Database Reference
In-Depth Information
If a parameter name is legal as an object property name, you can also access the pa‐
rameter using dot notation:
color value:
<c:out
value=
"${param.color}"
/>
accessory values:
<c:forEach
items=
"${paramValues.accessories}"
var=
"val"
>
<c:out
value=
"${val}"
/>
</c:forEach>
To produce a list of parameter objects with
key
and
value
attributes, iterate over the
paramValues
variable:
<ul>
<c:forEach
items=
"${paramValues}"
var=
"p"
>
<li>
name:
<c:out
value=
"${p.key}"
/>
;
values:
<c:forEach
items=
"${p.value}"
var=
"val"
>
<c:out
value=
"${val}"
/>
</c:forEach>
</li>
</c:forEach>
</ul>
To construct URLs that point to JSP pages and that have parameters at the end, separate
the parameters by
&
characters.
20.6. Validating Web Input
Problem
After extracting the parameters supplied to a script, you want to check them to be sure
they're valid.
Solution
Web input processing is one form of data import, so after you've extracted the input
parameters, validate them using the techniques discussed in
Chapter 12
.
Discussion
One phase of web form processing is extracting the input returned when the user sub‐
mits the form. It's also possible to receive input in the form of parameters at the end of
a URL. Either way, if you plan to store the input in your database, it's important to check
it to be sure that it's valid.
