[email protected] schrieb:
>Caused by: java.lang.NullPointerException: null
> at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.java:1468)
> at
>com.project.server.Management.ServerSQLServiceImpl.selectOrdersBeingPrepared
>(ServerSQLServiceImpl.java:492)
>
>
> Here is the code found at the selectOrdersBeingPrepared method on the
> server
[...]
> public ServerSQLData selectOrdersBeingPrepared(String message) {
[...]
> dc.openConnection();
What is dc? A global variable in the servlet. Then you most likely
will have a problem with two parallel calls of the servlet where
one request interfers with another
> This is the call from the client to the server:
>
> //Get prepare order data
> String ordersBeingPrepared = "Select oi.QuantityOrdered,
> i.itemName, wo.TableNo, wo.timeOrderSentToChef FROM
> catering.orderitem_table oi, catering.wholeorder_table wo,
> catering.menuITems_table mi, catering.items_table i,
> catering.itemcategory_table ic Where wo.WholeOrderID = oi.WholeOrderID
> AND oi.MenuItemID = mi.MenuItemID AND mi.itemID = i.itemID AND
> i.categoryID = ic.categoryID AND ItemType = '" + applicationType + "'
> AND oi.itemStatus = 'Being Prepared'";
Cool, the proof that SQL-injection is possible with every web-frame-
work in the word.
Regards, Lothar
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Google Web Toolkit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/Google-Web-Toolkit?hl=en
-~----------~----~----~----~------~----~------~--~---
