| From: | "Rob Hills" <rob(at)netpaver(dot)com(dot)au> |
|---|---|
| To: | pgsql-sql(at)postgresql(dot)org |
| Subject: | Re: How does postgres handle non literal string values |
| Date: | 2002-11-26 17:18:02 |
| Message-ID: | 3DE41D4A.9268.9F992F@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
Hi,
On 25 Nov 2002 at 4:57, javaholic wrote:
Your problem is really a JSP one rather than a postgres problem, and probably doesn't
really belong on this list. That said, I know much more java/jsp than I do postgres, so I'll
try and help.
> I have some jsp code that should insert a user name and password into
> a table called login.
>
> Instead of inserting the values given by the client, it insert the
> literal string 'username' and 'password. The problem is somewhere in
> the INSERT statement.
Yup, your INSERT statement is doing exactly what you've asked it to do, inserting the
literal strings 'username' and 'password' into the table.
> <%
> String insertString =
> "INSERT INTO \"login\" (\'user\', \'password\')
> VALUES ('username', 'password')";
> %>
To do it correctly using JSP, try the following:
<%
String insertString = "INSERT INTO \"login\" (\'user\', \'password\')
VALUES ('" + username + "', '" + password + "')";
%>
However, you would probably be better off using a PreparedStatement object rather
than a Statement for various reasons, but especially to avoid trying to get the single-
and double-quotes right in the above statement.
HTH,
Rob Hills
MBBS, Grad Dip Com Stud, MACS
Senior Consultant
Netpaver Web Solutions
Tel: (0412) 904 357
Fax: (08) 9485 2555
Email: rob(at)netpaver(dot)com(dot)au
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephan Szabo | 2002-11-26 17:22:52 | Re: Are sub-select error suppressed? |
| Previous Message | dev | 2002-11-26 17:04:33 | Re: Are sub-select error suppressed? |