You are viewing a plain text version of this content. The canonical link for it is here.

Posted to taglibs-user@tomcat.apache.org by Will <sq...@yahoo.com> on 2003/04/07 18:33:49 UTC

weird dbtag dumping sql behavior

has anyone else ever run into this?

if you try 2 statements on one page, and the second one returns no
rows, the sql is inconveniently dumped onto the page.

so the page will show "select * from sometbl where 1=2"
which can get to be a security issue, as well as a cosmetic one.

<sql:statement id="stmt1" conn="conn">
  <sql:query>
select * from sometbl where 1=1
  </sql:query>
  <sql:resultSet id="rset1">
  </sql:resultSet>
</sql:statement>


<sql:statement id="stmt2" conn="conn">
  <sql:query>
select * from sometbl where 1=2
  </sql:query>
  <sql:resultSet id="rset2">
  </sql:resultSet>
</sql:statement>

__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com

---------------------------------------------------------------------
To unsubscribe, e-mail: taglibs-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: taglibs-user-help@jakarta.apache.org