• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

submitting with plenty of hidden fields

 
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello,

I inherited a very old struts application on which i need to do some modifications.
I have however already one fundamental question concerning their usage of struts (the application works fine since many years, but I doubt struts is used like it should be used).

Basically, I see in the .jsp there are plenty of hidden and non-hidden input fields like


Then, in the action classes, they do like


>>> It works, but I doubt that this is good practice?
Can someone confirm or not please?
Thank you
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Esti Vanderkelen wrote:
is good practice?



One of my college professors gave me the following metric for determining if code is good or not: "Does it work and can it be seen to work (i.e. can it easily be read)?". Is dumping a lot of data to hidden fields the best practice? Probably not, but it depends on the other design considerations the author was working with at the time (i.e. was there some reason they couldn't use the session to store information?).
I would question the sanity of anyone using Struts 1 at this time long before questioning the code written with it. It is not supported any more and has at least one known, unfixed vulnerability
 
Esti Vanderkelen
Greenhorn
Posts: 7
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, but isn't it the purpose that all submitted data is transmitted via an actionform instead of via session parameters or request parameters?
i.e. when is it correct to pass data via an actionform, when via request parameters and when via session parameters?
Thanks
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Esti Vanderkelen wrote:
when is it correct to pass data via an actionform, when via request parameters and when via session parameters?



There's no rule that dictates that. In general, I don't put anything on the page that isn't displayed to the user except perhaps a unique identifier for whatever is being edited (i.e. a database ID). I reserve session data for information that will not be edited, but will be referred to throughout the user's visit, for example, the user's name so we can display it in the header or a corporate affiliation so we can display a logo to customize the site.
That said, I can come up with exceptions to all those rules.
If you are thinking about changing the old code, don't. If it works, tinkering with it will probably break something because you don't know all the developer's assumptions. As I mentioned before, the far more glaring problem is that this application uses Struts 1.3.x, which is unsupported and has known issues.
If you are asking about the best practices for working with a modern framework, I would recommend consulting the documentation and tutorials for that framework.
 
Don't listen to Steve. Just read this tiny ad:
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic