You are viewing a plain text version of this content. The canonical link for it is here.
Posted to taglibs-user@tomcat.apache.org by Lorenzo Sicilia <ar...@kemen.it> on 2002/10/30 09:34:42 UTC
jrun & jstl
Hi to the list
Fist sorry for my english I am italian :o)
I use JSTL with JRUN4
some question about JSTL.
1-
The Sql tag is very usefull but I read in "JSTL in ACTION" that it don't
support pooling connection. Is true?
with this tag:
<!--This script work but the pooling connection? -->
<sql:setDataSource
driver="com.mysql.jdbc.Driver"
dataSource="jdbc:mysql://127.0.0.1:3306/aostacompany?user=xxx&password=xxx"
/>
<!--
This script don't work. The error is:"No suitable driver"
In Jrun admin console the JNDI is "aosta_db" and jrun send this message:
"Connected to aosta_db successfully".
-->
<sql:setDataSource
driver="com.mysql.jdbc.Driver" dataSource="aosta_db"
/>
The book suggest to use the JNDI to bind a database with the
poolconnection.Idea?
2-
I need read a recorset JSTL with JSP script because the JSTL tag put
"\n" each time I close a tag. I need an output without "\n" but I like
JSTL recorset.
<c:set var="language_set" value="it" />2
<sql:query var="elenco" >
SELECT ID_news,data,
titolo_<c:out value="${language_set}" /> as titolo,
abstract_<c:out value="${language_set}" /> as abstract,
testo_<c:out value="${language_set}" /> as testo,
data
FROM tb_news
</sql:query>
<!--
The follow script don't work. Do you now where path recorset variables are?
-->
<%
out.print(elenco);
%>
Any Help very Usefull
Thanks Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Shawn Bayern <ba...@essentially.net>.
On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> I use JRUN4 and Mysql.
> I have com.mysql.jdbc.Driver OpenSource and org.gjt.mm.mysql.Driver by
> Macromedia.
> Are there Class database vendor provides?
Yes, both of those classes are implementations of the JDBC "Driver"
interface that come ultimately from the database vendor. I don't use
MySQL, so I don't know offhand if they produce their own pooling
DataSource. You can, however, use Jakarta Commons's DBCP.
> > Security. Using '?' and <c:param> ensures that any dangerous characters
> > will be escaped. By "dangerous," I mean characters like a single quote
> > (') that could alter the sense of your SQL statement and end up hijacking
> > it to produce unintended results.
>
> Ok, but I think the true problem is about INSERT or DELETE. Select is
> not very dangerous. or no?
Hijacked SELECT statements can be dangerous if you're concerned about who
gains read-only access to your data.
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Lorenzo Sicilia <ar...@kemen.it>.
Shawn Bayern wrote:
> It's a fairly general topic. Typically, to instantiate a DataSource, you
> just use a class that a database vendor provides -- or alternatively a
> pooling DataSource that can be layered on top of any driver, as in the
> DBCP package from Jakarta Commons at
>
> http://jakarta.apache.org/commons/dbcp.html
>
I use JRUN4 and Mysql.
I have com.mysql.jdbc.Driver OpenSource and org.gjt.mm.mysql.Driver by
Macromedia.
Are there Class database vendor provides?
with this tag:
<sql:setDataSource url="jdbc:mysql://localhost:3306/aostacompany"
driver="org.gjt.mm.mysql.Driver" />
It work fine but I think there is not pooling
with this tag:
<sql:setDataSource driver="com.mysql.jdbc.Driver" dataSource="aosta_db"/>
It don't work
I receive this error:
javax.servlet.jsp.JspException: Unable to get connection, DataSource
invalid: "No suitable driver"
> Security. Using '?' and <c:param> ensures that any dangerous characters
> will be escaped. By "dangerous," I mean characters like a single quote
> (') that could alter the sense of your SQL statement and end up hijacking
> it to produce unintended results.
Ok, but I think the true problem is about INSERT or DELETE. Select is
not very dangerous. or no?
Thanks very much.
Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Shawn Bayern <ba...@essentially.net>.
On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> I am a newbie you have some link that explain how to create a
> Datasource with pooling? with JSP is possible or I must use Servlet?
It's a fairly general topic. Typically, to instantiate a DataSource, you
just use a class that a database vendor provides -- or alternatively a
pooling DataSource that can be layered on top of any driver, as in the
DBCP package from Jakarta Commons at
http://jakarta.apache.org/commons/dbcp.html
> > Note first that it's better to be using <sql:param> and the '?'
> > placeholder syntax for SQL, rather than using <c:out> inside
> > <sql:query>. But that doesn't address your problem.
>
> I now but why is better your solution? Memory usage?
Security. Using '?' and <c:param> ensures that any dangerous characters
will be escaped. By "dangerous," I mean characters like a single quote
(') that could alter the sense of your SQL statement and end up hijacking
it to produce unintended results.
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Lorenzo Sicilia <ar...@kemen.it>.
Shawn Bayern wrote:
> The <sql:setDataSource> tag, when used to create a DataSource, doesn't
> support pooling (unless you somehow have a pooling JDBC driver, which
> isn't the way things are supposed to work). However, the SQL tags can
> support pooling by using, rather than creating, a DataSource.
I am a newbie you have some link that explain how to create a Datasource
with pooling?
with JSP is possible or I must use Servlet?
> Note first that it's better to be using <sql:param> and the '?'
> placeholder syntax for SQL, rather than using <c:out> inside
> <sql:query>. But that doesn't address your problem.
I now but why is better your solution? Memory usage?
