/2004 04:36 |
|         |           AM               |
|         |           Please respond to|
|         |           users            |
|         |                            |
|---------+---------------------------->
  >--------------------------------------------------------------------------------------------------------------|
  |                                                                                      
                       |
  |       To:       users@cocoon.apache.org                                              
                       |
  |       cc:                                                                            
                       |
  |       Subject:  ESQL INSERT                                                          
                       |
  >--------------------------------------------------------------------------------------------------------------|




from a form i get my data i want logically insert in my database so i
did the following , but nothing comes in my blog_news table

<blog_addingnews>
    <xsp:logic>
    String id_blog_user = request.getParameter("id_blog_user");
    String id_blog_news = request.getParameter("id_blog_news");
    String news_title = request.getParameter("news_title");
    String news_text = request.getParameter("news_text");
    String news_image = request.getParameter("news_image");
    </xsp:logic>
    <id_blog_user><xsp-request:get-parameter
name="id_blog_user"/></id_blog_user>
    <esql:connection>
        <esql:pool>mblog_pg</esql:pool>
        <esql:execute-query>
            <esql:query>
            INSERT INTO blog_news
(id_blog_news,id_blog_user,news_title,news_text,news_image,news_date_creation,news_date_modify)


            VALUES ('',<xsp:expr>id_blog_user</xsp:expr>,
            <xsp:expr>news_title</xsp:expr>,
            <xsp:expr>news_text</xsp:expr>,
            <xsp:expr>news_image</xsp:expr>,
            today,NULL);
            </esql:query>
            <esql:error-results>Database Error</esql:error-results>
            <esql:update-results>
                <esql:get-update-count/> Added
            </esql:update-results>
            <esql:no-results>
               <p>nothing done</p>
            </esql:no-results>
        </esql:execute-query>
    </esql:connection>
</blog_addingnews>
</xsp:page>

Regards.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org





---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message