Yogesh Gandhi

Tim Holloway wrote:I'm pretty sure that columns loaded via setObject will generate SQL text that's equivalent to what that object's toString() method would output. So using setObject on an Integer or Long would be OK, for a Date, the format would probably be wrong, and for arrays and classes that don't have customized toString() methods you'd probably get useless junk.

Well if we talk about just integer, long, string etc. the below link says that setObject method internally checks the type of data it holds. So it should be able to manage. And it doesn't use toString() rather it uses instance of method

https://stackoverflow.com/questions/35531621/can-preparedstatements-setobject-method-be-used-for-any-datatype

Yogesh Gandhi wrote:List<Object> arguments = new ArrayList<Object>(); String sql = "SELECT * FROM user WHERE someCondition = ?"; if (queryOnEmail) {  sql = sql + " AND email LIKE ?";  arguments.add(email); } if (queryOnUserName) {  sql = sql + " AND user_name LIKE ?";  arguments.add(userName); } PreparedStatement stmt = con.prepareStatement(sql); int i = 1; for(Object o : arguments) {  stmt.setObject(i, o);  i++; }

Someone suggested this to add the agruments to the list while we are going thru the loop

And later use that arguments arraylist and use setObject to populate stmt object


But my question is, is the setObject method can be used in place of setString or setLong or setInteger method without any problems?

I got the answer, most likely setObject can be used without any risk in place of setString or setInt or some other setter methods.

But mostly it will depend on JDBC driver.

https://stackoverflow.com/questions/35531621/can-preparedstatements-setobject-method-be-used-for-any-datatype

List<Object> arguments = new ArrayList<Object>(); String sql = "SELECT * FROM user WHERE someCondition = ?"; if (queryOnEmail) {  sql = sql + " AND email LIKE ?";  arguments.add(email); } if (queryOnUserName) {  sql = sql + " AND user_name LIKE ?";  arguments.add(userName); } PreparedStatement stmt = con.prepareStatement(sql); int i = 1; for(Object o : arguments) {  stmt.setObject(i, o);  i++; }

Someone suggested this to add the agruments to the list while we are going thru the loop

And later use that arguments arraylist and use setObject to populate stmt object


But my question is, is the setObject method can be used in place of setString or setLong or setInteger method without any problems?

I need a little help in a particular scenario in fixing SQL Injection. Although I know the standard procedure of how to fix SQL injection.

String searchQuery="select * from tablename where column1=value1 and" // This searchParams infact is coming from the user at runtime... I ahave just hard-coded it for demonstration purpose ArrayList<String> searchParams = {"invoice_dt","contractor_id","first_dt"}; for(String s: searchParams) {    if(s.contains("invoice_dt")    {        String col2="2020.10.04";        searchQuery = searchQuery + " invoice_dt=" + col2;    }    else if(s.contains("contractor_id"))    {          String col3="value3";          searchQuery = searchQuery + " contractor_id=" + col3;    }    else if(s.contains("first_dt"))    {           Long col4=10L;          searchQuery = searchQuery + " first_dt=" + col4;    }    .    .    //There are many many if-else conditions...to scan thru searchParams    . }//ends loop statement=connection.prepareStatement(searchQuery); ResultSet resultSet=statement.executeQuery();

As you can see, the search query is very dynamic....and it will depend on what comes in search Params.

Now the problem is that I have to use setString and setLong etc after the prepare statement (as before prepareStatement, the statement object will be null).

And if I want to do it after prepareStatement, I will have to repeat the if-else block and the for loop once again, which doesnt looks nice.

Anyone knows any better way of doing this?

Thankyou guys for your time and help.

The problem has been resolved. It seems like there was some problem during compilation of java file and the .class file generated wasn't proper.
May be some libraries of log4j was not properly provided or was mismatching with that on the server.

When we added log4j library in web-inf\lib, and recompiled the java source code and deployed the new class file the problem went away.

Really was not able to understand how did it solve my problem, but it did somehow.

Tim Moores wrote:That doesn't sound like the full error message. There should be more lines that give information what package or class is missing, and in which class that happens.

update the war file

That doesn't sound solid. I advise to build an entirely new war file, minus all the source code, so that you have a reliably buildable project.

Thanks for taking out time and replying on my issue. I will post the complete error message along with stack details once my team gets online. As of now I remember this much only. I'll post the complete details soon.

Building entirely a new war and a project is not possible for us given the way the project is currently working. We are just supposed to fix few small SQL injection vulnterabilties for which we do not want to run into unwanted problems other than the one which we are supposed to work on. So we took this approach. Just make change to the file which has the vulnterability and put the compiled .class back into the war after making the fix.

I hope you might have seen such processes being going on in certain projects.

