Re: How does postgres handle non literal string values - Mailing list pgsql-sql
| From | Henshall, Stuart - Design & Print |
|---|---|
| Subject | Re: How does postgres handle non literal string values |
| Date | |
| Msg-id | E382B5D8EDE1D6118DBE0008C759BCD6116AE1@WCPEXCHANGE Whole thread Raw |
| In response to | How does postgres handle non literal string values (monroy@mindspring.com (javaholic)) |
| List | pgsql-sql |
<p><font size="2">I'm guessing it would have to be more like:</font><br /><font size="2"><%</font><br /><font
size="2"> String insertString =</font><br /><font size="2"> "INSERT INTO
\"login\"(\'user\', \'password\')</font><br /><font size="2">VALUES ('"+username+"', '"+password+"')";</font><br
/><fontsize="2">%></font><br /><font size="2">to actually concatonate a string including the username & password
variables,however I've not really used Java much so you might want to ask on the pgsql-jdbc@postgresql.org
list.</font><p><fontsize="2">hth,</font><br /><font size="2">- Stuart</font><p><font size="2">monroy@mindspring.com
wrote:</font><br/><font size="2">> Hi All,</font><br /><font size="2">> </font><br /><font size="2">> I have
somejsp code that should insert a user name and password into</font><br /><font size="2">> a table called login.
</font><br/><font size="2">> </font><br /><font size="2">> Instead of inserting the values given by the client,
itinsert the</font><br /><font size="2">> literal string 'username' and 'password. The problem is somewhere
in</font><br/><font size="2">> the INSERT statement. </font><br /><font size="2">> </font><br /><font
size="2">>Here is the code:</font><br /><font size="2">> </font><br /><font size="2">> <%@page
contentType="text/html"%></font><br/><font size="2">> <%@page import="java.io.*" %></font><br /><font
size="2">><%@page import="java.sql.*" %></font><br /><font size="2">> <%@page import="java.util.*"
%></font><br/><font size="2">> </font><br /><font size="2">> <html></font><br /><font size="2">>
<head><title>JSPlogin</title></head></font><br /><font size="2">> <body></font><br
/><fontsize="2">> </font><br /><font size="2">> <%-- <jsp:useBean id="beanInstanceName"
scope="session"</font><br/><font size="2">> class="package.class" /> --%> <%--
<jsp:getProperty</font><br/><font size="2">> name="beanInstanceName" property="propertyName" /> --%>
</font><br/><font size="2">> </font><br /><font size="2">> <%</font><br /><font size="2">> String username
=request.getParameter("username");</font><br /><font size="2">> String password =
request.getParameter("password");</font><br/><font size="2">> String confirmpw = request.getParameter("password2");
StringdbName =</font><br /><font size="2">> "storedb"; </font><br /><font size="2">> </font><br /><font
size="2">></font><br /><font size="2">> Connection conn = null;</font><br /><font size="2">> Statement stmt =
null;</font><br/><font size="2">> </font><br /><font size="2">> </font><br /><font size="2">> String usr =
"postgres";</font><br/><font size="2">> String passwd = "Wimdk12";</font><br /><font size="2">> </font><br
/><fontsize="2">> if (username != null)</font><br /><font size="2">> username = username.trim();</font><br
/><fontsize="2">> if (password != null)</font><br /><font size="2">> password = password.trim();</font><br
/><fontsize="2">> if(confirmpw != null)</font><br /><font size="2">> confirmpw = confirmpw.trim();</font><br
/><fontsize="2">> if (username != null &&</font><br /><font size="2">> username.length() > 0)
{</font><br/><font size="2">> if (password != null &&</font><br /><font size="2">>
password.length()> 0) {</font><br /><font size="2">> if (confirmpw != null &&</font><br
/><fontsize="2">> confirmpw.length() > 0) {</font><br /><font size="2">> if
(password.equals(confirmpw)){</font><br /><font size="2">> %></font><br /><font
size="2">> <h1> Loading the driver </h1> <%</font><br /><font
size="2">> String url = "jdbc:postgresql:" + dbName;</font><br /><font size="2">>
</font><br/><font size="2">> // Load the driver</font><br /><font
size="2">> Class.forName("org.postgresql.Driver");</font><br /><font
size="2">> // Connect to database</font><br /><font size="2">>
conn= DriverManager.getConnection(url, usr,</font><br /><font size="2">> passwd); stmt =
conn.createStatement();%></font><br /><font size="2">> </font><br /><font size="2">>
<h1>Connecting to the data base </h1> <%</font><br /><font size="2">> String
insertString=</font><br /><font size="2">> "INSERT INTO \"login\" (\'user\',</font><br
/><fontsize="2">> \'password\') VALUES ('username', 'password')";</font><br /><font size="2">> %></font><br
/><fontsize="2">> </font><br /><font size="2">> <h1> Updating table
</h1></font><br/><font size="2">> <%</font><br /><font size="2">>
stmt.executeUpdate(insertString);</font><br/><font size="2">> </font><br /><font size="2">> %></font><br
/><fontsize="2">> <h1> Checking result </h1></font><br /><font size="2">>
<%</font><br/><font size="2">> ResultSet rset = stmt.executeQuery("SELECT *</font><br
/><fontsize="2">> FROM login"); </font><br /><font size="2">> </font><br /><font size="2">> </font><br /><font
size="2">> while (rset.next()) {</font><br /><font size="2">>
System.out.println(</font><br/><font size="2">> rset.getString("user") + ":"
+</font><br/><font size="2">> rset.getString("password")); </font><br
/><fontsize="2">> } %></font><br /><font size="2">> <h1> Closing connection
<h1><%</font><br /><font size="2">> rset.close();</font><br /><font
size="2">> stmt.close();</font><br /><font size="2">>
conn.close();</font><br/><font size="2">> </font><br /><font size="2">> %></font><br /><font size="2">>
<h1>Congratulations<%= username %>! your account has been created</font><br /><font size="2">>
</h1></font><br /><font size="2">> </font><br /><font size="2">> <%</font><br /><font
size="2">> } else { %></font><br /><font size="2">> <h1>Sorry!
Accountnot created. passwords do</font><br /><font size="2">> not match </h1> <%</font><br /><font
size="2">> }</font><br /><font size="2">> } else { %>
<h1>Sorry!Account not</font><br /><font size="2">> created. passwords do not match </h1></font><br
/><fontsize="2">> <%</font><br /><font size="2">> }</font><br /><font
size="2">> } else { %></font><br /><font size="2">> <h1>Sorry!
Accountnot created. Please enter a</font><br /><font size="2">> confirmation password </h1> <%</font><br
/><fontsize="2">> }</font><br /><font size="2">> } else { %></font><br /><font
size="2">> <h1>Sorry! Account not created. Please enter a</font><br /><font size="2">>
password</h1> <%</font><br /><font size="2">> }</font><br /><font
size="2">> } else { %></font><br /><font size="2">> <h1>Sorry! Account
notcreated. Please enter a</font><br /><font size="2">> username </h1> <%</font><br /><font
size="2">> } %></font><br /><font size="2">> </body></font><br /><font size="2">>
</html></font><br/><font size="2">> </font>