I am trying to store the results of my query in a string, and print them to the bottom of my JSP page by passing that string to it. Right now, the JSP page displays fine initially, but nothing is happening when I click the button to post the command. Earlier when I accessed the servlet from an html page, and printed all my output to out using a PrintWriter, I got the results to display, but they would display on a separate page.
1) Is it a good idea to store out in this way, or should I make it something different than a string?
2) How do I get the results of the query to post to the JSP page?
databaseServlet.java
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.sql.*;
#SuppressWarnings("serial")
public class databaseServlet extends HttpServlet {
private Connection conn;
private Statement statement;
public void init(ServletConfig config) throws ServletException {
try {
Class.forName(config.getInitParameter("databaseDriver"));
conn = DriverManager.getConnection(
config.getInitParameter("databaseName"),
config.getInitParameter("username"),
config.getInitParameter("password"));
statement = conn.createStatement();
}
catch (Exception e) {
e.printStackTrace();
}
}
protected void doPost (HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String out = "\n";
String query = request.getParameter("query");
if (query.toString().toLowerCase().contains("select")) {
//SELECT Queries
try {
ResultSet resultSet = statement.executeQuery(query.toString());
ResultSetMetaData metaData = resultSet.getMetaData();
int numberOfColumns = metaData.getColumnCount();
for(int i = 1; i<= numberOfColumns; i++){
out.concat(metaData.getColumnName(i));
}
out.concat("\n");
while (resultSet.next()){
for (int i = 1; i <= numberOfColumns; i++){
out.concat((String) resultSet.getObject(i));
}
out.concat("\n");
}
}
catch (Exception f) {
f.printStackTrace();
}
}
else if (query.toString().toLowerCase().contains("delete") || query.toLowerCase().contains("insert")) {
//DELETE and INSERT commands
try {
conn.prepareStatement(query.toString()).executeUpdate(query.toString());
out = "\t\t Database has been updated!";
}
catch (Exception l){
l.printStackTrace();
}
}
else {
//Not a valid response
out = "\t\t Not a valid command or query!";
}
RequestDispatcher dispatcher = request.getRequestDispatcher("/dbServlet.jsp");
dispatcher.forward(request, response);
request.setAttribute("queryResults", out);
}
}
dbServlet.jsp
<?xml version = "1.0"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- dbServlet.html -->
<html xmlns = "http://www.w3.org/1999/xhtml">
<head>
<title>MySQL Servlet</title>
<style type="text/css">
body{background-color: green;}
</style>
</head>
<body>
<h1>This is the MySQL Servlet</h1>
<form action = "/database/database" method = "post">
<p>
<label>Enter your query and click the button to invoke a MySQL Servlet
<textarea name = "query" cols="20" rows="5"></textarea>
<input type = "submit" value = "Run MySQL Servlet" />
<input type = "reset" value = "Clear Command" />
</label>
</p>
</form>
<hr>
<%=
request.getAttribute("queryResults");
%>
</body>
</html>
dispatcher.forward(request, response);
request.setAttribute("queryResults", out);
It should be like this
request.setAttribute("queryResults", out);
dispatcher.forward(request, response);
Before the request is dispatched the attributes has to be set
1) Is it a good idea to store out in this way, or should I make it something different than a string?
Since this is tabular data, I'd use something that preserves that structure, so that the JSP can piece it apart easily for customized formatting. Bold headers, putting it in an HTML table and stuff. Either some custom bean, or maybe just a List<String[]>.
2) How do I get the results of the query to post to the JSP page?
What you are doing now (request.setAttribute) should work. However, you need to set the attribute before you forward the request.
You could then print the String you now have like this:
<%= request.getAttribute("queryResults") %>
Or if you go with a table-structure
<% List<String[]> rows = request.getAttribute("queryResults"); %>
and then loop over that.
1) Is it a good idea to store out in this way, or should I make it something different than a string?
NO. Don't mix the presentation logic in Java code. Leaverage your JSP for that purpose I would advice you to use JAVA objects and store the row wise values in one object instance. Put all the objects in a collection and use the same in JSP for display. Same goes with column names.
2) How do I get the results of the query to post to the JSP page?
In your current format of queryResults, just print the results using = operator or out.println method in your JSP as:
<hr>
<%=request.getAttribute("queryResults"); %>
or
<% out.println(request.getAttribute("queryResults"));%>
But if you decide t use collection as adviced in answer1, then get the collection back from the request, iterate and print the results, e.g. if you decide to use List<String[]> where String[] maps one row data then:
<TABLE id="results">
<% List<String> columns = (List<String>)request.getAttribute("queryColumns");
List<String[]> results = (List<String[]>)request.getAttribute("queryResults");
out.println("<TR>");
for(String columnName: columns ){
out.println("<TD>"+columnName+"</TD>");
}
out.println("</TR>");
//print data
for(String[] rowData: results){
out.println("<TR>");
for(String data: rowData){
out.println("<TD>"+data+"</TD>");
}
out.println("</TR>");
}
%>
</TABLE>
Related
I want to change the table from the page /manager/html/sessions of Tomcat.
The jsp file for that page is tomcatpath/webapps/manager/WEB-INF/jsp/sessionsList.jsp
I want to add a new column in table which contains the path of last page which client has requested.
Ex: if the last request of client is mydom.com/path/3, I want to show in table /path/3
This is the part where are iterated all sessions
<%
for (Session currentSession : activeSessions) {
String currentSessionId = JspHelper.escapeXml(currentSession.getId());
String type;
if (currentSession instanceof DeltaSession) {
if (((DeltaSession) currentSession).isPrimarySession()) {
type = "Primary";
} else {
type = "Backup";
}
} else if (currentSession instanceof DummyProxySession) {
type = "Proxy";
} else {
type = "Primary";
}
//I have problem getting the last accessed path by client.
String lastPath = ...;
%>
//html where is printed every row with data from session
//use here <%= lastPath %>
<%
} //end of for
%>
I don't know how to extract the last accessed path.
Tomcat version: Apache Tomcat/9.0.20
Im using NetBeans 8.0 . I've created a table "full" in database "face" . Earlier , I created a table "student" in database "rishi" . Now , after deleting the table from database "rishi" & also after changing the database to "full" , I get the following error :-
java.sql.SQLException: Base table or view not found message from server: "Table 'face.student' doesn't exist".
Here's my HTML code :-
<html>
<head>
<title>TODO supply a title</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<center>
<h1>Login !</h1>
<hr>
<form action = "Check" method = "post">
<pre>
Enter email : <input type = "text" name = "email">
Enter password : <input type = "password" name = "pass">
<input type = "submit" value = "Login">
</pre>
</form>
<hr>
<h3>New ? Sign in today !</h3>
<form action = "New" method = "post">
<pre>
Enter name : <input type = "text" name = "user">
Enter email : <input type = "text" name = "newEmail">
Enter password : <input type="password" name = "newPass">
Re-enter password : <input type="password" name = "repass">
<input type = "submit" value = "Sign Up">
</pre>
</form>
</center>
</body>
</html>
And here's my Servlet :-
public class New extends HttpServlet {
#Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
String name = request.getParameter("user");
String email = request.getParameter("newEmail");
String pass = request.getParameter("newPass");
String repass = request.getParameter("repass");
try {
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/face" , "root" , "root");
Statement st = con.createStatement();
ResultSet r = st.executeQuery("select * from full");
int flag = 0;
while(r.next()) {
String s = r.getString(2);
if(pass.equals(repass) || email.equals(s)) {
flag = 1;
}
else {
flag = 2;
}
if(flag == 2) {
response.sendRedirect("fail2.html");
}
else {
String qr = String.format("insert into student values('%s','%s','%s')" , name , email , pass);
st.executeUpdate(qr);
response.sendRedirect("home.html");
}
}
catch (ClassNotFoundException ex) {
out.println("Cannot load driver !");
} catch (SQLException ex) {
out.println(ex);
}
}
#Override
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
doGet(request,response);
}
}
What could possibly be going wrong ?
Thank you in advance !
Sorry my bad - just re-read the question.. in fact your database connection is fine, because you still have database face
The problem is with your Insert statement - You are trying to insert data into a table which is non existent in the database.
String qr = String.format("insert into student values('%s','%s','%s')" , name , email , pass);
this is where the problem lies - so either you have to make a table student in that "new" database, OR change this to something existing in db.
String qr = String.format("insert into " insert valid table name here "values('%s','%s','%s')" , name , email , pass);
But i want to address different issue - I do not understand why you have this ?
if(pass.equals(repass) || email.equals(s)) {
flag = 1;
}
else {
flag = 2;
}
if(flag == 2) {
response.sendRedirect("fail2.html");
}
else {
String qr = String.format("insert into student values('%s','%s','%s')" , name , email , pass);
st.executeUpdate(qr);
response.sendRedirect("home.html");
}
this block seems to be (to me) redundat because you check if credentials mach if they do you set flag to 1 - so far so good, but if they don't you set flag to 2. Thats also fine - but why do you have ANOTHER if statement to check if the flag is 2 ? and if is you redirect to fail.html. Otherwise you do some query... Its kind of redundand ( unless you expect more than 2 flags) if you DONT then this block below is a lot nicer solution
if(pass.equals(repass) || email.equals(s)) {
String qr = String.format("insert into student values('%s','%s','%s')" , name , email , pass);
st.executeUpdate(qr);
response.sendRedirect("home.html");
}
else {
response.sendRedirect("fail2.html");
}
Err:
DriverManager.getConnection("jdbc:mysql://localhost:3306/face" , "root" , "root");
So, you're connecting to the face database.
And then
insert into student values('%s','%s','%s')
So, yes, your code tries to access the face.student table.
In my web application, I use the .load() function in JQuery, to load some JSP pages inside a DIV.
$("#myDiv").load("chat.jsp");
In chat.jsp, no Java codes is executed unless this client has Logged in, means, I check the session.
String sessionId = session.getAttribute("SessionId");
if(sessionId.equals("100")){
//execute codes
}else{
//redirect to log in page
}
Those java codes that will be executed, they will out.println(); some HTML elements.
I don't want the client to write /chat.jsp in the browser to access this page, as it will look bad, and the other stuff in the main page won't be there, and this could do a harm to the web app security.
How can I restrict someone from accessing chat.jsp directly, but yet keep it accessible via .load() ?
UPDATE:
JavaDB is a class that I made, it connects me to the Database.
This is chat.jsp
<body>
<%
String userId = session.getAttribute("SessionId").toString();
if (userId != null) {
String roomId = request.getParameter("roomId");
String lastMessageId = request.getParameter("lastMessageId");
JavaDB myJavaDB = new JavaDB();
myJavaDB.Connect("Chat", "chat", "chat");
Connection conn = myJavaDB.getMyConnection();
Statement stmt = conn.createStatement();
String lastId = "";
int fi = 0;
ResultSet rset = stmt.executeQuery("select message,message_id,first_name,last_name from users u,messages m where u.user_id=m.user_id and m.message_id>" + lastMessageId + " and room_id=" + roomId + " order by m.message_id asc");
while (rset.next()) {
fi = 1;
lastId = rset.getString(2);
%>
<div class="message">
<div class="messageSender">
<%=rset.getString(3) + " " + rset.getString(4)%>
</div>
<div class="messageContents">
<%=rset.getString(1)%>
</div>
</div>
<% }
%>
<div class="lastId">
<% if (fi == 1) {%>
<%=lastId%>
<% } else {%>
<%=lastMessageId%>
<% }%></div>
<% if (fi == 1) {%>
<div class="messages">
</div>
<% }
} else {
response.sendRedirect("index.jsp");
}%>
</body>
Guys I don't know what Filter means.
UPDATE
If I decided to send a parameter that tells me that this request came from Jquery.
.load("chat.jsp", { jquery : "yes" });
And then check it in chat.jsp
String yesOrNo = request.getParameter("jquery");
Then they can simply hack this by using this URL.
/chat.jsp?jquery=yes
or something like that..
UPDATE
I tried Maksim's advice, I got this when I tried to access chat.jsp.
Is this the desired effect?
In order to achieve this in my application I check for X-Requested-With field in http header the client sends to my page in its request. If its value is XMLHttpRequest, then it's very likely that it came from an ajax request (jQuery appends this header to its requests), otherwise I don't serve the page. Regular (direct) browser requests will leave this header field blank.
In ASP.Net it looks like this, you will have to change your code slightly for JSP:
if (Request.Headers["X-Requested-With"] != "XMLHttpRequest")
{
Response.Write("AJAX Request only.");
Response.End();
return;
}
UPD: After quick googling your code will probably be something like this
if(!request.getHeader("X-Requested-With").equals("XMLHttpRequest")){
out.println("AJAX Request only.");
out.flush();
out.close();
return;
}
UPD2: Looks like request.getHeader("X-Requested-With") returns null in your case change the condition to something like this:
String ajaxRequest = request.getHeader("X-Requested-With");
if(ajaxRequest == null || !ajaxRequest.equals("XMLHttpRequest")){
...
}
Is your code snippet a servlet? If that's so, use a security framework (such as Spring Security) or a javax.servlet.Filter for applying security, then you can apply security to JSPs too.
you should use Filter. Check session in filter code and redirect to login.
according to http://www.c-sharpcorner.com/blogs/2918/how-to-set-a-request-header-in-a-jquery-ajax-call.aspx
JQuery gives you the tools you need to create a request and retrieve a response through it's ajax library. The raw $.ajax call gives you all kinds of callbacks to manipulate http messages.
