Bug 18767

Summary: DBTags dump sql when no rows returned
Product: Taglibs Reporter: Will <sqlweb2000>
Component: DBTags TaglibAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED DUPLICATE    
Severity: blocker    
Priority: P3    
Version: 1.1   
Target Milestone: ---   
Hardware: All   
OS: other   

Description Will 2003-04-07 15:38:45 UTC 
if you try 2 statements on one page, and the second one returns now
rows, the sql is inconveniently dumped onto the page.

so the page will show "select * from sometbl where 1=2"
which can get to be a security issue, as well as a cosmetic one.

<sql:statement id="stmt1" conn="conn">
  <sql:query>
select * from sometbl where 1=1
  </sql:query>
  <sql:resultSet id="rset1">
  </sql:resultSet>
</sql:statement>


<sql:statement id="stmt2" conn="conn">
  <sql:query>
select * from sometbl where 1=2
  </sql:query>
  <sql:resultSet id="rset2">
  </sql:resultSet>
</sql:statement>
Comment 1 Felipe Leme 2004-02-27 03:13:36 UTC 
That should have been fixed by bug 26863 changes - could you check with
tomorrow's nightly build?

*** This bug has been marked as a duplicate of 26863 ***