aspose file tools*
The moose likes Servlets and the fly likes gettting form name as a parameter Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "gettting form name as a parameter" Watch "gettting form name as a parameter" New topic
Author

gettting form name as a parameter

Jigar Naik
Ranch Hand

Joined: Dec 12, 2006
Posts: 757
Is there anyway out to get HTMl form name as a parameter to my servlet.

something like this...



and getting this form name in my servlet code...through this form tag or anything else.. ???
[ December 28, 2006: Message edited by: Bear Bibeault ]

Jigar Naik


Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61426
    
  67

Not automatically, no.

Why would you want to do this? To me, it's a red flag that says your design may not be optimum.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Jigar Naik
Ranch Hand

Joined: Dec 12, 2006
Posts: 757
well in my database i'll be having the table name same as my html form name and thats why i want form name

see the code :
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42280
    
  64
Coupling HTML elements with DB table names indeed seems not such a good idea. If you really want to, you can send the form name as a hidden HTML parameter.


Ping & DNS - my free Android networking tools app
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61426
    
  67

Originally posted by Ulf Dittmer:
Coupling HTML elements with DB table names indeed seems not such a good idea.


I concur. That's a really fragile design.
Robert Berg
Greenhorn

Joined: Dec 29, 2006
Posts: 10
You should never do that! It's dangerous to have information on the exact tables and fields of where the data should go in in your html. You must realize that a hacker can always change that information and send the data in tables you don't want it to go in. A hacker could for example add a row to a user table and add an account for himself.


<a href="http://exceptionnull.net" target="_blank" rel="nofollow">Exception: null</a>
Dave Wingate
Ranch Hand

Joined: Mar 26, 2002
Posts: 262
Design concerns above are apt ... if you really want to pass a "secret" parameter to your servlet, you could do something like this:



The servlet that is mappped to "/SendMail/sendMail" will get all parameters in your form and will also get a parameter named "table" with value "adventureForm"


Fun programming etcetera!
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61426
    
  67

I'm not sure what's so secret about that.

Also, mixing form elements and query params is usually not recommended as some browsers don't handle it all that gracefully.

Better to use a hidden element when passing extra information.

But as already pointed out, using table names and such directly is not only fragile but a security risk.
[ December 29, 2006: Message edited by: Bear Bibeault ]
Dave Wingate
Ranch Hand

Joined: Mar 26, 2002
Posts: 262
"secret" in the sense that the parameter is not presented to the user in the UI ... much the same as a hidden form field.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: gettting form name as a parameter