|
Arman S. wrote: Agreed - generally speaking. But not quite, for this concrete situation.
If it were so, why wouldn't you go ahead and explain the whole theory behind secure Web development to the OP?
Common sense tells me, that you (and I) didn't do it as:
* We are not sure if it will solve a bit of OP's problem
* We are not sure if OP is even doing e.g. Web
* We are not sure if the proposed solution above (by myself) even targets the right problem (because of poor explanation of the problem)
My belief is that for beginners (assuming OP is) what matters most is the tangible result, something they can see and the feeling that something is working.
Which would matter only if any of that is relevant.
One uses parameters (bind variables) in SQL because it prevents injection attacks AND because it correctly deals with other issues in correctly constructing SQL. And this applies to any programming language that supports such usage.
There are very few cases where one should be using string concatenation without using parameters. Even when concatenation is used in constructing SQL, such as with variable list productions, parameter usage is still better.
So you are presenting a technique that one should almost never use.
Your rationalizations do not change that.
And by the way SQL injection attacks are not something that are only relevant in Web apps.
|
|
|
|
|
Arman S. wrote: My belief is that for beginners (assuming OP is) what matters most is the tangible result, something they can see and the feeling that something is working.
And in your case working wrongly. There are already far too many examples of questions from people who obviously do not understand the dangers inherent in using this sort of construct, and you are just teaching one more programmer to do it the wrong way. You better hope that you do not fall foul of any product developed by this guy.
I must get a clever new signature for 2011.
|
|
|
|
|
i have change my code slightly.
Code as shown below:
String dbURL = "jdbc:derby:....";
String myString = (String) getIncidentidtxt().getValue();
Integer incidentIDName = Integer.parseInt(myString);
String incidentNameName = (String)getIncidentnametxt().getValue();
try{
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection(dbURL);
Statement stmt = con.createStatement();
ResultSet rs = stmt.executeQuery("SELECT INCIDENTID FROM INCIDENTDATA");
ArrayList allResults = new ArrayList();
while (rs.next()) {
int instanceID = rs.getInt("INCIDENTID");
allResults.add(instanceID);
int arrayCount = allResults.size();
label3.setValue(arrayCount);
for(Integer i =0; i<allResults.size(); i++)
{
if(myString.equals(allResults.get(i))){
}
}
}
}
catch (Exception ex) {
log("ErrorDescription", ex);
error(ex.getMessage());
}
But i have no idea if i did this correctly. what shld i do now to proceed on?
the main purpose of this is to compare the values in the textboxes with the database (displayed on a table).
btw i am using betneans..
http://img263.imageshack.us/img263/3673/arraysofvalues.png[^]
the image u see above is the array that i have created to store the incidentID values. how do i bases on this array to validation entry to the database? Like example the database alrdy have the id 3 when user enter 3 into the id textbox, an error message will appears?
modified on Monday, January 10, 2011 3:39 AM
|
|
|
|
|
How efficient would this code be if you have 1,000,000 records? Not very, I suspect. Instead of selecting all records in your database and comparing against the id entered by the user, do it the other way round. Select only the record with the id entered; if it does not exist you will get a failure. You should always try and design your system to take the shortest path to a solution. As I have stated a number of times in this thread, try and spend some time studying database and SQL, it will pay dividends in the long run.
I must get a clever new signature for 2011.
|
|
|
|
|
i very much want to spend time studying after all is for my own good, however i am rushing out this. I have made some changes to the code again as shown:
String incidentString = (String) getIncidentidtxt().getValue();
String incidentNameName = (String)getIncidentenametxt().getValue();
try{
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection(dbURL);
stmt = con.createStatement();
if(incidenteidtxt != null){
rs = stmt.executeQuery("Select INCIDENTID from INCIDENTDATA");
while(rs.next()){
id = rs.getString("INCIDENTID");
String idtxt = id.toString();
if(incidentString != idtxt){
getSessionBean1().updateIncident(incidentString, incidentNameName);
}
else{
incidentidtxt.setRequiredMessage("Id valid, enter new Id.");
}
}
}
}
catch (Exception ex) {
log("ErrorDescription", ex);
error(ex.getMessage());
}
however when i run the program, instead of adding one value when the add button is being clicked, it will add 20 over values. why is this so? hope to hear from you all soon.
|
|
|
|
|
pancakeleh wrote: however i am rushing out this.
That is a sure recipe for disaster.
You have the following statement within your try block, after you have opened your connection to the database.
if(incidenteidtxt != null){
I would assume that if the value is null there is no point in accessing your database, so you should make this test earlier.
Other than that I cannot quite figure out what your code is doing, although it looks like you are reading the database in sequence, and every time you see a record that does not match the incident id, you call your updateIncident method to do something.
I must get a clever new signature for 2011.
|
|
|
|
|
i have further change my code as shown below:
try{
Class.forName("org.apache.derby.jdbc.ClientDriver").newInstance();
Connection con = DriverManager.getConnection(dbURL);
stmt = con.createStatement();
if(incidentidtxt != null){
id = rs.getInt(1);
if( id == 0){
getSessionBean1().updateIncident(incidentId, instanceName);
}
else{
Integer newIncidentID = incidentId + 1;
getSessionBean1().updateIncident(newIncidentID, instanceName);
}
}
}
catch (Exception ex) {
log("ErrorDescription", ex);
error(ex.getMessage());
}
return null;
}
|
|
|
|
|
pancakeleh wrote:
if(incidentidtxt != null){
1. You still have this test within your try catch block, you should be doing it outside as there is no point entering this block of code if incidentidtxt has a null value.
2. your executeQuery command is commented out; is this what you meant to do?
2a. adding database parameters by string concatenation in this way is extremely dangerous, and leaves your application open to SQL Injection problems: Google it and learn how to avoid it.
3. I am no longer certain what you are actually trying to do here or what your problem is.
I must get a clever new signature for 2011.
|
|
|
|
|
Need urgent help in assignment of JAVA, any idea suggestion plz
I need help in my JAVA assignment plz. kindly guide me any technique/idea to do the following. m not at advance level of programming. i already have the initial part of my assignment completed which is to make a simple command line calculator. this is the next part.
The program should take function definitions and those definitions can be used in future expressions
for eg:
def add(x,y)=(x+y)
>>> ok
def inv(x)=1/x
>>> ok
inv(add(2,2))
>>> ans : 0.25
Also four additional commands:
show; to prints all de?nitions on screen
save flename; to save all defnitions in a fle
load flename; to load all definitions from a fle
delete funname; to delete the defnition corresponding to the function named funname
|
|
|
|
|
See here[^] for information on how to write Java programs. Please do not expect other people to write your assignment for you, unless you are prepared to pay royalties from your future earnings.
Just say 'NO' to evaluated arguments for diadic functions! Ash
|
|
|
|
|
I'm a little confused. You say this is a Java assignment, but the example you have posted looks more like Python to me, not Java. Am I missing something?
|
|
|
|
|
no, this is a JAVA assignment.
|
|
|
|
|
So the assignment is to rewrite the Python example in Java, is that right?
|
|
|
|
|
bro, no we dont know any python. but htis is our assignment in java only.
|
|
|
|
|
aesthetic.crazy wrote: I need help in my JAVA assignment plz. kindly guide me any technique/idea to do the following
You need the following parts
1. Something to read the input that the user types.
2. Something to parse each line into a command and OPTIONAL values since some commands do not have values.
3. Something to process EACH command. Write a method for each command.
4. AFTER you have the above parts and you have TESTED them, then you put them together to create the final program.
|
|
|
|
|
what is processing in the third part? i need to know some idea about how to proceed further after parsing.
|
|
|
|
|
Actually I misunderstood part of the assignment.
