Agreed. We use Struts (as our MVC framework), and then a data access layer (we call persistables) that uses the PreparedStatements. Our JSPs only get data to render *after* the business logic has decided that all logic has been performed successfully.
The end-result is easily compartmentalized code (lots of code factoring) that makes for very robust applications. We are working on moving this framework to PostgreSQL (from Oracle) and we expect to have to touch the SQL statements (which are each in their own class, again for re-use) and perhaps two or three other classes to deal with any JDBC driver issues. When we make the transition successfully, I hope to be able to publicize the work and the value of PostgreSQL.
Charlie
Vernon Wu wrote:
In general, it isn't a good idea to have SQL statements in JSP files. A good practise is using Mode 2. The Struts is a popular Mode 2 framework. If your application is very small and it won't grow into a big one, you can get around using Mode 1. In the situation, the SQL tags of JSTL will be a recommeded mechanism.
11/26/2002 8:05:27 AM, "Charles H. Woloszynski" <[EMAIL PROTECTED]> wrote:
Actually, we use JDBC Prepared Statements for this type of work. You put a query with '?' in as placeholders and then add in the values and the library takes care of the encoding issues. This avoids the double encoding of (encode X as String, decode string and encode as SQL X on the line). There was a good article about a framework that did this in JavaReport about a 18 months ago.
We have gleaned some ideas from that article to create a framework around using PreparedStatements as the primary interface to the database. I'd suggest looking at them. They really make your code much more robust.
Charlie
"')..."--
You *will* want to escape the username and password otherwise I'll be able to come along and insert any values I like into your database. I can't believe the JDBC classes don't provide
1. Some way to escape value strings
2. Some form of placeholders to deal with this
Charles H. Woloszynski
ClearMetrix, Inc.
115 Research Drive
Bethlehem, PA 18015
tel: 610-419-2210 x400
fax: 240-371-3256
web: www.clearmetrix.com
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?
http://www.postgresql.org/users-lounge/docs/faq.html
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
--
Charles H. Woloszynski ClearMetrix, Inc. 115 Research Drive Bethlehem, PA 18015 tel: 610-419-2210 x400 fax: 240-371-3256 web: www.clearmetrix.com ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
