Rob Spoor

For the SQL injection you should either use http://php.net/manual/en/mysqli.real-escape-string.php or preferably PDO.

For the JavaScript injection you should actually not set innerHTML at all. Instead your response should be something that is not HTML, like JSON, and then do some JavaScript magic to create the table instead. There you should set the text of elements, not the innerHTML. jQuery can be really useful there.

Odd, I can find the class without problems. The class it's found in is <home>\.m2\repository\org\springframework\security\spring-security-core\5.0.8.RELEASE\spring-security-core-5.0.8.RELEASE.jar. And I've found it as far back as 3.2.5.RELEASE so it just should be there.

What did you already find out? And which operating system is it? For instance, on Linux the system calls is mkdir and on Windows it's CreateDirectoryA or CreateDirectoryW (and there actually a few more as well...).

By the way, your code is vulnerable for both SQL injection (getCustomer.php line 26) and XSS / JavaScript injection (NewInvoice.php line 31).

Step one is finding out where the issue lies. Use your browser's development tools (Chrome: F12), look at the network tab, and check what the actual AJAX request and response are.

Tim Holloway wrote:Normally I use a mock mail module to test email logic. The mock module replaces the actual mailer. It responds the same way that a real mailer would, but avoids having emails fly around randomly while you test. And, aside from cluttering up the network an mail resource, it can be hard after a while to keep track of which test went with which email if you use a live mailer.

Indeed. For simple unit tests I like the one from this article: http://blog.nutpan.com/2012/03/mock-testing-for-java-mail.html.

I think Paul is right. Thymeleaf escapes your input when you use th:text. Note that whitespace like line breaks don't matter because in HTML these show up as a single space. The <br> tag is the way to go as long as you tell Thymeleaf not to escape it.

Welcome to the Ranch!

Your consumers are all trying to read from the database, and the one producer writes to the same database, right? What database are you using? Some database systems (especially MS SQL Server) lock an entire table by default while a transaction is active. That could possibly explain your issue.

Welcome to the Ranch!

Can you show the part of your Thymeleaf template where you render this error?

Joshua Soeng wrote:Yes, I've read about the downside of recursion, and that we should treat recursion as a last resort, but I'm just curious about recursion.

As Campbell said, there is nothing wrong with recursion itself. The problem arises when applied incorrectly or unnecessarily. I had a problem with Hibernate with a query that used an IN statement with over 200 elements in the collection. The implementation used recursion to go over a list (using a "delegate to next" approach where "next" involved a method call) that caused StackOverflowErrors. If that would have been a list (and so simple it would have been...) there would be no issue.

Campbell Ritchie wrote:The log(n) solution is, I think, the third in Rob's list.

It is. These four implementations have, respectively:
* terrible complexity
* linear complexity
* logarithmic complexity
* constant complexity (assuming your CPU supports it)

Campbell Ritchie wrote:Kaldewaaij taught Rob.

Not directly, I was only taught using his book.

But Campbell is right about this recursive variant having terrible performance. I actually know of four implementations:
* This recursive variant.
* One that uses a loop and keeps track of the current and previous values (chapter 4.3 of Kaldewaij's "The Derivation of Programs").
* One that uses a matrix (chapter 5.2 of Kaldewaij's "The Derivation of Programs").
* One that uses a direct function applied to the input to get an approximation (listed at https://en.wikipedia.org/wiki/Fibonacci_number#Closed-form_expression).

[edit]Kaldewaij, not Kaldewaaij, and it's a man[/edit]

For n = 5, you don't add (5 - 1) and (5 - 2) (or 4 and 3), you add fibonacci(4) and fibonacci(3). This is the same as (fibonacci(3) + fibonnaci(2)) + (fibonnaci(2) + fibonacci(1)), etc.

It's advised to use a higher level mapping like JPA or Spring's mappings (Spring JPA, Spring Data, ...) instead of JDBC. It's still possible to use JDBC though. You just don't get any of the advantages of JPA. And JPA also allows native statements to be executed; if you want their result sets mapped you just need to add a little more code.

Each JEE container like JBoss, GlassFish or WebLogic needs to come with one though. You would only need to find out which one so you can put the correct provider in your persistence.xml file. (JBoss comes with Hibernate, WebLogic with TopLink which is based on EclipseLink, no idea about others.)

tangara goh wrote:My problem is that I am not using JPA, just pure Java EE.

Can I use that method ?

JPA is part of JEE, so if you're using JEE you can also automatically use JPA.