It is quite a bit more complicated than I thought although what I said applies for the easy part. In terms of that you would create a method called something like Show() which would display the current defs.
The hard part is the def command. You can do that with groovy in java. But it requires that you do java and groovy which is rather significant for a beginning assignment. Even the management of that without the actual call semantics is complicated.
|
|
|
|
|
My doctor has provided me with a LinkedBinaryTree and asked me to implement a BinaryTree using an ArrayList. I managed to do all the methods except for the Iterators: children(Position v), positions() and elements(). I will provide you the implementation of these methods using Lists, can anyone help me on how to implement them using the ArrayList class?
public Iterator children(Position v)
throws InvalidPositionException{
DNodeList L = new DNodeList();
checkPosition(v);
try {
if(hasLeft(v))
L.insertLast(left(v));
if(hasRight(v))
L.insertLast(right(v));
} catch(BoundaryViolationException e) {
System.out.println(e.getMessage());
}
return L.elements();
}
public Iterator positions() {
DNodeList L = new DNodeList();
if(size() != 0) {
try {
inOrderTraverse(root(), L);
} catch(Exception e) {
System.out.println(e.getMessage());
}
}
return L.elements();
}
public Iterator elements() {
Iterator pos = positions();
DNodeList L = new DNodeList();
while(pos.hasNext())
L.insertLast(((Position) pos.next()).element());
return L.elements();
}
private BTNode checkPosition(Position p) throws
InvalidPositionException {
if(p == null)
throw new
InvalidPositionException("null is not a valid position");
try {
BTNode temp = (BTNode) p;
return temp;
} catch(ClassCastException e) {
throw new
InvalidPositionException("position of wrong type");
}
}
private void inOrderTraverse(Position v, List L)
throws InvalidPositionException, BoundaryViolationException{
checkPosition(v);
if(hasLeft(v))
inOrderTraverse(left(v), L);
L.insertLast(v);
if(hasRight(v))
inOrderTraverse(right(v), L);
}
</pre>
|
|
|
|
|
Can you be a bit more specific with your question: what are you having trouble with? What help are you looking for? People here on this forum will gladly answer any specific questions you may have.
|
|
|
|
|
I want to impliment the methods I posted here using an ArrayList and not a linked List. But I dont know how to do it.
|
|
|
|
|
Well, presumably your professor either thinks you can, or he expects you to figure it out for yourself. You could ask him for help if you are completely stuck.
|
|
|
|
|
Hello my name is Nicolas Khoury, and I have a huge Text compression project to solve, and I'm having a hard time with it. I have all the predefined classes that I need to use, I just don't know what to do. Is there anyone who can give me their e-mail so I can upload the assignment and the classes and help me build the code? if so, please reply to my e-mail: nee-kow@hotmail.com
|
|
|
|
|
nee-kow wrote: Is there anyone who can give me their e-mail so I can upload the assignment
No, I'm afraid this site does not generally work like that. However you could try posting your question in the Collaboration & Beta Testing[^] forum.
Just say 'NO' to evaluated arguments for diadic functions! Ash
|
|
|
|
|
I assume you didn't do the pre-defined classes yourself. Why don't you ask you teacher/lecturer for some help - or maybe start paying more attention in lessons (if you actually go to them)
asking someone else to do your assignments for you is just stupid. If your going down that route then I suggest a career change. Go and do something your actually capable/interested in learning because your just wasting your life (and other peoples) at the minute.
return 5;
|
|
|
|
|
Thank you for for lecture mister Musefan I do appreciate it. However, I need to remind that I am a 20 year old grown man. and I'm a computer engineering student with a GPA of 3.7 in one of the best engineering schools in my country . YES I'm on the distinction list. The point of my thread is to help me get started with the damn project because we didn't acquire much information about the binary trees. Instead of whining to my teacher I thought I'd get a little help from some fellow programmers around the world. I asked for help and not for this lecture. and thank you for reading
|
|
|
|