Thread: postgresql.stat.result

postgresql.stat.result

From
Minal
Date:
hi....
I am calling a function using the following JSP code...my function name
is "sp_login". As every function is supposed to return something...my
function returns 1, on completion of the task....I am getting the
following error..
 org.apache.jasper.JasperException: postgresql.stat.result

The jsp code is as follows:
Can someone help me????
sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
//sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
('admin','"+username+"','"+password+"')";
    pStat=conn.prepareStatement(sql);
    msg=pStat.executeUpdate();
    out.println(msg);
    if(msg==1)
        {%>
        <jsp:forward page="message_user.jsp?done=yes&action=add"/>
        <%}
    else
        {%>
        <jsp:forward page="message_user.jsp?done=no&action=add"/>
        <%}
}%>

Re: postgresql.stat.result

From
Oliver Jowett
Date:
Minal wrote:

> org.apache.jasper.JasperException: postgresql.stat.result

(this must be a fairly old driver, but..)

> sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
> //sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
> ('admin','"+username+"','"+password+"')";
>    pStat=conn.prepareStatement(sql);
>    msg=pStat.executeUpdate();

You must use executeQuery() to execute SQL that returns a result. Per
the JDBC javadoc, if you use executeUpdate() to run a query that returns
a ResultSet, the driver should throw a SQLException.

-O

Re: postgresql.stat.result

From
Oliver Jowett
Date:
Minal wrote:

> sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
> //sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
> ('admin','"+username+"','"+password+"')";
>    pStat=conn.prepareStatement(sql);

On another topic, either you need to ensure that username/password are
correctly escaped, or you should use '?' placeholders and use
setString() to set them. Otherwise you have a SQL injection hole there.

-O

Re: postgresql.stat.result

From
Minal
Date:
Thanks are you aqare of any books on JSP-POSTGRES

Oliver Jowett wrote:

>Minal wrote:
>
>
>
>>sql="SELECT sp_login ('INSERT','admin','"+username+"','"+password+"')";
>>//sql="INSERT INTO USERS (USERTYPE,USERNAME,PASSWORD) VALUES
>>('admin','"+username+"','"+password+"')";
>>   pStat=conn.prepareStatement(sql);
>>
>>
>
>On another topic, either you need to ensure that username/password are
>correctly escaped, or you should use '?' placeholders and use
>setString() to set them. Otherwise you have a SQL injection hole there.
>
>-O
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: if posting/reading through Usenet, please send an appropriate
>       subscribe-nomail command to majordomo@postgresql.org so that your
>       message can get through to the mailing list cleanly
>
>
>