Bug 18767 - DBTags dump sql when no rows returned
Summary: DBTags dump sql when no rows returned
Status: RESOLVED DUPLICATE of bug 26863
Alias: None
Product: Taglibs
Classification: Unclassified
Component: DBTags Taglib (show other bugs)
Version: 1.1
Hardware: All other
: P3 blocker (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-04-07 15:38 UTC by Will
Modified: 2004-11-16 19:05 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Will 2003-04-07 15:38:45 UTC
if you try 2 statements on one page, and the second one returns now
rows, the sql is inconveniently dumped onto the page.

so the page will show "select * from sometbl where 1=2"
which can get to be a security issue, as well as a cosmetic one.

<sql:statement id="stmt1" conn="conn">
  <sql:query>
select * from sometbl where 1=1
  </sql:query>
  <sql:resultSet id="rset1">
  </sql:resultSet>
</sql:statement>


<sql:statement id="stmt2" conn="conn">
  <sql:query>
select * from sometbl where 1=2
  </sql:query>
  <sql:resultSet id="rset2">
  </sql:resultSet>
</sql:statement>
Comment 1 Felipe Leme 2004-02-27 03:13:36 UTC
That should have been fixed by bug 26863 changes - could you check with
tomorrow's nightly build?

*** This bug has been marked as a duplicate of 26863 ***