RE: SQL Injection

2010-03-18 Thread adam pinder
: user@struts.apache.org > Subject: RE: SQL Injection > Date: Thu, 18 Mar 2010 12:34:57 + > > Hello, > As far as I know there is nothing in struts to prevent SQL injection. And > that should be done at the database level, so it is not related to Struts. > > Also there is no s

RE: SQL Injection

2010-03-18 Thread Gustavo Felisberto
Hello, As far as I know there is nothing in struts to prevent SQL injection. And that should be done at the database level, so it is not related to Struts. Also there is no simple way of making parameters "sql injection safe". You can take a look at http://www.owasp.org/index.php/SQL_Injection_Pre

Re: SQL ExcuteQuery

2009-12-08 Thread musomesa
Your trouble is here: pstmtname = conn.prepareStatement(sql); sql = "UPDATE tbl_content_admin_accounts SET CA_PASSWORD = ? WHERE ROW_ID = " + UserID; When you call prepareStatement(sql) the sql string is sent to the database which "prepares" it (essentially does all the steps neccessary b

Re: SQL ExcuteQuery

2009-12-07 Thread Saeed Iqbal
I dont see you make database connection like this for example. conn = DriverManager.getConnection ("jdbc:mysql://your_host:3306/dbName","dbUser","dbPass"); On Tue, Dec 8, 2009 at 10:59 AM, Nguyen Xuan Son wrote: > dear all > I've written > Connection conn = null; > PreparedStatement pstmtnam

RE: SQL ExcuteQuery

2009-12-07 Thread Vishnu Vyasan Nelliparmbil
will work for sure... BTB Remember this is strictly a struts mailing list. Best Regards Vishnu NV -Original Message- From: Avlesh Singh [mailto:avl...@gmail.com] Sent: Tuesday, December 08, 2009 9:10 AM To: Struts Users Mailing List Subject: Re: SQL ExcuteQuery Use #executeUpdate instea

Re: SQL ExcuteQuery

2009-12-07 Thread Sushim Saini
sorry use executeUpdate On Tue, Dec 8, 2009 at 11:53, Nguyen Xuan Son wrote: > dear singgh > I've tried to user the excuteUpdate but the errors appear > detail is > > java.sql.SQLException: Can not issue executeUpdate() for SELECTs >at com.mysql.jdbc.SQLError.createSQLException(SQLError.

Re: SQL ExcuteQuery

2009-12-07 Thread Nguyen Xuan Son
dear singgh I've tried to user the excuteUpdate but the errors appear detail is java.sql.SQLException: Can not issue executeUpdate() for SELECTs at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:1055) at com.mysql.jdbc.SQLError.createSQLException(SQLError.java:956)

Re: SQL ExcuteQuery

2009-12-07 Thread Avlesh Singh
Use #executeUpdate instead. Cheers Avlesh On Tue, Dec 8, 2009 at 11:37 AM, Nguyen Xuan Son wrote: > sorry saini but i dont see any different from your answer > thank you > > 2009/12/8 Sushim Saini > > > hi Nguyen Xuan Son > > use > > pstmtname.executeQuery() instead of pstmtname.executeQuery()

Re: SQL ExcuteQuery

2009-12-07 Thread Nguyen Xuan Son
sorry saini but i dont see any different from your answer thank you 2009/12/8 Sushim Saini > hi Nguyen Xuan Son > use > pstmtname.executeQuery() instead of pstmtname.executeQuery(); > > On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son wrote: > > > dear all > > I've written > > Connection conn = nu

Re: SQL ExcuteQuery

2009-12-07 Thread Sushim Saini
hi Nguyen Xuan Son use pstmtname.executeQuery() instead of pstmtname.executeQuery(); On Tue, Dec 8, 2009 at 11:29, Nguyen Xuan Son wrote: > dear all > I've written > Connection conn = null; > PreparedStatement pstmtname = null; > pstmtname = conn.prepareStatement(sql); > sql = "UPDATE tbl_conte

Re: SQL Optimization Tools and Procedures

2009-06-19 Thread john feng
Judge if the data model designed is optimized the business requirements matter most. First of all, one got to make sure the data model closely represents the business object relationship - functionally properly modeled; then considering the possible production usage situation info gathered before

Re: SQL Optimization Tools and Procedures

2009-06-19 Thread Terry Gardner
If you have the code in a workable configuration, you can test it easily with a SQL query job using SLAMD (http://slamd2.dev.java.net). This generate load that may point to indexing problems and other performance-related problems. On Jun 19, 2009, at 11:16 AM, Edward Song wrote: Here's a

Re: SQL

2005-02-16 Thread DGraham
Depending on WHY you need the string, p6spy might solve your problem: http://www.p6spy.com Dennis "CRANFORD, CHRIS" <[EMAIL PROTECTED]> 02/16/2005 07:47 AM Please respond to "Struts Users Mailing List" To cc Subject SQL This may be slightly off-topic but I'm sure others may have ran

Re: [OT] Re: SQL

2005-02-16 Thread Martin Gainty
AIL PROTECTED]> To: "Struts Users Mailing List" Sent: Wednesday, February 16, 2005 9:12 AM Subject: [OT] Re: SQL I don't know if there is an easier or more driver-independent way, but some JDBC drivers have a debug mode that can be enabled. Sorry, I don't have any spec

[OT] Re: SQL

2005-02-16 Thread Erik Weber
I don't know if there is an easier or more driver-independent way, but some JDBC drivers have a debug mode that can be enabled. Sorry, I don't have any specifics for you. Erik CRANFORD, CHRIS wrote: This may be slightly off-topic but I'm sure others may have ran into this issue. If I have crea

Re: SQL

2005-02-16 Thread Vic
Which DAO are you using? .V CRANFORD, CHRIS wrote: This may be slightly off-topic but I'm sure others may have ran into this issue. If I have created a CallableStatement object using a SQL string, is there anyway to retreive that SQL string from the CallableStatement object ? ___