开发者

Servlet with User Input?

Ok, so a user enters some information on a JSP and clicks 'submit' which launches a servlet. This servlet then processes the information and sends back another JSP. That works fine.

However, what about if the servlet needs to ask the user a question before continuing the processing? In a general Java Application you can use the likes of JOptionPane or something.

As a very simple example.... say there is a list of names and ages: names {bob: 21, fred: 19, john: 20}

And the user is asked to enter 4 more: harry: 25, john: 17, percy: 54, gary: 12

The servlet gets the names input and then tries to add them to the list 'names'. However when it gets to 'john: 17', it finds that 'john' is already there. And we want to ask the user:

"Do you want to skip or replace John?"

Then if they skip, we move to percy and the list is: names {bob: 21, fred: 19, john: 20, harry: 25, percy: 54, gary: 12}

If they chose replace, we'd have: names {bob: 21, fred: 19, john: 17, harry: 25, percy: 54, gary: 12}

How would you get that user input? Is the only way to move all t开发者_开发百科he logic into JavaScript or something?


Just display it as a message and repopulate the same form once again.

To display a message, basically just set it as a request attribute:

request.setAttribute("message", message);

and forward back to the same JSP page where you display it in EL as follows:

${message}

Repopulating the forms can be done by displaying the request parameters as input values:

<input name="foo" value="<c:out value="${param.foo}" />">
<input name="bar" value="<c:out value="${param.bar}" />">
<input name="waa" value="<c:out value="${param.waa}" />">

That should be it. Here I am using JSTL c:out instead of plain EL to prevent your site from XSS attacks --as an example, try filling <input name="foo" value="${param.foo}"> with "><script>alert('XSS')</script><b>XSS</b a=" (including quotes).

You can use Javascript for this as well to improve user experience (faster response and no flash of content), but this would not cover the whole world wide web and you should also not rely on it because it can be disabled/hacked/spoofed. Just use it only and only for better user experience. I.e. use it unobtrusively and keep the server side code robust so that it still works in case of JS lack or failure.


Servlets are stuck to the HTTP request/response protocol. When the user's browser sends in a request, it can't do anything until it gets a response back from the server. That means that the server can't get user input midway through a request.

Adding Javascript to verify that the input doesn't duplicate the existing list data is one way to prevent this problem. You could also add some logic on the servlet as well -- add name/age combinations from the input as long as they don't already exist, and display an error for all the existing combinations in your response.

In addition, Ajax is commonly used to get around the need to do a full request/response in the user's brower. Because it's HTTP it still needs to send requests and wait for responses, but it does this in the background, without reloading the whole page. It's more complicated, but can make the user experience more interactive.


Yes, you either have to do this via JavaScript, or have the servlet/jsp see the problem then send back a page to the user asking the question and when they submit that page then process the list...

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