Translate attempt

[francan00]

I am trying to translate the PHP script into Java.

PHP:

if(isset($_GET['getClientId'])){
$res = mysql_query("select * from tableOne where clientID='".
$_GET['getClientId']."'") or die(mysql_error());
if($inf = mysql_fetch_array($res)

....


My attempt in Java and it is giving me errors with getClientId part
and lost in fetching array part. Please advise any corrections I
need?
Java:
//db connection part here...

try {
String res = "";
if(getParameter("getClientId")) {
res = stmt.executeQuery("select * from tableOne where clientID='" +
getParameter("getClientId") + "');

String $inf [];
if($inf.equals(getParameterValues($res)) {

.....

 

[RedGrittyBrick]

I am trying to translate the PHP script into Java.

[snip]

My attempt in Java and it is giving me errors with getClientId part

I always cut and paste exact error messages into newsgroup postings -
otherwise you are hiding information vital to solving your problem. Why
make people guess what the error message might be?

and lost in fetching array part. Please advise any corrections I
need?
Java:
//db connection part here...

try {
String res = "";
if(getParameter("getClientId")) {

Presumably this is within
public class SomeServlet extends HttpServlet {

res = stmt.executeQuery("select * from tableOne where clientID='" +
getParameter("getClientId") + "');

String $inf [];

Unless this is some variant of Java I am unfamiliar with, variable names
should not be prefixed with a dollar sign.

if($inf.equals(getParameterValues($res)) {

and array elements should be indexed - e.g. if (inf[0].equals(...)) {

 

[Andreas Leitgeb]

PHP:
if(isset($_GET['getClientId'])){
$res = mysql_query("select * from tableOne where clientID='".
$_GET['getClientId']."'") or die(mysql_error());
if($inf = mysql_fetch_array($res)

I wonder, where the value for 'getClientId' comes from.
If it is part of the browser request, then this is highly
susceptible to SQL-injection, and about equivalent to
posting your web-server's administrator password here.

If the value for 'getClientId' is a guaranteed integer,
and stays on the server (i.e. doesn't do a ping-pong
to the client), and only then, it is ok, and my warning
moot.

 

[Roedy Green]

$inf

See http://mindprod.com/jgloss/codingconventions.html


Don't use $ in Java variable names.

 

[Roedy Green]

String $inf [];
if($inf.equals(getParameterValues($res)) {

You almost never compare two arrays. It does not compare elementwise.

It just tells you if both point to the same array object, which is
usually not very useful.

Also, don't use the obsolete C mixed prefix-postfix syntax. You
would write that in a modern idiom as:

String[] inf;

Your code could not possibly work since you did not assign anything to
inf before your compare, not even null. That should not even compile.

 

[Arne Vajhøj]

PHP:
if(isset($_GET['getClientId'])){
$res = mysql_query("select * from tableOne where clientID='".
$_GET['getClientId']."'") or die(mysql_error());
if($inf = mysql_fetch_array($res)

I wonder, where the value for 'getClientId' comes from.
If it is part of the browser request, then this is highly
susceptible to SQL-injection, and about equivalent to
posting your web-server's administrator password here.

$_GET['getClientId'] is request.getParameter("getClientId"), so
it is a problem.

Arne