No doubt, what you suggested is the best way of doing things. But at times, we choose not to go by best path but by the shortest path.

Hello Guys,

I am facing a problem while making changes to a war file deployed on JBoss.

Here are the steps I did

1. Took the war file from the server
2. THey keep java code as well inside the war file along with the .class file
3. I took the .java file, and opened the project (.war) in eclipse.
4. Added WEB-INF\classes to the source in eclipse.
5. Made a change (added a comment to be precise).
6. Rebuild the project
7. Took the newly generated class file and put it in the war file to update the war file.
8. Took the updated war file and deployed it on JBOSS console.
9. After deployment, many pages on the web-application goes blank, the servlet responds with a blank page.
10. In the logs when we checked, the error which I suspect could be is UNRESOLVED COMPILATION PROBLEM.


Can anyone guide what could be the solution?

Since we did not make any changes to source code, it has something to do with the configuration or environment.

What could be the possible things I should check?

I have 2 classes
1) ScheduledTasks.java
2) UserNotificationServiceImpl.java

I have @Autowired a class in both the above classes.

I have set a Set<String> private member variable in ScheduledTasks into the @Autowired reference(userDao) whcih I later want to access later from UserNotificationDAO of UserNotificationServiceImpl.
But I am not able to.

Firstly I thought, may be spring boot is not creating a singleton instance.
I printed the object. I assume, that it prints the memory address by default if toString method is not overriden.

I found both the memory address to be the same.

I set a Set<String> in ScheduledTasks into userDao and which I can see that it has been properly set in ScheduedTasks itself before I proceeded.

You can have a look at the logs




*************Inside ScheduledTasks.java ***********************************
Notification: *** Inside sendNotificationForOrdersOnHold()
Notification: *** Executing Query as select oos2.orderitemnumber||','||oon2.event_id ORDER_EVENT from om_order_notifications1 oon2, om_order_stage oos2  where (oon2.orderitemnumber, oon2.user_notification_date) in (SELECT oon.orderitemnumber, MAX(oon.user_notification_date) FROM om_order_notifications1 oon, om_order_stage oos WHERE oon.orderitemnumber = oos.orderitemnumber  AND UPPER(oos.orderstagestatus) LIKE('%HOLD%') AND oos.stage_flag = 'Y' AND oon.NOTIFICATION_ID='14' GROUP BY oon.orderitemnumber HAVING MAX(oon.user_notification_date) + (select nvl(min(VALUE),30) from OM_MASTER_DATA WHERE KEY='on_hold_day_span') < sysdate AND MIN(oon.user_notification_date) + (select nvl(min(VALUE),365) from OM_MASTER_DATA WHERE KEY='when_to_cancel_order') > sysdate)  and oon2.ORDERITEMNUMBER=oos2.ORDERITEMNUMBER  and oos2.stage_flag='Y'  AND oon2.NOTIFICATION_ID='14' and oon2.event_id like '%1006'
Notification: *** Orders to be notified = [160304995,20160624.10598.1006]
Notification: *** userDAO in ScheduledTasks = net.colt.notifications.DAO.impl.UserNotificationDAOImpl@72061775

//         userDao.setOrdersOnHold(ordersOnHold);
Notification: *** Orders On Hold set in UserDAO = [160304995]


********* Inside UserNotificationServiceImpl ***************************
Here I have @Autowired UserNotificationDAO and when I invoke getOrdersOnHold, I get an empty Set.

Notification: *** ###################################### userNotificationDAO.getOrdersOnHold=[]
Notification: *** UserNotificationDAO in UserNotificationServiceImpl = net.colt.notifications.DAO.impl.UserNotificationDAOImpl@72061775


Both the objects are same.

But I do not get the set, when I try to access it using the other reference. (As you can see getOrdersOnHold gives me an empty Set.

Any help in this regard is appreciated.

Regards
Yogesh

Ankit Garg wrote:See this tutorial, you have to run your application using Spring not directly by instantiating the class

I wonder, what is it that it is only required to run my application using spring. Why I can't use it on a method in plain java?

THe output is

"Entered test"
Then waits for 10 seconds
"HELLO"
and then
I am done.

Hi,

I need to call a method asynchronously. This is what I did, by studying from internet.
Similar code is working in our project, with the same annotations and all, but due to some reason, I am not able to make it work in standalone.

Can anybody help me on this, as to what I have done wrong.

import java.util.concurrent.Future; import org.springframework.scheduling.annotation.Async; import org.springframework.scheduling.annotation.AsyncResult; import org.springframework.scheduling.annotation.EnableAsync; public class JBPMClient { public static void main(String[] as) throws Exception { Util u = new Util(); Future<String> future = u.test(); System.out.println("I am done"); } } @EnableAsync class Util { @Async public Future<String> test() { System.out.println(System.currentTimeMillis()/1000 + " Entered test...."); try { Thread.sleep(10000); } catch (InterruptedException e) { // TODO Auto-generated catch block e.printStackTrace(); } System.out.println(System.currentTimeMillis()/1000 + " HELLO"); return new AsyncResult<String>("HELLO"); } }

Hi Guys,

Hope you all are doing good...

