You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by olivier demah <od...@messagio.com> on 2004/05/12 16:26:31 UTC
XSP : store the result of the ESQL query
Hi,
i would like to know if i can store the result of an ESQL query in a
variable to be reused in another ESQL query later in the same XSP ?
regards
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: XSP : store the result of the ESQL query
Posted by Olivier Billard <ob...@jouve.fr>.
Of course, it can always be perfected, but you know, I just
copied-pasted the code :)
Joose Vettenranta wrote:
> This is bad query.
>
> better is to use tools we have.. So query should be written like this:
>
> <esql:query>
> SELECT rub_position FROM m_rub_player_ope WHERE player_url_name =
> <esql:parameter
> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>
> ORDER BY rub_position LIMIT 1
> </esql:query>
>
> Now it is escaped and prevents sql-injection what the original query did
> not do.
>
> HTH,
>
> Joose
>
> 18.5.2004 kello 10:49, Olivier Billard kirjoitti:
>
> Hi homonym,
>
>>
>> This solution works "if it works" !
>> But if the first query fails, you'll get an unexpected result for the
>> second query if maxpos is not initialized...
>> Remember that queries can be embedded in each other :
>>
>> sql = "SELECT rub_position FROM m_rub_player_ope WHERE player_url_name
>> = '"+player_url_name+"' ORDER BY rub_position LIMIT 1";
>> <esql:connection>
>> <esql:pool>my_pool</esql:pool>
>> <esql:execute-query>
>> <esql:query><xsp:expr>sql</xsp:expr></esql:query>
>> <esql:results>
>> <esql:row-results>
>> <xsp:logic>
>> maxpos = <esql:get-int column="rub_position"/>;
>> maxpos = maxpos + 10;
>>
>> <esql:execute-query>
>> <esql:query>
>> INSERT INTO m_rub_player_ope
>> (rub_id,player_url_name,ope_url_name,rub_display,rub_position)
>> VALUES (
>> <esql:parameter
>> type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
>> <esql:parameter
>> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
>> <esql:parameter
>> type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
>> <esql:parameter type="string">oui</esql:parameter>,
>> '<xsp:expr>maxpos</xsp:expr>');
>> </esql:query>
>> <esql:error-results><message>Error during
>> Insert</message></esql:error-results>
>> <esql:update-results>
>> <esql:get-update-count/><message continuer="do-list-rub.html">Your
>> record is adding ya can click on </message>
>> </esql:update-results>
>> </esql:execute-query>
>>
>> </xsp:logic>
>> </esql:row-results>
>> </esql:results>
>> </esql:execute-query>
>> <esql:error-results>
>> // deal with errors here
>> </esql:error-results>
>> </esql:connection>
>>
>> HTH,
>> --
>> Olivier Billard
>>
>>
>> olivier demah wrote:
>>
>>> olivier demah a e'crit :
>>>
>>>> Hi,
>>>> i would like to know if i can store the result of an ESQL query in a
>>>> variable to be reused in another ESQL query later in the same XSP ?
>>>>
>>>> regards
>>>
>>> here is the solution :
>>> sql = "SELECT rub_position FROM m_rub_player_ope WHERE
>>> player_url_name = '"+player_url_name+"' ORDER BY rub_position LIMIT 1";
>>> <esql:connection>
>>> <esql:pool>my_pool</esql:pool>
>>> <esql:execute-query>
>>> <esql:query><xsp:expr>sql</xsp:expr></esql:query>
>>> <esql:results>
>>> <esql:row-results>
>>> <xsp:logic>
>>> maxpos = <esql:get-int column="rub_position"/>;
>>> maxpos = maxpos + 10;
>>> </xsp:logic>
>>> </esql:row-results>
>>> </esql:results>
>>> </esql:execute-query>
>>> <esql:execute-query>
>>> <esql:query>
>>> INSERT INTO m_rub_player_ope
>>> (rub_id,player_url_name,ope_url_name,rub_display,rub_position)
>>> VALUES (
>>> <esql:parameter
>>> type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
>>> <esql:parameter
>>> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
>>> <esql:parameter
>>> type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
>>> <esql:parameter type="string">oui</esql:parameter>,
>>> '<xsp:expr>maxpos</xsp:expr>');
>>> </esql:query>
>>> <esql:error-results><message>Error during
>>> Insert</message></esql:error-results>
>>> <esql:update-results>
>>> <esql:get-update-count/><message continuer="do-list-rub.html">Your
>>> record is adding ya can click on </message>
>>> </esql:update-results>
>>> </esql:execute-query>
>>> </esql:connection>
>>> thanks to steve_k on #cocoon@freenode.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
>> For additional commands, e-mail: users-help@cocoon.apache.org
>>
>>
> --
> "Always remember that you are unique, just like everyone else!"