> I'm actually not sure what problem you *are* having: <c:out> shouldn't
> print newlines at the end of its output. However, when you follow <c:out>
> with a newline (outside the tag), then *that* newline is printed. But
> you'd have the same problem with scriptlets.
The problem is after close tag. Now I goot it.
> Anyway, to answer your specific question, you'd write
>
> <%= pageContext.findAttribute("elenco") %>
>
Thanks very much
Best Regards
Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Lorenzo Sicilia <ar...@kemen.it>.
Lorenzo Sicilia wrote:
> it don't work. The problem is the cast. the error is:
>
>
> 411. ResultSet pippo = (ResultSet) pageContext.findAttribute("elenco");
> ^-------^
> *** Error: Type ResultSet was not found.
>
I understand:
<%=((javax.servlet.jsp.jstl.sql.Result)pageContext.findAttribute("rs")).getRowsByIndex()[0][2])%>
bye
Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Shawn Bayern <ba...@essentially.net>.
On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> sorry but I am very newbie :o)
>
> my script:
>
> <%
> ResultSet pippo = (ResultSet) pageContext.findAttribute("elenco");
> out.print(pippo.getRows());
> %>
>
> it don't work. The problem is the cast. the error is:
>
>
> 411. ResultSet pippo = (ResultSet) pageContext.findAttribute("elenco");
> ^-------^
> *** Error: Type ResultSet was not found.
First, you either need to qualify the class's name with a package or <%@
page import="..." %> the right package. Second, you don't really mean
ResultSet in this case; you're referring to a JSTL Result. Thus, if you
*must* use a scriptlet -- and I still fail to see what it's doing for you
that the JSTL tags aren't -- then you can write
<% page import="javax.servlet.jsp.jstl.sql.Result" %>
...
<%
Result pippo = (Result) ...;
...
%>
I strongly recommend not doing this, though, and using the JSTL tags
instead. The issue you noted with line breaks will affect you with
scriptlets as much as it will with JSTL tags.
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Lorenzo Sicilia <ar...@kemen.it>.
Shawn Bayern wrote:
> On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
>
>
>>I have tried this:
>>pageContext.findAttribute("elenco").getRowsByIndex()
>>the error is:
>>
>>*** Error: No method named "getRows" was found in type "java/lang/Object".
>>
>>I need read the fields and colums with a for.
>
>
> This is one of the advantages of JSTL. When you use scriptlets, you have
> to cast the result of pageContext.findAttribute() to the right type.
sorry but I am very newbie :o)
my script:
<%
ResultSet pippo = (ResultSet) pageContext.findAttribute("elenco");
out.print(pippo.getRows());
%>
it don't work. The problem is the cast. the error is:
411. ResultSet pippo = (ResultSet) pageContext.findAttribute("elenco");
^-------^
*** Error: Type ResultSet was not found.
Thanks very much
Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Shawn Bayern <ba...@essentially.net>.
On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> I have tried this:
> pageContext.findAttribute("elenco").getRowsByIndex()
> the error is:
>
> *** Error: No method named "getRows" was found in type "java/lang/Object".
>
> I need read the fields and colums with a for.
This is one of the advantages of JSTL. When you use scriptlets, you have
to cast the result of pageContext.findAttribute() to the right type.
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Lorenzo Sicilia <ar...@kemen.it>.
Shawn Bayern wrote:
> Anyway, to answer your specific question, you'd write
>
> <%= pageContext.findAttribute("elenco") %>
>
It work fine!
I have tried this:
pageContext.findAttribute("elenco").getRowsByIndex()
the error is:
*** Error: No method named "getRows" was found in type "java/lang/Object".
I need read the fields and colums with a for.
some idea?
tks Lorenzo Sicilia
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: jrun & jstl
Posted by Shawn Bayern <ba...@essentially.net>.
On Wed, 30 Oct 2002, Lorenzo Sicilia wrote:
> The Sql tag is very usefull but I read in "JSTL in ACTION" that it don't
> support pooling connection. Is true?
The <sql:setDataSource> tag, when used to create a DataSource, doesn't
support pooling (unless you somehow have a pooling JDBC driver, which
isn't the way things are supposed to work). However, the SQL tags can
support pooling by using, rather than creating, a DataSource.
> 2-
> I need read a recorset JSTL with JSP script because the JSTL tag put
> "\n" each time I close a tag. I need an output without "\n" but I like
> JSTL recorset.
>
> <c:set var="language_set" value="it" />2
> <sql:query var="elenco" >
> SELECT ID_news,data,
> titolo_<c:out value="${language_set}" /> as titolo,
> abstract_<c:out value="${language_set}" /> as abstract,
> testo_<c:out value="${language_set}" /> as testo,
> data
> FROM tb_news
> </sql:query>
> <!--
> The follow script don't work. Do you now where path recorset variables are?
> -->
> <%
> out.print(elenco);
> %>
Note first that it's better to be using <sql:param> and the '?'
placeholder syntax for SQL, rather than using <c:out> inside
<sql:query>. But that doesn't address your problem.
I'm actually not sure what problem you *are* having: <c:out> shouldn't
print newlines at the end of its output. However, when you follow <c:out>
with a newline (outside the tag), then *that* newline is printed. But
you'd have the same problem with scriptlets.
Anyway, to answer your specific question, you'd write
<%= pageContext.findAttribute("elenco") %>
This is better than out.print(), and it retrieves the scoped attribute via
the PageContext object, which is necessary, for it's not a scripting
variable (just a scoped attribute).
--
Shawn Bayern
"JSTL in Action" http://www.jstlbook.com
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>