• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Uploading of text file with a standard to update Database using struts

 
janice yee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi! I am facing a problem. I need to do a function where people can upload a text file and it will automatically update the database. So anyone can tel me how to do it?
 
Jeroen T Wenting
Ranch Hand
Posts: 1847
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dangerous, very dangerous.
How would you prevent people from executing destructive SQL (drop table, drop database, delete * from) for example?

But if you insist, you can have people send a file with SQL commands (one per line) to the server and use those to execute using JDBC.

But like I said, it's extremely dangerous. You would at the very least need some highly restricted database users and have the application users restricted to those accounts, then log every SQL command that's attempted to be executed so you can find out if anyone (tries to) abuse their privileges.

Better yet (I'd say paramount in a real system rather than some plaything on an internal server) is to also implement some sort of validation logic that examines the incoming SQL and checks if it's indeed valid SQL and not an attempt to get the database server to execute privileged operating system commands (a common source of webserver cracks involve OS command injection into SQL statements sent by poorly secured web applications).
 
janice yee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
erm.. because i am suppose to work on a function where the teacher can upload their file with a standard format then it will automatically update the database.
 
Quang Pham
Ranch Hand
Posts: 47
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Janice
I am not sure this is the best way to do it but here is what I would do:
1. On your web page, after a text file is uploaded to server you need a button for your teacher to click on to call the Action class <Save to DB for example>.
2. The action class takes the file name and passes it to TO.
3. TO reads the content of the file and passes the content of the text file to DAO.
4. DAO inserts a new row in Data Base with the content of the text file that TO passes to it.

Good luck
Quang

[ September 09, 2006: Message edited by: Quang Pham ]
[ September 09, 2006: Message edited by: Quang Pham ]
 
janice yee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
ok! thanks!
 
janice yee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sorry. Do you have a sample of code that i can refer to?
 
janice yee
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The file i have is jsp, action, form, bean, event, eventhandler, module and DAO only.
What i have to do:
1 check if the file exists in the client
2 upload the file to the server (C:\tmp)
3 read each row
4 update the database accordingly

Can anyone please help me
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic