jakarta-taglibs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shawn Bayern <bay...@essentially.net>
Subject RE: Startard Taglib- SQL bind variables
Date Sat, 25 May 2002 15:28:16 GMT
On Thu, 23 May 2002, Steve A. Olson wrote:

> Right, to avoid that danger the SQL statement must be pre-processed to
> substitute any scripting variables into actual SQL bind variables
> using a preparedStatement.  This avoids the SQL syntax errors when
> variables are null or have no value. Perhaps using :variables would
> avoid the EL parsing.

Hi Steve --

Thanks for the suggestion, but it's too late to change how JSTL 1.0 will
work.  I personally once considered a variation on this model, using
<sql:param> inline in a query instead of relying on PreparedStatement-syle
placeholders, as:

    UPDATE tablename
    SET foo = <sql:param value="${bar}"/>
    WHERE foo = <sql:param value="${oldBar}"/>

Ultimately, relying on the JDBC-standard mechanism should take better
advantage of existing mindshare and might even interoperate better.  (I
know of environments where ?-escaped queries are stored in property
sheets, for instance.)

But still, it's not a bad thought.  I suggest mailing


to make sure it's on a list for items to consider after JSTL 1.0.

Thanks again for the suggestion!

Shawn Bayern
"JSP Standard Tag Library"   http://www.jstlbook.com
(coming in July 2002 from Manning Publications)

To unsubscribe, e-mail:   <mailto:taglibs-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:taglibs-dev-help@jakarta.apache.org>

View raw message