• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

sending prepared statement objects to custom tags

 
Ranch Hand
Posts: 820
IntelliJ IDE VI Editor Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We have a bunch of custom tags that accept query strings. If I want to send a prepared statement object instead of a string, is it a better practice to convert my prepared statement into a string for use with the tags or to modify the code behind the tag so that it can handle a prepared statement?
Thanks!
 
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's better to remove all database knowledge from you JSPs entirely.
Personally I wouldn't give tags any knowledge about the database either.
There would be a separate layer (some people insist on using beans, but I avoid this too) the would know about the database. You delegate to it to load the required data from the parameters you provide it, then it returns objects which you use in your JSP, tags and beans to provide presentation.
Dave
 
Tim McGuire
Ranch Hand
Posts: 820
IntelliJ IDE VI Editor Tomcat Server
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK. So, the thing to do would be have a class that handles the database query and sends a result object back to the jsp page. The tag on the jsp page would then accept that result object as an attribute and build the drop down list or report table from that. Makes sense to me.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Except that if you are sending the SQL query from the JSP, that still represents knowledge about the database in the JSP. It could also create a security risk if users manage to substitute their own malicious SQL for your own. (This is one of the most common security holes in web applications, not just Java)
Can you have a Class being responsible for a single SQL operation and just pass the parameters for that query?
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic