I have a server that is hosting a JSP page. Can I populate it's text boxes from my client's database?
Create a servlet which loads the data, puts it in request scope and forwards the request to the JSP. If you want to do it whenever the client opens a link/bookmark, then do it in the doGet() method. Or when you want to do it when the client submits a form, then do it in the doPost() method.
Here's an example which preloads a specific product from the DB based on request parameter:
Product product = productService.find(request.getParameter("id")); // Do your DB access job.
request.setAttribute("product", product); // It'll be available by ${product}.
request.getRequestDispatcher("/WEB-INF/product.jsp").forward(request, response); // Let JSP display it.
Map this servlet on an URL pattern of /product then you'll be able to call it by http://example.com/somecontext/product?id=123
In the JSP you just have to set the value attribute of the HTML input element to display it as value of the input element. Since this is sensitive to XSS attacks when you print it plain like as suggested in the other answer, you'd like to use JSTL fn:escapeXml() to avoid XSS attacks.
<%#taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
...
<input type="text" name="name" value="${fn:escapeXml(product.name)}" />
<input type="text" name="description" value="${fn:escapeXml(product.description)}" />
<input type="text" name="price" value="${fn:escapeXml(product.price)}" />
Note that scriptlets (those <% %> things) are a poor practice and don't offer instant access to request attributes (i.e. <%= product.getName() %> style as suggested in other answer won't work), nor does it offer standard XSS escaping facility.
Can I populate it's text boxes from my
client's database?
Yes you can.
Steps:-
Connect to database in servlet.
Retrieve data in servlet and pass it to jsp.
Get that data from request in jsp.
Display data in jsp using scriptlet or jstl.
to populate data in text box in jsp use following:
suppose you have User object that holds user's information then ...
<input type="text" value="<%= user.getName()%>" />
Related
I created a frontend override of com_content/views/form/tmpl/edit.php and added a plain ol' HTML input field within the <form> as below:
<input type="text" name="jform[attribs][vidurl]" value="" id="jform_attribs_vidurl" />
I expected the data to be saved in the _content/attribs table but it just returns null as if the name is not passed during POST.
It worked properly for the image field
I did the same for the image_intro field and that value saves correctly.
I deleted line
<?php echo $this->form->renderField('image_intro', 'images'); ?>
and used
<input type="hidden" name="jform[images][image_intro]" id="jform_images_image_intro" value="" />
Then pass the image path value from a AJAX process after successful upload via file input field, to the hidden image field via javascript. The data saves successfully on submit.
Is it that there must be an existing XML string with the field attributes?
Does JFORM ignore HTML fields if its attributes are not found in a xml string? How can I get a custom added field to save?
The custom form output
I'm trying to construct URL links, to include in emails, that pre-populates the recipient's information in the form on the site. The site is a Microsoft Bookings site.
The placeholders are not the field IDs, but this is an example of what I'm trying to create:
https://outlook.office365.com/owa/calendar/OsetionLLC#osetion.com/bookings?Name=Kona&Email=konalion#msn.com
When I try to identify the individual form field IDs, for the URL parameters, I see that the form utilizes server-side data-reactid for all the elements.
outerHTML
<input autocorrect="off" autocapitalize="off" spellcheck="false" type="text" placeholder="Name" value="" data-reactid=".0.2.6.1.0.$0" data-keeper-lock-id="k-3jm7ib30q1p">
selector
#mainContainer > div > form > div.section.customerSection > div > div:nth-child(1) > input[type="text"]:nth-child(1)
Xpath
//*[#id="mainContainer"]/div/form/div[6]/div/div[1]/input[1]
My challenge is understanding the proper syntax for the URL, if this is at all possible. I've tried to reverse engineer the syntax in a variety of ways, but continue to get a Bad Request response, no change or an error redirect.
Any education provided is greatly appreciated.
Thank you
While using the MEAN stack, I ran into some issues trying to update my data via the PUT method.
I have a very simple Angular Form:
<form ng-submit="vm.createQuote()">
<label>Author</label>
<input type="text" ng-model="vm.quote.author">
<label>Text</label>
<textarea cols="30" rows="4" ng-model="vm.quote.text"></textarea>
<button type="submit">CREATE</button>
<button ng-click="vm.updateQuote()">UPDATE</button>
</form>
I have a node application using Express and Mongoose(MongoDB). I have tested the REST Api using POSTMAN. Everything works fine on the backend.
When I try to update a certain Quote using the form update button (triggers an $http.put), I get a MongoDB Error:
MongoError: E11000 duplicate key error index: mydb.quotes.$_id_ dup key: { : ObjectId('55acecfcee620c7a04e9641c') }
Although I get this error, my data is updated correctly in the DB. The issue has to come from Angular, because with POSTMAN, all my HTTP requests finish without errors. I have checked that both my requests (via Postman & Angular) have the same headers and body.
Any idea why my requests work in POSTMAN, and not in my Angular app?
While going through the ngSubmit documentation I noticed that I was using ngClick AND ngSubmit in my form. This is a bad thing as explained in the angular form documentation.
Apparently the PUT request is happening correctly when I trigger the update (that's why my data in correctly updated). But because I am using ngSubmit AND ngClick, the form element itself is also doing a POST request, which results in the MongoDB error.
The reason the MongoDB error is thrown, is because the POST request is using the using the response body from the PUT request as it's own body.
That results in a duplicate key error, because the object in the body has an id that already exists in the DB.
The fixed form:
<form>
<label>Author</label>
<input type="text" ng-model="vm.quote.author">
<label>Text</label>
<textarea cols="30" rows="4" ng-model="vm.quote.text"></textarea>
<button ng-click="vm.createQuote()">CREATE</button>
<button ng-click="vm.updateQuote()">UPDATE</button>
</form>
I am trying to use Angular validation on an email field, which is a ASP.NET Webforms server side input box. I am using the html below:
<input type="email" runat="server" id="txtNoCanDo" ng-model="data.email"/>
I get the following error from asp.net: Error 79 'email' is not a valid type for an input tag.
I presume Webforms needs to understand the type value to instantiate the correct server-side control type, and raises an error when parsing this since it does know about the email type.
Is there any way to work around this, possibly by adding the validation requirement for angular in a different way?
In the aspx file, change the type to text, i.e.
<input type="text" runat="server" id="txtNoCanDo" ng-model="data.email"/>
Between your script tags for JQuery and Angular, add the following javascript:
$(function() {
var emailbox = $("#txtNoCanDo");
emailbox.replaceWith(emailBox.clone().attr('type', 'email'));
});
I was going through my app trying to secure it as much as I can and it got me thinking. I always validate my user's input and I always scrub the input, so for example if I have a "birthday" field, I make sure it's a valid date before putting it into the database. But I also have fields in my database like "passwordresettoken", and I have my code generate this field if the user request it.
Now on my normal user profile page, I obviously have no field called "passwordresettoken", so I don't validate or scrub it, because it should not exists in the form that will be passed. In fact, it should never be passed, since it's not something the user would ever input.
So my question is, is it possible to spoof input fields? Could they edit the HTML on my page to include a passwordresettoken field and then do some damage when the form is passed?
Yes absolutely. I don't even have to look at your HTML. I can submit directly using curl.
http://curl.haxx.se/docs/httpscripting.html
This html
<form method="POST" action="junk.cgi">
<input type=text name="birthyear">
<input type=submit name=press value=" OK ">
</form>
Is equivalent to this curl request
curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/junk.cgi