使用Servlet和JSP验证数字 [英] Validating numbers with Servlets and JSP

问题描述

我正在研究一个小型Servlets&学习Web开发时使用JSP应用程序.

I'm working on a small Servlets & JSP application while learning web development.

我有一个关于验证和在jsp和servlet之间传递值的问题.

I have a question regarding validations and passing values between jsp and servlets.

我有一个啤酒"类，带有评级"属性(类型为double).

I have a "Beer" class, with a "rating" property (of type double).

加载"edit.jsp"的servlet创建一个Beer对象，并从数据库中加载当前值.

The servlet that loads "edit.jsp" creates a Beer object and loads the current values from the DB.

BeerDAO beerdao = new BeerDAO();
Beer beer = beerdao.getBeer(id);            
request.setAttribute("beer", beer);

在JSP中，对象以以下方式显示:

In the JSP, the object is displayed in the following manner:

...
<td class="left">Beer Name:</td>
<td><input type="text" name="name" value="${beer.name}"/></td>
...
<td class="left">Rating:</td>
<td><input type="text" name="rating" value="${beer.rating}"/></td>
...

现在，当我将表单提交到更新" servlet时，每个属性都将得到验证.对于"rating"属性，我将其转换为double.

Now, when I submit the form to the "update" servlet, each property is validated. In the case of the "rating" property, I convert it to a double.

如果我在验证中发现错误(即:字母，而不是等级值的数字)，我想返回到带有用户键入的值和错误消息的表格.问题是，我需要在请求中显示一个Beer对象，以便在表单中显示该对象，但是我无法将"rating"值传递给它，因为它的类型不正确.因此，现在我将用户引导回具有空等级的表单.

Should I find an error in the validation (ie: letters, instead of numbers for the rating value), I want to go back to the form with the values that the user typed and an error message. Thing is, I need a Beer object in the request to be displayed in the form, but I can't pass the "rating" value to it, because it's not of the correct type. So right now I'm seeding the user back to a form with an empty rating.

我猜我做错了.那么，验证数字并返回编辑表单的正确方法是什么?

I'm guessing I'm going at it wrong. So, what would be the proper way to validate numbers and get back to the edit form?

推荐答案

最基本的方法是在请求范围内使用Map<String, String>，其中键代表字段名，值代表验证错误-如果有的话

The most basic approach would be to have a Map<String, String> in the request scope where the key represents the field name and the value represents the validation error -if any.

BeerDAO beerdao = new BeerDAO();
Beer beer = beerdao.getBeer(id);            
request.setAttribute("beer", beer);
// ...

Map<String, String> messages = new HashMap<String, String>();
request.setAttribute("messages", messages);
// ...

String rating = request.getParameter("rating");
if (rating == null) {
    messages.put("rating", "Please enter rating");
} else if (!rating.matches("\\d+")) {
    messages.put("rating", "Please enter numbers only");
} else {
    beer.setRating(Integer.valueOf(rating));
}

// ...

然后在视图中

<input name="rating" value="${empty messages.rating ? beer.rating : param.rating}" />
<span class="error">${messages.rating}</span>

当没有消息(因此验证已通过)时，条件表达式将显示啤酒等级，否则将用户提交的值作为请求参数.

The conditional expression will show the beer rating when there is no message (and thus validation has passed) and otherwise the user-submitted value as request parameter.

不相关与具体问题无关，重新显示用户提交的数据而不进行XML转义会导致 XSS 攻击.我强烈建议安装 JSTL 并使用

Unrelated to the concrete problem, redisplaying user submitted data without XML-escaping it is prone to XSS attacks. I strongly suggest to install JSTL and use fn:escapeXml() function to escape the values.

<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>   
...
<input name="rating" value="${fn:escapeXml(empty messages.rating ? beer.rating : param.rating)}" />

这篇关于使用Servlet和JSP验证数字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！