Processing Web Input with MySQL - MySQL

Database Reference

In-Depth Information

<c:if test= "${val == defaultVal}" > checked="checked" </c:if>

/> <c:out value= "${val}" /><br />

</c:forEach>

or a pop-up menu like this:

<c:forEach items= "${values}" var= "val" >

<option

value= "<c:out value=" ${val}" /> "

<c:if test= "${val == defaultVal}" > selected="selected" </c:if>

> <c:out value= "${val}" /></option>

</c:forEach>

</select>

Don't Forget to HTML-Encode All List Content in Forms

The Ruby, PHP, and Python utility routines described in this recipe for generating list

elements perform HTML-encoding of attribute values for the HTML tags that make up

the list, such as the name and value attributes. They also encode the labels. I've noticed

that many published accounts of list generation do not do this, or they encode the labels

but not the values. That is a mistake. If either the label or the value contains a special

character like & or < , the browser may misinterpret them, and your application will

misbehave. It's also important to make sure that your encoding function turns double

quotes into " entities (or " , which is equivalent), because tag attributes are so

often enclosed within double quotes. Failing to convert a double quote to the entity

name in an attribute value results in a double quote within a double-quoted string, which

is malformed.

If you use the Perl CGI.pm module or the JSTL tags to produce HTML for form elements,

encoding is taken care of for you. CGI.pm's form-related functions automatically per‐

form encoding. Similarly, using the JSTL <c:out> tag to write attribute values from JSP

pages produces properly encoded values.

The list-generating methods discussed here are not tied to any particular database table,

so they can be used to create form elements for all kinds of data, not just those shown

for the cow-ordering scenario. For example, to enable a user to pick a table name in a

database administration application, generate a scrolling list that contains an item for

each table in the database. A CGI.pm-based script might do so like this:

my $table_ref = $dbh -> selectcol_arrayref ( qq{

SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES

WHERE TABLE_SCHEMA = 'cookbook' ORDER BY TABLE_NAME

} );

print scrolling_list ( - name => "table" ,

- values => $table_ref ,

- size => 10 ); # display 10 items at a time

MySQL

Search WWH ::

Custom Search

Home