Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

parsing a simple string

 
Mike McMahon
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey folks,

I know this question is very straightforward, but since I don't know what you call data in the form of

I haven't been able to search google. My book is at home, and I'm at work, so I'm kind of stuck.

Anyways, I have a bunch of variables in my app stored using the format shown above, and now I'm trying to put it all together and parse a query using those variables. Something like:


Needless to say, the ${*.*} thingies were not replaced with my stored values, so my query is failing. I tried some silly little things like:


but I'm at a loss.

And what do you call those thingies anyways?!

[ July 02, 2008: Message edited by: Mike McMahon ]
[ July 02, 2008: Message edited by: Mike McMahon ]
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Those "thingies" are called EL (Expression Language) Expressions. Their purpose is to translate data that exists in JavaBean object into a form that can be displayed on a JSP page. For example, the EL expression ${myBean.foo} is similar to writing <%= myBean.getFoo() %>.

Since you're writing Java code instead of a JSP page, EL expressions aren't going to be of much use to you. You will want to use the equivalent Java exressions to retrieve the data. Example:

[ July 02, 2008: Message edited by: Merrill Higginson ]
 
Mike McMahon
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey Merrill,

Thanks for the note - I figured out what they were called. Thanks also for the tips. I am writing JSP however - The query text I've gotten there is information gathered from a form, and then I'm going to instantiate a class, using the query as a constructor.

If you're aware of a way to have my EL expressions replaced with their variables, I'd still love to know. Thanks so much!

Mike
Originally posted by Merrill Higginson:
Those "thingies" are called EL (Expression Language) Expressions. Their purpose is to translate data that exists in JavaBean object into a form that can be displayed on a JSP page. For example, the EL expression ${myBean.foo} is similar to writing <%= myBean.getFoo() %>.

Since you're writing Java code instead of a JSP page, EL expressions aren't going to be of much use to you. You will want to use the equivalent Java exressions to retrieve the data. Example:


[ July 02, 2008: Message edited by: Merrill Higginson ]
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Since you're posting this in the Struts forum, I'm assuming that you're writing a Struts application. In a Struts application it's considered bad form to write or execute any sort of SQL statement in a JSP.

My recommendation would be to refactor your application such that you write and execute the SQL statements in an Action class and then forward to a JSP to display the results.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 65111
89
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Merrill Higginson:
In a Struts application it's considered bad form to write or execute any sort of SQL statement in a JSP.
This actually applies to any web application, Struts-based or otherwise. It's considered a very poor practice.
 
Mike McMahon
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is it bad form to parse a SQL query from data collected by a form on a JSP page? The query is being performed within my getProducts.java class. I don't think I'm breaking any rules...

Originally posted by Bear Bibeault:
This actually applies to any web application, Struts-based or otherwise. It's considered a very poor practice.
 
Paul Clapham
Sheriff
Posts: 21316
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You normally wouldn't parse any SQL queries. ("Parsing" is the act of translating a text format into an internal data structure, so parsing an SQL query is what the database driver does.)

But if you're asking whether it's a good practice to construct an SQL query from some base text and some parameters, like this:
then no, that isn't a good practice. It leaves you open to SQL injection attacks (you could look that up). The better practice is to use a PreparedStatement for your SQL:
 
Mike McMahon
Ranch Hand
Posts: 30
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks -
I'm aware of SQL injection attacks, and am taking measures with my queryText variable prior to executing it.

On another note, all of this talk of standards compliance seems to have taken over this thread, when the original question asked about returning variables that had been captured. I appreciate the comments, but nothing works right now, compliant or not!

Thanks,
Mike

Originally posted by Paul Clapham:
You normally wouldn't parse any SQL queries. ("Parsing" is the act of translating a text format into an internal data structure, so parsing an SQL query is what the database driver does.)

But if you're asking whether it's a good practice to construct an SQL query from some base text and some parameters, like this:
then no, that isn't a good practice. It leaves you open to SQL injection attacks (you could look that up). The better practice is to use a PreparedStatement for your SQL:
 
Siddharth Naik
Ranch Hand
Posts: 35
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If my understanding of the question and basics is correct,

EL is used on Frontend for diaplying data coming out of back office model class.

getAttribute mathod is used in back office model class for getting data sent from Frontend JSP.

It appears from below that you are collecting varaiables from JSP.


... a SQL query from data collected by a form on a JSP page?


In that case, is it possible for you to create the query itself (and not just execute it) in back offiece model class instead of on Frontend JSP? In that case you can use procedure described by Paul Clapham to create the query dynamically and execute it.
 
Merrill Higginson
Ranch Hand
Posts: 4864
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The solution as I mentioned is to use Java expressions rather than EL expressions in constructing the SQL query string.

Once you have a correct String with an SQL query, you can certainly run it and display the results. However, as 3 people who have been doing this for a long time have told you, what you will have when you are done is bad code that is difficult to maintain. If you really want to go the extra mile and do it right, you will take our advice and refactor so that the data retrieval logic is in the Action class and the display logic is in the JSP.
[ July 03, 2008: Message edited by: Merrill Higginson ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic