You are viewing a plain text version of this content. The canonical link for it is here.
Posted to taglibs-user@tomcat.apache.org by Will <sq...@yahoo.com> on 2003/04/07 18:33:49 UTC
weird dbtag dumping sql behavior
has anyone else ever run into this?
if you try 2 statements on one page, and the second one returns no
rows, the sql is inconveniently dumped onto the page.
so the page will show "select * from sometbl where 1=2"
which can get to be a security issue, as well as a cosmetic one.
<sql:statement id="stmt1" conn="conn">
<sql:query>
select * from sometbl where 1=1
</sql:query>
<sql:resultSet id="rset1">
</sql:resultSet>
</sql:statement>
<sql:statement id="stmt2" conn="conn">
<sql:query>
select * from sometbl where 1=2
</sql:query>
<sql:resultSet id="rset2">
</sql:resultSet>
</sql:statement>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-user-help@jakarta.apache.org