You absolutely, positively, should not use it. JSPs are for generating textual views; DB access code has no place in them. It was a poor decision on the part of the JSTL designers to include that. You should read up on the MVC pattern to learn why that is.
Joined: May 29, 2008
Are there any serious security issues with it. Actually i have done with servlet also and passed ArrayList to jsp. In the code below see how the rows are accessed its easy like row.name, where name is column of DB. In the other case i.e using servlet and passing the data to jsp to view, i am unable to do that, I mean i get error while trying to use row.name, that is silly, but i am not able to understand. In case of servlet i am adding the content to list in this way.
and when I am trying to use the below code to view only in case using ArrayList data, its not working, whereas works fine with the JSTL aql tag. I would like to know how to add data to that ArrayList so that i could access it in the below way. Thanks
Joined: Sep 21, 2011
The JSTL tag isn't any less secure than DB code written in servlets or backing beans, provided you take the same care (like protect from SQL injection, parameter fiddling, DOS attacks etc.). JSPs are just a simplified form of writing servlets, after all.