hi,
we solved the problem by using the following:
public class RequestParameterSQLTransformer extends SQLTransformer {
public void setup(SourceResolver resolver, Map objectModel, String source,
Parameters parameters) throws ProcessingException, SAXException,
IOException {
super.setup(resolver, objectModel, source, parameters);
boolean useParameters = parameters.getParameterAsBoolean("use-request-parameters", false);
if (useParameters) {
Request req = ObjectModelHelper.getRequest(objectModel);
Enumeration paramNames = req.getParameterNames();
if ( parameters != null ) {
while (paramNames.hasMoreElements()) {
String name = (String) paramNames.nextElement();
String value = req.getParameter(name);
parameters.setParameter(name, value);
}
}
}
}
}in the pipeline do this:
<map:transformers default="xslt">
<map:transformer logger="sitemap.transformer.sql" name="sql" src="de.imatics.jbpm.cocoon.source.RequestParameterSQLTransformer"/>
</map:transformers>
and to use all request param as always:
<map:parameter name="use-request-parameters" value="true" />
greets, volker
Am 21.04.2005 um 17:32 schrieb Antonio Fiol Bonn�n:
A related concern is: Is some kind of SQL injection possible using these parameters?
I would also be interested in the "use-request-parameters" feature for the SQLTransformer.
2005/4/21, Volker Bublitz <[EMAIL PROTECTED]>:is there a way to use something like <map:parameter name="use-request-parameters" value="true" /> with the sql transformer for substitution?
-- Antonio
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
