On Fri, 2003-01-31 at 16:09, Scherler, Thorsten wrote:
> Hello Jan,
>
> I couldn't find the error.
>
> But I attached it.
>
I was reading your previous post in which you posted your xsp source.
Instead of this:
<esql:execute-query>
<esql:query>
select * from info_bericht where country ='<xsp-request:get-parameter
name="GETcountry"/>' AND Info_datum = #<xsp-request:get-parameter name="date"/>#
</esql:query>
Try this:
<esql:execute-query>
<esql:query>
select * from info_bericht where country =
<esql:parameter><xsp-request:get-parameter
name="GETcountry"/></esql:parameter> AND Info_datum =
<esql:parameter><xsp-request:get-parameter name="date"/></esql:parameter>
</esql:query>
This will then use a PreparedStatement which is safer from possible SQL exploit.
Other than that, the XSP source didn't show where you were using the direct access to
parameters.getParameter() or request.getParameter()
Andrew
Andrew
---------------------------------------------------------------------
Please check that your question has not already been answered in the
FAQ before posting. <http://xml.apache.org/cocoon/faq/index.html>
To unsubscribe, e-mail: <[EMAIL PROTECTED]>
For additional commands, e-mail: <[EMAIL PROTECTED]>
