File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

gettting form name as a parameter

 
Jigar Naik
Ranch Hand
Posts: 761
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is there anyway out to get HTMl form name as a parameter to my servlet.

something like this...



and getting this form name in my servlet code...through this form tag or anything else.. ???
[ December 28, 2006: Message edited by: Bear Bibeault ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64185
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Not automatically, no.

Why would you want to do this? To me, it's a red flag that says your design may not be optimum.
 
Jigar Naik
Ranch Hand
Posts: 761
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
well in my database i'll be having the table name same as my html form name and thats why i want form name

see the code :
 
Ulf Dittmer
Rancher
Pie
Posts: 42966
73
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Coupling HTML elements with DB table names indeed seems not such a good idea. If you really want to, you can send the form name as a hidden HTML parameter.
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64185
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Ulf Dittmer:
Coupling HTML elements with DB table names indeed seems not such a good idea.


I concur. That's a really fragile design.
 
Robert Berg
Greenhorn
Posts: 10
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You should never do that! It's dangerous to have information on the exact tables and fields of where the data should go in in your html. You must realize that a hacker can always change that information and send the data in tables you don't want it to go in. A hacker could for example add a row to a user table and add an account for himself.
 
Dave Wingate
Ranch Hand
Posts: 262
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Design concerns above are apt ... if you really want to pass a "secret" parameter to your servlet, you could do something like this:



The servlet that is mappped to "/SendMail/sendMail" will get all parameters in your form and will also get a parameter named "table" with value "adventureForm"
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64185
83
IntelliJ IDE Java jQuery Mac Mac OS X
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm not sure what's so secret about that.

Also, mixing form elements and query params is usually not recommended as some browsers don't handle it all that gracefully.

Better to use a hidden element when passing extra information.

But as already pointed out, using table names and such directly is not only fragile but a security risk.
[ December 29, 2006: Message edited by: Bear Bibeault ]
 
Dave Wingate
Ranch Hand
Posts: 262
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"secret" in the sense that the parameter is not presented to the user in the UI ... much the same as a hidden form field.
 
I agree. Here's the link: http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic