Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 26152 invoked from network); 22 Jan 2007 22:25:05 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 22 Jan 2007 22:25:05 -0000 Received: (qmail 19623 invoked by uid 500); 22 Jan 2007 22:24:59 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 19602 invoked by uid 500); 22 Jan 2007 22:24:58 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 19591 invoked by uid 99); 22 Jan 2007 22:24:58 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Jan 2007 14:24:58 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: local policy) Received: from [192.61.61.103] (HELO usea-naimss1.unisys.com) (192.61.61.103) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 22 Jan 2007 14:24:47 -0800 Received: from usea-nagw1.na.uis.unisys.com ([129.224.72.16]) by usea-naimss1 with InterScan Message Security Suite; Mon, 22 Jan 2007 16:24:26 -0600 Received: from usea-nagw1.na.uis.unisys.com ([129.224.72.51]) by usea-nagw1.na.uis.unisys.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 22 Jan 2007 16:24:25 -0600 Received: from USRV-EXCH4.na.uis.unisys.com ([192.61.245.232]) by usea-nagw1.na.uis.unisys.com with Microsoft SMTPSVC(6.0.3790.1830); Mon, 22 Jan 2007 16:24:24 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Tomcat 4.x (Major Problem) Date: Mon, 22 Jan 2007 16:24:24 -0600 Message-ID: In-Reply-To: <7095b820701221339m59e3a61ct33850641d2fd1528@mail.gmail.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Tomcat 4.x (Major Problem) Thread-Index: Acc+bdnNRZtDXAoGQNa6bhadXOS46wABVScw References: <7095b820701191013l72694e7dk623d65cc7c2c4e0d@mail.gmail.com> <7095b820701221339m59e3a61ct33850641d2fd1528@mail.gmail.com> From: "Caldarale, Charles R" To: "Tomcat Users List" X-OriginalArrivalTime: 22 Jan 2007 22:24:24.0941 (UTC) FILETIME=[1269F1D0:01C73E74] X-Virus-Checked: Checked by ClamAV on apache.org > From: Andy Moller [mailto:andymoller@gmail.com]=20 > Subject: Re: Tomcat 4.x (Major Problem) > String[] value1 =3D (request.getParameterValues("value_1") !=3D null) > ? request.getParameterValues("value_1") > : new String[0]; > String singleVal1=3D value1[i]; > query=3D > "insert into sample_table(id,val1,common_name,val2)" > + " values (sequence.nextVal," > + singleVal1 > + ",'" > + commonName > + "','" > + val2[j] > + "')"; > However, the actual query printout (that cause an exception, and the > behavior I cannot justify) > "insert into sample_table(id,val1,common_name,val2) values( > sequence.nextVal,nameB,'nameA','valueB1')" There's nothing in your code that checks the value_1 parameter set for being numeric or having other inappropriate values; consequently, you're at the mercy of the client to submit valid data. No evidence here of anything but insufficiently robust programming. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org