I am stuck at a very basic but surprising question...

I have created a POJO class...and overrode the toString method by the default implementation that string gives me...

package net.colt.omportalapi.model; import java.util.Date; public class MileStoneDTO { private int mileStoneId; private int orderStageId; private String orderMileStoneName; private Date orderMileStoneDate; private String orderMileStoneSourceSystem; private Date orderMileStoneEndDate; public int getMileStoneId() { return mileStoneId; } public void setMileStoneId(int mileStoneId) { this.mileStoneId = mileStoneId; } public int getOrderStageId() { return orderStageId; } @Override public String toString() { return "MileStoneDTO [mileStoneId=" + mileStoneId + ", orderStageId=" + orderStageId + ", orderMileStoneName=" + orderMileStoneName + ", orderMileStoneDate=" + orderMileStoneDate + ", orderMileStoneSourceSystem=" + orderMileStoneSourceSystem + ", orderMileStoneEndDate=" + orderMileStoneEndDate + "]"; } public void setOrderStageId(int orderStageId) { this.orderStageId = orderStageId; } public String getOrderMileStoneName() { return orderMileStoneName; } public MileStoneDTO(int mileStoneId, int orderStageId, String orderMileStoneName, Date orderMileStoneDate, String orderMileStoneSourceSystem, Date orderMileStoneEndDate) { super(); this.mileStoneId = mileStoneId; this.orderStageId = orderStageId; this.orderMileStoneName = orderMileStoneName; this.orderMileStoneDate = orderMileStoneDate; this.orderMileStoneSourceSystem = orderMileStoneSourceSystem; this.orderMileStoneEndDate = orderMileStoneEndDate; } public void setOrderMileStoneName(String orderMileStoneName) { this.orderMileStoneName = orderMileStoneName; } public Date getOrderMileStoneDate() { return orderMileStoneDate; } public void setOrderMileStoneDate(Date orderMileStoneDate) { this.orderMileStoneDate = orderMileStoneDate; } public String getOrderMileStoneSourceSystem() { return orderMileStoneSourceSystem; } public void setOrderMileStoneSourceSystem(String orderMileStoneSourceSystem) { this.orderMileStoneSourceSystem = orderMileStoneSourceSystem; } public Date getOrderMileStoneEndDate() { return orderMileStoneEndDate; } public void setOrderMileStoneEndDate(Date orderMileStoneEndDate) { this.orderMileStoneEndDate = orderMileStoneEndDate; } }

Now if i create a list of these objects and pass this to sysout....it gives me the following output;;;
List<MileStoneDTO> l = new ArrayList<MileStoneDTO>(); MileStoneDTO m = new MileStoneDTO(1, 1, "ABC", new Date(), "OHS", new Date()); MileStoneDTO m2 = new MileStoneDTO(2, 2, "DEF", new Date(), "OHS", new Date()); l.add(m); l.add(m2); System.out.println(l);

OUTPUT:

[MileStoneDTO [mileStoneId=1, orderStageId=1, orderMileStoneName=ABC, orderMileStoneDate=Wed Dec 16 09:52:32 IST 2015, orderMileStoneSourceSystem=OHS, orderMileStoneEndDate=Wed Dec 16 09:52:32 IST 2015], MileStoneDTO [mileStoneId=2, orderStageId=2, orderMileStoneName=DEF, orderMileStoneDate=Wed Dec 16 09:52:32 IST 2015, orderMileStoneSourceSystem=OHS, orderMileStoneEndDate=Wed Dec 16 09:52:32 IST 2015]]

The thing to note here is the string marked in red above..

Now, if I make a spring controller and return the same list from it...and see it in a browser, the output misses the thing that was marked in red above. I presumed, it'll use a toString method of the object always...


@RequestMapping("/getMileStones") public List<MileStoneDTO> getMileStones() { List<MileStoneDTO> l = new ArrayList<MileStoneDTO>(); MileStoneDTO m = new MileStoneDTO(1, 1, "ABC", new Date(), "OHS", new Date()); MileStoneDTO m2 = new MileStoneDTO(2, 2, "DEF", new Date(), "OHS", new Date()); l.add(m); l.add(m2); return l; }


OUTPUT:

[{"mileStoneId":1,"orderStageId":1,"orderMileStoneName":"ABC","orderMileStoneDate":1450239474577,"orderMileStoneSourceSystem":"OHS","orderMileStoneEndDate":1450239474577},{"mileStoneId":2,"orderStageId":2,"orderMileStoneName":"DEF","orderMileStoneDate":1450239474577,"orderMileStoneSourceSystem":"OHS","orderMileStoneEndDate":1450239474577}]

Can you notice?

