Translate attempt

Discussion in 'Java' started by francan00@yahoo.com, Jun 29, 2008.

  1. Guest

    I am trying to translate the PHP script into Java.

    PHP:

    if(isset($_GET['getClientId'])){
    $res = mysql_query("select * from tableOne where clientID='".
    $_GET['getClientId']."'") or die(mysql_error());
    if($inf = mysql_fetch_array($res)

    ....


    My attempt in Java and it is giving me errors with getClientId part
    and lost in fetching array part. Please advise any corrections I
    need?
    Java:
    //db connection part here...

    try {
    String res = "";
    if(getParameter("getClientId")) {
    res = stmt.executeQuery("select * from tableOne where clientID='" +
    getParameter("getClientId") + "');

    String $inf [];
    if($inf.equals(getParameterValues($res)) {

    .....
    , Jun 29, 2008
    #1
    1. Advertising

  2. wrote:
    > I am trying to translate the PHP script into Java.
    >
    > [snip]
    >
    > My attempt in Java and it is giving me errors with getClientId part


    I always cut and paste exact error messages into newsgroup postings -
    otherwise you are hiding information vital to solving your problem. Why
    make people guess what the error message might be?

    > and lost in fetching array part. Please advise any corrections I
    > need?
    > Java:
    > //db connection part here...
    >
    > try {
    > String res = "";
    > if(getParameter("getClientId")) {


    Presumably this is within
    public class SomeServlet extends HttpServlet {


    > res = stmt.executeQuery("select * from tableOne where clientID='" +
    > getParameter("getClientId") + "');
    >
    > String $inf [];


    Unless this is some variant of Java I am unfamiliar with, variable names
    should not be prefixed with a dollar sign.

    > if($inf.equals(getParameterValues($res)) {


    and array elements should be indexed - e.g. if (inf[0].equals(...)) {


    --
    RGB
    RedGrittyBrick, Jun 30, 2008
    #2
    1. Advertising

  3. <> wrote:
    > PHP:
    > if(isset($_GET['getClientId'])){
    > $res = mysql_query("select * from tableOne where clientID='".
    > $_GET['getClientId']."'") or die(mysql_error());
    > if($inf = mysql_fetch_array($res)


    I wonder, where the value for 'getClientId' comes from.
    If it is part of the browser request, then this is highly
    susceptible to SQL-injection, and about equivalent to
    posting your web-server's administrator password here.

    If the value for 'getClientId' is a guaranteed integer,
    and stays on the server (i.e. doesn't do a ping-pong
    to the client), and only then, it is ok, and my warning
    moot.
    Andreas Leitgeb, Jun 30, 2008
    #3
  4. Roedy Green Guest

    Roedy Green, Jun 30, 2008
    #4
  5. Roedy Green Guest

    On Sun, 29 Jun 2008 12:52:09 -0700 (PDT), wrote,
    quoted or indirectly quoted someone who said :

    >String $inf [];
    >if($inf.equals(getParameterValues($res)) {


    You almost never compare two arrays. It does not compare elementwise.

    It just tells you if both point to the same array object, which is
    usually not very useful.

    Also, don't use the obsolete C mixed prefix-postfix syntax. You
    would write that in a modern idiom as:

    String[] inf;

    Your code could not possibly work since you did not assign anything to
    inf before your compare, not even null. That should not even compile.


    --

    Roedy Green Canadian Mind Products
    The Java Glossary
    http://mindprod.com
    Roedy Green, Jun 30, 2008
    #5
  6. Arne Vajhøj Guest

    Andreas Leitgeb wrote:
    > <> wrote:
    >> PHP:
    >> if(isset($_GET['getClientId'])){
    >> $res = mysql_query("select * from tableOne where clientID='".
    >> $_GET['getClientId']."'") or die(mysql_error());
    >> if($inf = mysql_fetch_array($res)

    >
    > I wonder, where the value for 'getClientId' comes from.
    > If it is part of the browser request, then this is highly
    > susceptible to SQL-injection, and about equivalent to
    > posting your web-server's administrator password here.


    $_GET['getClientId'] is request.getParameter("getClientId"), so
    it is a problem.

    Arne
    Arne Vajhøj, Jul 1, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bryan Martin

    3rd attempt: UDP Socket Bug

    Bryan Martin, Jan 7, 2004, in forum: ASP .Net
    Replies:
    1
    Views:
    1,954
    Feroze [MSFT]
    Jan 7, 2004
  2. Chris Botha

    Re: 4th attempt: UDP Socket Bug

    Chris Botha, Jan 8, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    547
    Bryan Martin
    Jan 9, 2004
  3. Tiraman
    Replies:
    0
    Views:
    803
    Tiraman
    May 10, 2004
  4. Helixpoint
    Replies:
    8
    Views:
    533
    Marina
    Jun 26, 2003
  5. GMI
    Replies:
    3
    Views:
    468
    Tad McClellan
    Jun 19, 2005
Loading...

Share This Page