> * http://iki.fi/joose/ * joose@iki.fi * +358 44 561 0270 *
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: XSP : store the result of the ESQL query
Posted by Joose Vettenranta <jo...@iki.fi>.
This is bad query.
better is to use tools we have.. So query should be written like this:
<esql:query>
SELECT rub_position FROM m_rub_player_ope WHERE player_url_name =
<esql:parameter
type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>
ORDER BY rub_position LIMIT 1
</esql:query>
Now it is escaped and prevents sql-injection what the original query
did not do.
HTH,
Joose
18.5.2004 kello 10:49, Olivier Billard kirjoitti:
Hi homonym,
>
> This solution works "if it works" !
> But if the first query fails, you'll get an unexpected result for the
> second query if maxpos is not initialized...
> Remember that queries can be embedded in each other :
>
> sql = "SELECT rub_position FROM m_rub_player_ope WHERE player_url_name
> = '"+player_url_name+"' ORDER BY rub_position LIMIT 1";
> <esql:connection>
> <esql:pool>my_pool</esql:pool>
> <esql:execute-query>
> <esql:query><xsp:expr>sql</xsp:expr></esql:query>
> <esql:results>
> <esql:row-results>
> <xsp:logic>
> maxpos = <esql:get-int column="rub_position"/>;
> maxpos = maxpos + 10;
>
> <esql:execute-query>
> <esql:query>
> INSERT INTO m_rub_player_ope
> (rub_id,player_url_name,ope_url_name,rub_display,rub_position)
> VALUES (
> <esql:parameter
> type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
> <esql:parameter
> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
> <esql:parameter
> type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
> <esql:parameter type="string">oui</esql:parameter>,
> '<xsp:expr>maxpos</xsp:expr>');
> </esql:query>
> <esql:error-results><message>Error during
> Insert</message></esql:error-results>
> <esql:update-results>
> <esql:get-update-count/><message continuer="do-list-rub.html">Your
> record is adding ya can click on </message>
> </esql:update-results>
> </esql:execute-query>
>
> </xsp:logic>
> </esql:row-results>
> </esql:results>
> </esql:execute-query>
> <esql:error-results>
> // deal with errors here
> </esql:error-results>
> </esql:connection>
>
> HTH,
> --
> Olivier Billard
>
>
> olivier demah wrote:
>> olivier demah a e'crit :
>>> Hi,
>>> i would like to know if i can store the result of an ESQL query in a
>>> variable to be reused in another ESQL query later in the same XSP ?
>>>
>>> regards
>> here is the solution :
>> sql = "SELECT rub_position FROM m_rub_player_ope WHERE
>> player_url_name = '"+player_url_name+"' ORDER BY rub_position LIMIT
>> 1";
>> <esql:connection>
>> <esql:pool>my_pool</esql:pool>
>> <esql:execute-query>
>> <esql:query><xsp:expr>sql</xsp:expr></esql:query>
>> <esql:results>
>> <esql:row-results>
>> <xsp:logic>
>> maxpos = <esql:get-int column="rub_position"/>;
>> maxpos = maxpos + 10;
>> </xsp:logic>
>> </esql:row-results>
>> </esql:results>
>> </esql:execute-query>
>> <esql:execute-query>
>> <esql:query>
>> INSERT INTO m_rub_player_ope
>> (rub_id,player_url_name,ope_url_name,rub_display,rub_position)
>> VALUES (
>> <esql:parameter
>> type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
>> <esql:parameter
>> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
>> <esql:parameter
>> type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
>> <esql:parameter type="string">oui</esql:parameter>,
>> '<xsp:expr>maxpos</xsp:expr>');
>> </esql:query>
>> <esql:error-results><message>Error during
>> Insert</message></esql:error-results>
>> <esql:update-results>
>> <esql:get-update-count/><message continuer="do-list-rub.html">Your
>> record is adding ya can click on </message>
>> </esql:update-results>
>> </esql:execute-query>
>> </esql:connection>
>> thanks to steve_k on #cocoon@freenode.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
> For additional commands, e-mail: users-help@cocoon.apache.org
>
>
--
"Always remember that you are unique, just like everyone else!"
* http://iki.fi/joose/ * joose@iki.fi * +358 44 561 0270 *
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: XSP : store the result of the ESQL query
Posted by Olivier Billard <ob...@jouve.fr>.
Hi homonym,
This solution works "if it works" !
But if the first query fails, you'll get an unexpected result for the
second query if maxpos is not initialized...
