How can I retain HTML form field values in JSP after submitting form to Servlet? - McMap

About

How can I retain HTML form field values in JSP after submitting form to Servlet?

Asked 14/10, 2010 at 21:11 Answered 4/8, 2016 at 9:5

Solved forms jsp servlets retain

D

2

7

After submitting data in the HTML from, a servlet adds these data to my DB and forwards a result message to a JSP page. I want to retain the initially submitted values in the form after the forward.

Is it sensible to make an object in a servlet and add all the parameters I receive and send it with a request to JSP? Is there another better way?

Dawnedawson answered 14/10, 2010 at 21:11 Comment(0)

G

14

You could access single-value request parameters by ${param}.

<%@ taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn" %>
...
<input name="foo" value="${fn:escapeXml(param.foo)}">
<textarea name="bar">${fn:escapeXml(param.bar)}</textarea>
...
<input type="radio" name="faz" value="a" ${param.faz eq 'a' ? 'checked' : ''} />
<input type="radio" name="faz" value="b" ${param.faz eq 'b' ? 'checked' : ''} />
<input type="radio" name="faz" value="c" ${param.faz eq 'c' ? 'checked' : ''} />
...
<select name="baz">
    <option value="a" ${param.baz eq 'a' ? 'selected' : ''}>label a</option>
    <option value="b" ${param.baz eq 'b' ? 'selected' : ''}>label b</option>
    <option value="c" ${param.baz eq 'c' ? 'selected' : ''}>label c</option>
</select>

Do note that JSTL's fn:escapeXml() is necessary in order to prevent XSS attacks. See also XSS prevention in JSP/Servlet web application.

You could access multi-value request parameters by ${paramValues} and EL 3.0 streams.

<input type="checkbox" name="far" value="a" ${paramValues.far.stream().anyMatch(v -> v eq 'a').get() ? 'checked' : ''} />
<input type="checkbox" name="far" value="b" ${paramValues.far.stream().anyMatch(v -> v eq 'b').get() ? 'checked' : ''} />
<input type="checkbox" name="far" value="c" ${paramValues.far.stream().anyMatch(v -> v eq 'c').get() ? 'checked' : ''} />
...
<select name="boo" multiple>
    <option value="a" ${paramValues.boo.stream().anyMatch(v -> v eq 'a').get() ? 'selected' : ''}>label a</option>
    <option value="b" ${paramValues.boo.stream().anyMatch(v -> v eq 'b').get() ? 'selected' : ''}>label b</option>
    <option value="c" ${paramValues.boo.stream().anyMatch(v -> v eq 'c').get() ? 'selected' : ''}>label c</option>
</select>

The alternative to this all is to submit form by Ajax and then update for example only the validation messages. Start here: How should I use servlets and Ajax?

Guacin answered 14/10, 2010 at 21:35 Comment(10)

it works with text fileds but i what if i want to use it with <input type="radio > and the value is static for example :value="E" ? – Dawnedawson 14/10, 2010 at 22:42

Render checked conditionally. E.g. ${param.foo == 'E' ? 'checked' : ''}. I updated the answer with some more examples. – Guacin 14/10, 2010 at 22:44

it works thank you , about xss , i am trying to make filter for all parameters for all jsp pages , i think it could be easier than check each input , can i know ur opinion about that? – Dawnedawson 14/10, 2010 at 22:59

No, certainly don't do that. Do it during redisplaying user-controlled input only, the latest possible moment. Or adopt an existing robust and well-developed MVC framework like JSF. It will take care about this automagically. – Guacin 14/10, 2010 at 23:6

can u tell me why not to use filter , do u mean that filter will slow the response of jsp requests ? and actually i didn't got what u mean with ' Do it during redisplaying user-controlled input only '?? do u mean check for each input? – Dawnedawson 14/10, 2010 at 23:32

Sanitizing XSS during request processing will cause trouble on long term as this is not the normal practice. Maintainability, reusability and portability of the app and the data will suffer from this. Do it during response processing only. With "during redisplaying user-controlled input" I just mean straight in the JSP, exactly as demonstrated in my answer. If you insist you can always do things differently, I am just warning for future regrets and waste of time. – Guacin 14/10, 2010 at 23:33

Mr BalusC , escapeXml() doesn't work , script has been added to my db as is ,here is my work : <input type="text" name="userName" value="${fn:escapeXml(param.userName)}" /> , and i read that it replace charchters that have special meaning in xml to their corresponding charachter entity code , does that mean instead of saving it in db as < it will be added as < ?? – Dawnedawson 15/10, 2010 at 0:16

Scripts won't be executed in DB. This does absolutely not harm. This is perfectly fine. The escapeXml() will escape them when it's about to be redisplayed in HTML. Remove it and retest. You'll see that the script will be executed. – Guacin 15/10, 2010 at 0:26

Love how simple the "stream" method is for the multiple checkbox scenario, however is there an EL 2.2 equivalent? The server I'm on is using servlet version 3.0 instead of 3.1 – Unemployment 1/8, 2017 at 22:1

@Aender: Unfortunately no. You'd better use an EL function. – Guacin 2/8, 2017 at 5:24

C

3

For the select statement maybe you can just use javascript.

document.getElementById('baz').value = '${param.baz}';

Crowe answered 4/8, 2016 at 9:5 Comment(1)

super answer. It's very easy – Bloater 7/1, 2021 at 5:31

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.