So you can add a custom request header in your Ajaxa call like this
$.ajax({
type:"POST",
beforeSend: function (request)
{
request.setRequestHeader("Authority", "AJAXREQUEST");
},
...........
And then in your servlet check to see if the request has the header Authority equals to AJAXREQUEST. This is how you read request headers http://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Request-Headers.html
I am getting ResultSet after an Oracle query. when I iterating through the ResultSet its going in infinite loop.
ResultSet rs = (ResultSet) // getting from statement
while (rs.next()) {
//
//
}
this loop is not terminating so I tried finding number of records using rs.getFetchSize() and its returning a value 10.
I want to know if this is the correct method to find out number of records in ResultSet and if the count is 10 why is it going in infinite loop.
Please give your opinion.
Actually, the ResultSet doesn't have a clue about the real number of rows it will return.
In fact, using a hierachical query or a pipelined function, the number might as well be infinite. 10 is the suggested number of rows that the resultset should/will try to fetch in a single operation. (see comment below).
It's best to check your query, if it returns more rows than you expect.
To know number of records present, try the following code
ResultSet rs = // getting from statement
try {
boolean b = rs.last();
int numberOfRecords = 0;
if(b){
numberOfRecords = rs.getRow();
}
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
A simple getRowCount method can look like this :
private int getRowCount(ResultSet resultSet) {
if (resultSet == null) {
return 0;
}
try {
resultSet.last();
return resultSet.getRow();
} catch (SQLException exp) {
exp.printStackTrace();
} finally {
try {
resultSet.beforeFirst();
} catch (SQLException exp) {
exp.printStackTrace();
}
}
return 0;
}
Your resultSet should be scrollable to use this method.
Just looked this seems to be on similar lines on this question
When you execute a query and get a ResultSet, I would say it is really at this moment you or even the program-self actually don't how many results will be returned, this case is very similar Oracle CURSOR, it is just declare to Oracle that you want do such a query, hence then we have to for each ResultSet to get row one by one up to the last one.
As the above guys has ready answered: rs.last will iterate to last one at this time the program has ability to totally how many rows will be returned.
if(res.getRow()>0)
{
// Data present in resultset<br>
}
else
{
//Data not present in resultset<br>
}
You can look at snippet of code below where you can find how to calculate the loaded number of records from data set. This example is working with external data set (whiich comes in json format) so you can start with yours. The necessary piece of code is placed in script of controller (this page is based on ApPML javascript and cotroller works with loaded objects of ApPML). Code in controller returns number of the loaded reocords of data set and number of fields of data model.
<!DOCTYPE html>
<html lang="en-US">
<title>Customers</title>
<style>
body {font: 14px Verdana, sans-serif;}
h1 { color: #996600; }
table { width: 100%;border-collapse: collapse; }
th, td { border: 1px solid grey;padding: 5px;text-align: left; }
table tr:nth-child(odd) {background-color: #f1f1f1;}
</style>
<script src="http://www.w3schools.com/appml/2.0.2/appml.js"></script>
<body>
<div appml-data="http://www.w3schools.com/appml/customers.aspx" appml-controller="LukController">
<h1>Customers</h1>
<p></p>
<b>It was loaded {{totalRec}} records in total.</b>
<p></p>
<table>
<tr>
<th>Customer</th>
<th>City</th>
<th>Country</th>
</tr>
<tr appml-repeat="records">
<td>{{CustomerName}}</td>
<td>{{City}}</td>
<td>{{Country}}</td>
</tr>
</table>
</div>
<script>
function LukController($appml) {
if ($appml.message == "loaded") {
$appml.totalRec = Object.keys($appml.data.records).length;
}
}
// *****************************************************************
// Message Description
//
// ready Sent after AppML is initiated, and ready to load data.
// loaded Sent after AppML is fully loaded, ready to display data.
// display Sent before AppML displays a data item.
// done Sent after AppML is done (finished displaying).
// submit Sent before AppML submits data.
// error Sent after AppML has encountered an error.
// *****************************************************************
</script>
</body>
</html>
I got answer:- The below are steps that you need to follow:
Make sure your are using select query(e.g select * from employee).
Don't use count query(e.g select count(*) from employee).
Then use below steps:
Statement stmt=conn.createStatement();
ResultSet rs=stmt.executeQuery("select * from employee");
while(rs.next()){
rowCount++;
}
return rowCount;
}
where rs is object of ResultSet.
Then you will get exact number of row count.
I have a java servlet (class) which populates form data.
//encode string for special characters
String encodedString = URLEncoder.encode(desc, "UTF-8");
out_table.append("<form name=\"masinsert"+id+"\" method=\"GET\" action=\"MASInsert2\">\n");
out_table.append("<input type=hidden id=\"partnumber"+id+"\" name=\"partnumber"+id+"\" value=\""+part+"\">\n");
out_table.append("<input type=hidden id=\"itemdescription"+id+"\" name=\"itemdescription"+id+"\" value=\""+encodedString+"\">\n");
out_table.append("<tr><td colspan=2><input id=\"m"+id+"\" type=\"button\" onclick=\"masinsert('"+ id +"')\" value=\"Add\"></td></tr>");
which loops with a different id as you can see so a form would look like this
<form name="masinser12" method="GET" action="MASInsert2">
<input type=hidden id="partnumber12" name="partnumber12" value="9999">
<input type=hidden id="itemdescription12" name="itemdescription12" value="1. test description">
<input id="m12" type="button" onclick="masinsert('"+ id +"')" value="Add">
<form name="masinser13" method="GET" action="MASInsert2">
<input type=hidden id="partnumber13" name="partnumber13" value="2222">
<input type=hidden id="itemdescription13" name="itemdescription13" value="2. test description">
<input id="m12" type="button" onclick="masinsert('"+ id +"')" value="Add">
and they post to this javascript which is in the head of the html of the generated forms
function masinsert(id)
{
var currentTime=new Date();
var button = document.getElementById("m"+id);
button.onclick="";
button.value="Inserting";
var partnumber = document.getElementById("partnumber"+id).value;
var itemdescription = document.getElementById("itemdescription"+id).value;
function handleHttpResponse()
{
if (http.readyState == 4) {
button.value="Item Added";
}
}
var http = getHTTPObject(); // We create the HTTP Object
var tempUrl = "\MASInsert2";
tempUrl += "?partnumber="+partnumber+"&"+"itemdescription="+itemdescription+"&"+"itemshortdescription="+itemdescription.substring(0,37)
alert(tempUrl);
http.open("GET", tempUrl, true);
http.onreadystatechange = handleHttpResponse;
http.send(null);
}
function getHTTPObject(){
var xmlhttp;
/*#cc_on
#if (#_jscript_version >= 5)
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
}catch (e){
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}catch (E) {
xmlhttp = false;
}
}
#else
xmlhttp = false;
#end #*/
if (!xmlhttp && typeof XMLHttpRequest != 'undefined') {
try {
xmlhttp = new XMLHttpRequest();
} catch (e) {
xmlhttp = false;
}
}
return xmlhttp;
}
and the javascript turns around and posts to this java file which inserts the data into the database with the snippet
String partnumber = request.getParameter( "partnumber");
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String itemdescription = URLDecoder.decode(request.getParameter( "itemdescription"), "UTF-8");
String itemshortdescription = request.getParameter( "itemshortdescription");
out.println(itemimport(partnumber,itemdescription, itemshortdescription));
}
{ private String itemimport (String partnumber, String itemdescription, String itemshortdescription){
---
---
}
I decided to shorten the number of paramters for readibility. The main thing I'm having trouble with is how the URLDecoding and URLEncoding is transferring over correctly to be inserted into a Java PreparedStatement. I've narrowed it down the problem being somewhere in the javascript because when I created a simple html form with variables populated with the URLEncoded values, it inserts just fine. However when I run it through the javascript, I get a Null error
Is there a better way to do this or any ideas why the values are not making it through? Does javascript require some working around with when encoding strings to be Post'ed or Get?
thanks in advance.
UPDATE:
I just did a System.out.println on reach request.getParamter and the script stops at
String itemdescription = URLDecoder.decode(request.getParameter( "itemdescription"), "UTF-8");
so it obviously has a problem with the URLDecoder.decode(request.getParameter("itemdescription"),"UTF-8")
Here are some things to try:
In your JavaScript, encode your URL paraemters with encodeURIComponent:
tempUrl += "?partnumber="+encodeURIComponent(partnumber)+"&"+"itemdescription="+encodeURIComponent(itemdescription)+"&"+"itemshortdescription="+encodeURIComponent(itemdescription.substring(0,37))
Next, you may have to set the encoding on the request using setCharacterEncoding
Last, I think if you call request.getParameter, it does the URLDecoding for you.
looks like you should be url encoding your request parameter values in your javascript
tempUrl += "?partnumber="+partnumber+"&"+"itemdescription="+escape(itemdescription)+"&"+"itemshortdescription="+escape(itemdescription.substring(0,37))