1

I have 2 jsp-page. In first jsp-page I use combobox who choosing subject, several radio button for action. On servlet this page I get request.getParameter("subjectID").

Better If I show servlets and jsp

<form  action="/TutorWebApp/controller" method="POST" name="editTestForm">
                <p>
                    Choose subject 
                    <select name='subject'>
                        <c:forEach items="${subjects}" var="subject" >                  
                            <option value="${subject.key}">
                                ${subject.value.getName()}
                            </option>                    
                        </c:forEach>
                    </select>  
                </p>                
                <input type="radio" name="command" value="add_test">
                Add test <br />
                <input type="radio" name="command" value="add_subject">
                Add subject <br />                
                <input type="submit" value="OK"/>                 
            </form>

In this page I choose subject from combobox. And choose "Add test". After I go to servlet where

class AddTestCommand implements Command {

    private static final String PARAM_TEST_NAME = "testName";
    private static final String PARAM_SUBJECT = "subject";

    @Override
    public String execute(HttpServletRequest request) throws ServletException, IOException {
        String page = " ";
        String message = " ";        

        String testName = request.getParameter(PARAM_TEST_NAME);


        if (testName != null && (!"".equals(testName))) {

            HttpSession session = request.getSession(true);
            Integer userID = (Integer) session.getAttribute("userID");


            Integer subjectId = 
                    Integer.valueOf(request.getParameter(PARAM_SUBJECT));

            if(AddTestLogic.addTest(userID, subjectId, testName)){
               message = "Success";
            } else{
               message = "This test already exist"; 
            }        

            request.setAttribute("result", message);
        }       


        page = ResourceBuilder.getPropertyManager(PropertyEnum.JSP_PAGE).
                getProperty("path.page.addtest");
        return page;
    }
}

There I can get value of subject as request.getParameter("subject"); near with testName before if(){} And next step - go to next jsp

<form  action="/TutorWebApp/controller" method="POST" name="addTestForm">   
            <input type="hidden" name="command" value="add_test" />            
            Name of new test:
            <input type="text" name="testName" value=""/>            
            <input type="submit" value="Add test"/>            
</form>

An after input data in jsp I go to the same servlet again. But I lose value request.getParameter("subject").

I try to use HttpSession but on first page I send Map. And get with request just choosen subjectID from Map.

I don't know how resolve this problem. Thanks

4

1 回答 1

2

您可以使用隐藏字段为下一个请求保留请求参数。请求参数可通过${param}EL 中的地图获得。所以,这应该这样做:

<input type="hidden" name="subject" value="${fn:escapeXml(param.subject)}" />

请注意,我使用JSTL fn:escapeXml()来转义 HTML 实体;这将防止可能的XSS 攻击

于 2012-05-05T19:36:32.870 回答