0

I have a web application that save sql scripts. This with the help of spring

The form is filled, it is saved and the response is returned on the same form

This is the form

<form:form modelAttribute="formCaptureSql" action="save" method="POST">

    ID<form:input path="id" value="${script.id }" />
    Master<form:input path="masterId" value="${script.masterId}"/>
    Query String<textarea name="scriptString" rows="40">${script.scriptString}</textarea>
    VersionR<form:input path="versionR" value="${regla.versionR }"/>

<button class="submit green" name="submitbuttonname" value="Save">Save</button>

This has worked fine until this day

When this query is saved, the view is broken (is a db2 query)

SELECT T4.*,

CASE 
  WHEN ANTI_DAD = 1 AND (PRMEQ >= 64800 OR C_AGT >= 18)  THEN 7000
  WHEN ANTI_DAD = 2 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 5000
  WHEN ANTI_DAD = 3 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2500
  WHEN ANTI_DAD = 4 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2000
  WHEN ANTI_DAD = 5 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 6 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 7 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 8 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 9 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
ELSE 0 END AS TOTAL_BONUS,
CASE 
  WHEN ANTI_DAD = 1   THEN 18
  WHEN ANTI_DAD between 2 and 9   THEN 20 
ELSE 0 END AS META_M,
CASE 
  WHEN ANTI_DAD = 1   THEN 64800
  WHEN ANTI_DAD >= 2 AND ANTI_DAD <= 9   THEN 72000 
ELSE 0 END AS PRM_M

FROM (


SELECT 
NO_AGENTE , 
COUNT(NO_AGENTE) AS C_AGT , 
SUM(PRM_STORED_ANUAL) AS PRMEQ , 
SUM(PRM_STORED_ANUAL_BONUS) AS PRMEQBONUS , 
a.MTYPCED AS CEDULA , 
ANTI_DAD 
FROM ( 
SELECT 
NAME_ASE_GDO, 
GRUPO, 
LOCALIDAD, 
PLAN_BASIC, 
TEMPO, 
NO_AGENTE, 
NO_GER, 
OFFICE, 
PRM_ANUAL, 
PRM_FRAC_MODAL, 
QRT_FIJ, 
PRM_COMIS, 
FORMA_PAY, 
STATUS_C_AGT, 
FECHA_STATUS, 
PRM_STORED_ANUAL, 
C_AGT, 
CASE WHEN MTYPCED = 'G'  then PRM_STORED_ANUAL * 2 
ELSE 
PRM_STORED_ANUAL 
END as PRM_STORED_ANUAL_BONUS, (days(CURRENT DATE)- days( DATE(SUBSTR (cast(MHIRDT as char(12)) , 1 ,4) || '-' || SUBSTR (cast(MHIRDT as char(12)) , 5 ,2) || '-' || SUBSTR (cast(MHIRDT as char(12)) , 7 ,2) ) ) )/30 AS ANTI_DAD FROM ( SELECT c.CMNAME AS NAME_ASE_GDO, c.MCGBNO AS GRUPO, c.MCEMPL AS LOCALIDAD, c.FPLAN AS PLAN_BASIC,
c.PBPDYR AS TEMPO,
c.MWAGTN AS NO_AGENTE,
c.ASUP AS NO_GER,
c.AOFI AS OFFICE,
c.MCPRMA AS PRM_ANUAL,
c.MCPRMM AS PRM_FRAC_MODAL, 
c.MCPFEE AS RECARGO_FIJO, 
c.MCPRMM - c.MCPFEE AS PRM_COMISIONABLE,
c.MCPMOD AS FORMA_PAY,
c.MCCSTA AS STATUS_C_AGT,
c.MLSTDT AS FECHA_STATUS,
c.MCCNTR as C_AGT,
a.MTYPCED,
a.MHIRDT,
CASE MCPMOD
WHEN 'H' THEN MCPRMM * 24
WHEN 'W' THEN MCPRMM * 52
WHEN 'M' THEN MCPRMM * 12
WHEN 'S' THEN MCPRMM * 2
WHEN 'A' THEN MCPRMM * 1
WHEN 'B' THEN MCPRMM * 26
WHEN 'Q' THEN MCPRMM * 4
WHEN 'T' THEN MCPRMM * 13
ELSE 0
END AS PRM_STORED_ANUAL 
FROM ( SELECT  a.*
FROM    LS8004DTA.CASCNTRML8 a
        INNER JOIN 
        (
            SELECT  MCCNTR, MAX(MWAEFFE) max_date
            FROM    T24P443DTA.CASCNTRML8
            GROUP   BY MCCNTR
        ) b ON  a.MCCNTR = b.MCCNTR AND
                a.MWAEFFE = b.max_date ) AS c
left join LS977DTA.COMAGTML04 a 
on a.MAGTNO = c.MWAGTN 
WHERE MSTLDT BETWEEN 20141201 AND 20141231
 and MCCSTA NOT IN ('C', 'N')) AS T 
) AS T1 
LEFT JOIN LSP443DTA.COMAGTML04 a
 ON a.MAGTNO = T1.NO_AGENTE
 WHERE a.MTYPCED = 'G' 
GROUP BY GROUPING SETS ((NO_AGENTE,MTYPCED, ANTI_DAD)) 
ORDER BY PRMEQ DESC 

) AS T4

The query produces tihs in textarea and the next input and the button are not shown, beacuse html code is in textarea

SELECT T4.*,

CASE 
  WHEN ANTI_DAD = 1 AND (PRMEQ >= 64800 OR C_AGT >= 18)  THEN 7000
  WHEN ANTI_DAD = 2 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 5000
  WHEN ANTI_DAD = 3 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2500
  WHEN ANTI_DAD = 4 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2000
  WHEN ANTI_DAD = 5 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 6 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 7 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 8 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 9 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
ELSE 0 END AS TOTAL_BONUS,
CASE 
  WHEN ANTI_DAD = 1   THEN 18
  WHEN ANTI_DAD between 2 and 9   THEN 20 
ELSE 0 END AS META_M,
CASE 
  WHEN ANTI_DAD = 1   THEN 64800
  WHEN ANTI_DAD >= 2 AND ANTI_DAD




VersionR<input id="versionR" name="versionR" value="1"  type="text" value=""/>

<button class="submit green" name="submitbuttonname" value="Save">Save</button>
</form> <!-- -close the form->
</section> <!-- -tag in my desing->
<footer>.....
<more divs>
</body>
</html>

I guess that is a character, that < or >but because it is presented in this query

How do I can avoid it in any case character?

jasilva
  • 730
  • 3
  • 17
  • 45

1 Answers1

0

It seems the issue is related to special chars inside your SQL, like '<' in that case you should escape them in your HTML using

  • < is replaced with &lt;
  • > is replaced with &gt;
guilhebl
  • 8,330
  • 10
  • 47
  • 66