Remember that queries can be embedded in each other :
sql = "SELECT rub_position FROM m_rub_player_ope WHERE player_url_name =
'"+player_url_name+"' ORDER BY rub_position LIMIT 1";
<esql:connection>
<esql:pool>my_pool</esql:pool>
<esql:execute-query>
<esql:query><xsp:expr>sql</xsp:expr></esql:query>
<esql:results>
<esql:row-results>
<xsp:logic>
maxpos = <esql:get-int column="rub_position"/>;
maxpos = maxpos + 10;
<esql:execute-query>
<esql:query>
INSERT INTO m_rub_player_ope
(rub_id,player_url_name,ope_url_name,rub_display,rub_position)
VALUES (
<esql:parameter type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
<esql:parameter
type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
<esql:parameter
type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
<esql:parameter type="string">oui</esql:parameter>,
'<xsp:expr>maxpos</xsp:expr>');
</esql:query>
<esql:error-results><message>Error during
Insert</message></esql:error-results>
<esql:update-results>
<esql:get-update-count/><message continuer="do-list-rub.html">Your
record is adding ya can click on </message>
</esql:update-results>
</esql:execute-query>
</xsp:logic>
</esql:row-results>
</esql:results>
</esql:execute-query>
<esql:error-results>
// deal with errors here
</esql:error-results>
</esql:connection>
HTH,
--
Olivier Billard
olivier demah wrote:
> olivier demah a e'crit :
>
>> Hi,
>> i would like to know if i can store the result of an ESQL query in a
>> variable to be reused in another ESQL query later in the same XSP ?
>>
>> regards
>
>
>
> here is the solution :
>
> sql = "SELECT rub_position FROM m_rub_player_ope WHERE player_url_name =
> '"+player_url_name+"' ORDER BY rub_position LIMIT 1";
> <esql:connection>
> <esql:pool>my_pool</esql:pool>
> <esql:execute-query>
> <esql:query><xsp:expr>sql</xsp:expr></esql:query>
> <esql:results>
> <esql:row-results>
> <xsp:logic>
> maxpos = <esql:get-int column="rub_position"/>;
> maxpos = maxpos + 10;
> </xsp:logic>
> </esql:row-results>
> </esql:results>
> </esql:execute-query>
> <esql:execute-query>
> <esql:query>
> INSERT INTO m_rub_player_ope
> (rub_id,player_url_name,ope_url_name,rub_display,rub_position)
> VALUES (
> <esql:parameter type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
> <esql:parameter
> type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
> <esql:parameter
> type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
> <esql:parameter type="string">oui</esql:parameter>,
> '<xsp:expr>maxpos</xsp:expr>');
> </esql:query>
> <esql:error-results><message>Error during
> Insert</message></esql:error-results>
> <esql:update-results>
> <esql:get-update-count/><message continuer="do-list-rub.html">Your
> record is adding ya can click on </message>
> </esql:update-results>
> </esql:execute-query>
> </esql:connection>
>
> thanks to steve_k on #cocoon@freenode.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: XSP : store the result of the ESQL query
Posted by olivier demah <od...@messagio.com>.
olivier demah a e'crit :
> Hi,
> i would like to know if i can store the result of an ESQL query in a
> variable to be reused in another ESQL query later in the same XSP ?
>
> regards
here is the solution :
sql = "SELECT rub_position FROM m_rub_player_ope WHERE player_url_name =
'"+player_url_name+"' ORDER BY rub_position LIMIT 1";
<esql:connection>
<esql:pool>my_pool</esql:pool>
<esql:execute-query>
<esql:query><xsp:expr>sql</xsp:expr></esql:query>
<esql:results>
<esql:row-results>
<xsp:logic>
maxpos = <esql:get-int column="rub_position"/>;
maxpos = maxpos + 10;
</xsp:logic>
</esql:row-results>
</esql:results>
</esql:execute-query>
<esql:execute-query>
<esql:query>
INSERT INTO m_rub_player_ope
(rub_id,player_url_name,ope_url_name,rub_display,rub_position)
VALUES (
<esql:parameter type="string"><xsp:expr>rub_id</xsp:expr></esql:parameter>,
<esql:parameter
type="string"><xsp:expr>player_url_name</xsp:expr></esql:parameter>,
<esql:parameter
type="string"><xsp:expr>ope_url_name</xsp:expr></esql:parameter>,
<esql:parameter type="string">oui</esql:parameter>,
'<xsp:expr>maxpos</xsp:expr>');
</esql:query>
<esql:error-results><message>Error during
Insert</message></esql:error-results>
<esql:update-results>
<esql:get-update-count/><message continuer="do-list-rub.html">Your
record is adding ya can click on </message>
</esql:update-results>
</esql:execute-query>
</esql:connection>
thanks to steve_k on #cocoon@freenode.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org