Re: [JBoss-user] [HTTPD, Servlets & JSP] - jsp syntax question

Wed, 21 Apr 2004 17:49:40 -0700

LORDs_diakonos wrote:

I hava a page with the code below <%@ taglib uri="http://java.sun.com/jstl/core"; prefix="c" %>
| | <%@ taglib uri="http://java.sun.com/jstl/fmt"; prefix="fmt" %>
| | <%@ taglib uri="http://java.sun.com/jstl/sql"; prefix="sql" %>
| | <%@ taglib uri="http://java.sun.com/jstl/xml"; prefix="x" %>
| | <%@ page import="java.security.Principal" %>
| | <%!
| public String getName(HttpServletRequest request) {
| Principal user = request.getUserPrincipal();
| String name = user.getName();
| return name;
| }
| %>
| | <sql:setDataSource var="psql" scope="application" driver="org.postgresql.Driver" url="jdbc:postgresql://10.1.3.10/nbbc1" user="jboss" password="bossj1" />
| <sql:query var="getName" dataSource="${psql}" scope="session" >
| SELECT | public.tblindividual.firstname
| FROM
| public.tblloginname
| INNER JOIN public.tblindividual ON (public.tblloginname.indlink = public.tblindividual.indid)
| WHERE
| LOWER(public.tblloginname.loginname) = LOWER('<%= getName(request) %>')
| </sql:query>
| <c:redirect url="home.jsp"/> I am trying to figure out how on the home.jsp page to display the results from the query on the page above. I have tryed a bunch of different combos without any luck. Would someone please help out a j2ee newbie :-)

Put the results to the HttpSession attribute.

Vlad

P.S. Using dynamic SQL statements in web applications is very dangerous. Just assume that a Principal.getName() return a String like "'; ALTER TABLE public.tblloginname; bla-bl-bla". You should use parameterized PreparedStatement instead of Statement.
P.P.S. to a jsp with java code is not recommended. The functionality of the page should be moved to a http filter or a servlet.



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to