File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes Doing server side validation in jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "Doing server side validation in jsp" Watch "Doing server side validation in jsp" New topic
Author

Doing server side validation in jsp

cle tan
Ranch Hand

Joined: Jun 11, 2012
Posts: 68
I already have client side to do validation, but i know that users can bypass javascript

what's the best way to do server side validation

i plan to write a class that takes a regular exp(regex)
then use str.match(regex);

also i should use prepared statements to avoid SQL injection?
Junilu Lacar
Bartender

Joined: Feb 26, 2001
Posts: 4419
    
    5

RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet


Junilu - [How to Ask Questions] [How to Answer Questions]
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60055
    
  65

And to clarify, the title says "in jsp" -- no data processing should ever happen in a JSP. In fact, there should never be any Java code in a JSP.

Forms should be submitted to servlets which can do the validation, or delegate the validation to other Java classes.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
cle tan
Ranch Hand

Joined: Jun 11, 2012
Posts: 68
Junilu Lacar wrote:RegEx is a sledgehammer. Make sure the problem you're trying to solve requires such a big tool. If it's just validating and sanitizing user input, there are other, less cumbersome ways to do that than using RegEx. See the search results for Java web application user input validation

OWASP is a good resource for security-conscious developers: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet


i downloaded the owasp antisamy to prevent XSS attacks

however, i have few problems referencing the policy xml file in the java code
one of which is


asked around and searched but i tried and is still stuck at this step.
not very sure the xml files must be in a certain location
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Doing server side validation in jsp
 
Similar Threads
Validation examples
trim in entityBean
requiredif Validation - Struts Client side validation
JSF Validation
Question on ParseException