Did it not use the toString method?
The name of the class is not coming while it is returned by controller....
Also you can see the values of dates are coming in milliseconds, where as in the earlier part it was in local timezone.

I hope I am able to put my query clearly and make you guys understand, what I am trying to ask...

Can you please help me understanding, what's going in here?

Roel De Nijs wrote:

Yogesh Gandhi wrote:SQL Error: ORA-06552: PL/SQL: Statement ignored
ORA-06553: PL S-382: expression is of wrong type

Pure SQL doesn't understand the boolean data type, although PL/SQL does. So although the function will work if invoked from another PL/SQL block, it won't work in a simple SQL SELECT statement.

So if you need to use it in SQL SELECT statements, use the integer data type as return value and return 0 or 1 instead.

Thanks Roel,
But when I try to run it in PL/SQL block as well...

as follows

declare x boolean; begin select isHoliday(sysdate) into x from dual; end;


It still doesn't works and says

Error starting at line 1 in command:
declare
x boolean;
begin
select isHoliday(sysdate) into x from dual;
end;
Error report:
ORA-06550: line 4, column 32:
PL S-00382: expression is of wrong type
ORA-06550: line 4, column 8:
PL S-00382: expression is of wrong type
06550. 00000 - "line %s, column %s:\n%s"
*Cause: Usually a PL/ SQL compilation error.
*Action:

create or replace FUNCTION isHoliday ( mydate date ) RETURN BOOLEAN IS BEGIN return TRUE; END isHoliday;

select isHoliday(sysdate) from dual;

eRROR i GET IS

Error starting at line 1 in command:
select isHoliday(sysdate) from dual
Error at Command Line:1 Column:7
Error report:
SQL Error: ORA-06552: PL/SQL: Statement ignored
ORA-06553: PL S-382: expression is of wrong type
06552. 00000 - "PL/SQL: %s"
*Cause:
*Action:

Hi,

I am trying to using highcharts on my website.

The problem is with the export functionality on IE

The function that I have used for exporting the chart is

$scope.exportChartToFile = function (filetype) { var container_id = chartFactory.container_id; var chart = $(container_id).find('.chart').highcharts(); if (chart) { chart.exportChart({ type: filetype, filename: 'export' }); } };


The problem occurs on IE, and it says, that "Internet Explorer has modified this page to help prevent cross-site scripting"


Our Client is not ready to disable the XSS security protection available in the browser. Nor he has the rights/permissions to add highcharts to its trusted sites.

Any other solution if anyone knows...regarding the change in the settings of highcharts...

These are the options that I am using for displaying highcharts:


ChartList.prototype.populateOptions = function(defaultOptions) { seriesData=new Array(); Highcharts.setOptions({ global : { useUTC : false } }); var backgroundPosition = '-147px -40px'; for(var index in this.data.data) { seriesData.push({ name:this.data.data[index].target, data: this.data.data[index].datapoints, id: this.data.data[index].target, type:'line' }); if(this.trendLineEnabled) { backgroundPosition='-147px -10px'; seriesData.push({ name: 'TrendLine '+this.data.data[index].target, linkedTo: this.data.data[index].target, showInLegend: false, enableMouseTracking: false, type: 'trendline', algorithm: 'linear', color: 'red' }); } } $('.trend').css('background-position',backgroundPosition); defaultOptions.legend = { enabled: true, layout: 'vertical' } defaultOptions.chart= { type: 'line', zoomType: 'xy', spacingBottom: 15, spacingTop: 10, spacingLeft: 30, spacingRight: 0 }; defaultOptions.title= { text: '' }; defaultOptions.xAxis = { type: 'datetime', dateTimeLabelFormats: { second: '%H:%M:%S', minute: '%H:%M', hour: '%H:%M', day: '%e %b %y', week: '%e %b %y', month: '%b %y', year: '%Y' } }; defaultOptions.yAxis = { title: { text: 'Percentage of ' + this.displayName, style: {"color": "#009de0", "fontWeight": "bold" } }, min: 0 }; defaultOptions.tooltip = { headerFormat: '<b>{series.name}</b><br>', pointFormat: '{point.x:%e. %b}: {point.y:.2f} %' }; defaultOptions.plotOptions = { line: { marker: { enabled: false } } }; defaultOptions.series = seriesData; defaultOptions.exporting = { // Hides the export menu... enabled:false }; }


Somewhere on internet I read that it may be required to set XSS header, but where do I do that, that must be on the highcharts page? right?

Any suggestions?