Help coderanch get a
new server
by contributing to the fundraiser

Chad Clites

Ranch Hand
+ Follow
since Aug 16, 2005
Merit badge: grant badges
For More
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Chad Clites

Your dial up should work right out of the box with either distribution. Your Broadcom card may be a bit of a bother to set up. The support forums for both distributions already have extensive support dedicated to setting up the BroadCom card, so that would probably be the best place to look.
16 years ago
Alternatively, you could also generate an MD5 hash of both images and compare the hashes. This method would not tell you specifically what is different though.
[ December 27, 2007: Message edited by: Chad Clites ]
16 years ago
Off the top of my head, something like:
SELECT Starter, Main, Count(Main)AS cnt FROM my_table WHERE cnt>1;
should get you a list of any duplicates.
[ August 29, 2007: Message edited by: Chad Clites ]
I have never been convinced of the ability of an automated tool to definitively find vulnerabilities. The tableName value that is being passed to the PreparedStatement could very well being retrieved from a drop down menu. If that happens to be the case, and the tableName is being pulled from a controlled vocabulary of some sort, then there is no "vulnerability".

In the case that you have a limited amount of possible table names, then one solution would be to kill the query if the tableName is not in the database before the SQL statement is executed. Just from your little snippet, you will know ahead of time whether or not the query is valid because the table name will be in the map. If it isn't, then you would want to display some other message instead.

Another means of preventing SQL injection is to have a custom error page that catches the SQL error message and displays a generic error message. SQL injection works by sending specially crafted queries, and by reading the error messages generated by these sort of queries. The error messages then give them enough information to fully attack the database. This isn't the case in your example though. If the table name is not in the database, the query will fail, so a simple "If the tablename exists in the map, then execute the query" should suffice.

It's also a good idea if you frequently work with SQL databases to maybe read a PDF or two on the subject just to gain some understanding. SQL injection is fundamentally easy to understand, and only marginally harder to implement.

EDIT: Just as a CMA, I am basing my answer only on the small snippet of code you have given and should be taken as an example only. Obviously I have no way of knowing what else you may have going on with your application as far as SQL access.
[ August 20, 2007: Message edited by: Chad Clites ]
There may be a language issue so I may not be understanding your question fully, but putting an object into an arraylist or a set is the same as anything else. If you are putting a string into an arraylist, you would simply use add. Same for a HashSet. For example:

If you want to use generics, then it is only slightly different:
[ August 16, 2007: Message edited by: Chad Clites ]
16 years ago
And indeed it appears that there is:row_number()

Apparently support differs from database to database, but now that you know what you are looking for, you should be able to find it.
Good question. I don't know of any function that will do that, so I am sort of curious also. I can't find anything in any of my reference materials. Is there some constraint that prevents you from just adding the numbering as you iterate through the resultSet? Or is there an option to create your own function?
I don't know of any JDBC function that does what you describe, but I have never looked for one either. I do either one of two things (and I assume that any filtering function is doing the same thing). The first thing common to both methods is that I need to build a resultSet that contains the values that I want to check. Then I dump them into a collection of some sort. Personally, I use a hashSet. I can check entries one at a time without having to re-query the database. If not, I am notified of the absent entry and can correct it on the spot. This works ,for example, if people are registering for a seminar, and I want to see if they are on the database.

The other method would be to put all the values I want to check into a list, and as I am iterating through the resultSet, see if the term from the resultSet is contained within my list. This is useful if I already have a list of values and I want to validate all of them. I can do hundreds of thousands of validations in very little time.

Either way, it can be accomplished with just a few lines of code.
[ August 14, 2007: Message edited by: Chad Clites ]
Maybe I am misunderstanding your question, but why can't you just do SELECT id FROM some_table WHERE id=some_id. If you get a result back then you know it exists. If the result set is empty, then it doesn't.
What do you suppose wasNull() is supposed to do? What did you expect it to do?
rs.getString("a") gets a string from the result set identified by "a".
rs.getBoolean("a") gets a boolean value identified by "a". I think you can figure out what getInt does.

Those identifiers represent columns in a table. So if I have a table called Cars, and each row in the table holds make, model, color, and year of a car. After querying the database, I could get the values from the resultset by doing something like:

EDIT: Checking out the API might help you understand. Then again, it might give you information overload...
[ August 13, 2007: Message edited by: Chad Clites ]
I was thinking that your JDBC driver was out of date. Every thread I looked at was able to correct that particular error by updating their driver.
Where did you get your JDBC connector?


You may want to try something like the following:
private final String DBCONNECT = "jdbc:mysql://localhost/database_name?user=db_user&password=db_password";
(I have a simple utility class that I wrote, and this is how I do it)

Where database_name is the name of the database to which you are trying to connect, db_user is the user that you created, and db_pass is the password.

Your application shouldn't care where the database is. It really doesn't need to. It just hits the port on which Mysql is running. Did you change the default port?
[ August 12, 2007: Message edited by: Chad Clites ]
If you are able to compile just fine, then I doubt it is a classpath problem since javac and java are in the same directory. What is the specific (entire) error? It's more likely that you are not including a needed library.
[ August 12, 2007: Message edited by: Chad Clites ]
16 years ago