Re: [Red5] making a mysql query from red5/server/adapter/ApplicationAdapter.java

Mon, 18 Jun 2007 13:35:29 -0700 

Hello Mauricio, on top of what Alexey wrote you should also consider
some kind of server side
validation of the data you are getting from the client, the way you do
it now is like praying
for sql injection attack.
David


Alexey wrote:
>
> Hello mauricio,
>
>
> Monday, June 18, 2007, 11:19:35 AM, you wrote:
>
>
> >
>
>       
>
> i need to make an insert into a mysql db from my application
>
> i modified the ApplicationAdapter class added this code:
>
> public boolean insert(String a, String b){
>
>               Connection conn1 = null;
>
>                             try{ 
>
>                              String userName ="xxxx";
>
>                              String password = "xxxx";
>
>                              String url =
> "jdbc:mysql://172.22.1.4:3306/xxxx"; 
>
>                              Class.forName
> ("com.mysql.jdbc.Driver").newInstance();
>
>                              conn1 = DriverManager.getConnection (url,
> userName, password);
>
>
>                   //    System.out.println ("Database connection
> established");
>
>                   }
>
>                 catch (Exception e){
>
>                 System.err.println ("Cannot connect to database server");
>
>                                   } 
>
>
>                        finally{
>
>                           try{
>
>                           if (conn1 != null){
>
>                           Statement statement = conn1.createStatement();
>
>                           statement.executeUpdate("INSERT INTO
> user_webcam " + "VALUES (a, b)");
>
>                          //  conn1.close();
>
>                            }
>
>                             }
>
>                          catch (Exception e) { 
>
>                          // ignore close error
>
>
>                                 }
>
>                             }
>
>                   return true;
>
>                                              }
>
> and calling the method from client side with nc.call("insert", nc,
> value a, value b);
>
> the method returns true to the client, but the mysql query does not
> execute. 
>
> a similar mysql insert code running standalone worked ok
>
> thanks a lot
>
> mauricio
>
>
>
>
> First, you obviously swallow the Exception.
>
> Replace your 
>
> // ignore close error
>
> with logging - and you'll probably see a lot of interesting things ;)
>
>
>
>
>
> -- 
>
> Best regards,
>
>  Alexey                            mailto:[EMAIL PROTECTED]
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Red5 mailing list
> [email protected]
> http://osflash.org/mailman/listinfo/red5_osflash.org
>   


-- 

David Engelmaier

Software development consultant

http://www.ixperience.net


_______________________________________________
Red5 mailing list
[email protected]
http://osflash.org/mailman/listinfo/red5_osflash.org

Reply via email to