0

so I have this problem with the following JSP code.

        while(rs.next()){
                out.println("<tr>");
                out.println("<td>" + rs.getString(2) + "</td>");
                out.println("<td> <button type='submit' value='delete' onclick = deleteObj(out, " + rs.getString(2) + ")'>HI</button> </td>");
                out.println("</tr>");
        }

Here as one can see the function looks like onclick="deleteObj(out, "fat ..etc, that quote seems to be getting in the way and I am unsure what to do about it.

https://i.stack.imgur.com/EdrqM.png

Also I am wondering how the server knows that deleteObj is a JSP method. Isn't this the same format for javascript method calls on click?

Thank you

the " persists right before the second parameter which is why I suspect that this fails but I am not sure what I can do.

  • 1
    You have added end `'` but not started the `'` for the onclick event – Meherzad May 15 '13 at 09:22
  • That is not JSP code, it's Java in a Servlet, or in a Scriptlet. In that case you are iterating database data from the JSP and concatenating them inside Strings that contain HTML, without any check or format, and finally writing them to the page. This is the **anti-pattern festival**... maybe take a look at this http://stackoverflow.com/a/13837913/1654265 – Andrea Ligios May 15 '13 at 09:27
  • LOL in my defense this is my first JSP project! :D –  May 15 '13 at 09:32

2 Answers2

0

Try:

out.println("<td> <button type='submit' value='delete' onclick = deleteObj(out, '" + rs.getString(2) + "')>HI</button> </td>");
Ankit
  • 3,083
  • 7
  • 35
  • 59
0

I don't see how that code rendered the output you've linked. It would render:

... onclick = deleteObj(out,value)'>Hi</button> where value is rs.getString(2) unless of course rs.getString(2) contains:

"
fat

In which case you'll need to escape that quote and new line (see StringEscapeUtils.escapeEcmaScript)

You need to add escaped quotes:

out.println("<td> <button type='submit' value='delete' 
  onclick = 'deleteObj(out, \"" + rs.getString(2) + "\")'>HI</button> </td>");

Be careful with this kind of code though. What if rs.getString(2) has a quote in it? You'll want to look at this answer too: How to escape apostrophe or quotes on a JSP ( used by javascript ). And here is an updated link the the method you'll want to use.

As other people have pointed out, this is a very bad way to be handling this at all. You seldom want to use scriptlets in your JSP. You want the controller (or layers behind the controller) doing most of this work. The JSP just handles the rendering.

Community
  • 1
  • 1
Rand
  • 530
  • 2
  • 6
  • What do you mean by wanting to use the controller/layers behind the controller to be doing this? –  May 15 '13 at 09:49
  • Read up on the MVC pattern (as applicable to web applications) but typical web apps use the following layers: Controller which handles communication with the browser, the service layer which handles business logic and the DAO layer that handles communication with the db. On top of all this is the view layer that handles displaying the data to the client (the JSP page). Objects (called data transfer objects) are passed between these layers to represent the user input and the data coming out of the db. – Rand May 15 '13 at 10:08