Database Reference
In-Depth Information
with
?
and consists of
name
=
value
pairs separated by
;
or
&
characters. (It's also
possible to place information in the middle of a URL, but this topic doesn't cover
that.)
• As part of a
post
request, such as a form submission that specifies
meth
od="post"
in the
<form>
tag. The contents of a form for a
post
request are sent as
parameters in the body of the request, rather than at the end of the URL.
You may also have occasion to process other types of input, such as uploaded files. Those
are sent using
post
requests, but as part of a special kind of form element.
Recipe 20.8
discusses file uploads.
When you gather input for a web script, you should consider how the input was sent.
(Some APIs distinguish between input sent via
get
and
post
; others do not.) However,
after you have pulled out the information that was sent, the request method doesn't
matter. The validation and statement construction stages need not know whether pa‐
rameters were sent using
get
or
post
.
The
recipes
distribution includes scripts that process input parameters in the
apache/
params
directory (
tomcat/mcb
for JSP). Each script enables you to submit
get
or
post
requests, and shows how to extract and display the parameter values thus submitted.
Examine these scripts to see how the parameter-extraction methods for the various APIs
are used. Utility routines invoked by the scripts can be found in the library modules in
the
lib
directory of the distribution.
Web input extraction conventions
To obtain input parameters passed to a script, familiarize yourself with your API's con‐
ventions so that you know what it does for you, and what you must do yourself. You
should know the answers to these questions:
• How do you determine which parameters are available?
• How do you obtain a parameter value from the environment?
• Are values thus obtained the actual values submitted by the client, or do you need
to decode them further?
• How are multiple-valued parameters handled (for example, when several items in
a checkbox group are selected)?
• For parameters submitted in a URL, which separator character does the API expect
between parameters? This may be
&
for some APIs and
;
for others.
;
is preferable
as a parameter separator because it's not special in HTML like
&
is, but many
browsers or other user agents separate parameters using
&
. If you construct a URL
within a script that includes parameters at the end, be sure to use a parameter-
separator character that the receiving script understands.
