getString from ResultSet with spaces

Question

I'm managing a JDBC database with Servlets/JSPs and one of the attributes I have in a table is a string which may or may not have spaces in between words. I have one JSP to display all the information and another one to edit it, on both I perform getString to a ResultSet and when I'm just displaying it it works fine, but on the edit JSP it only "grabs" the first word before the space and the rest of the string disappears. Here's part of the code:

PerfilUsuarioConectado.jsp (the one I use to display the data)

<%
    Connection conexion = DriverManager.getConnection("jdbc:odbc:gasteizcar", "", "");
    Statement set = conexion.createStatement();
    ResultSet rs = set.executeQuery("SELECT * FROM Usuario WHERE correoElectronico ='" + session.getAttribute("username") + "'");
    rs.next();
%>
<div id="principal">
    <table border="1" align="center">
        <tr>
            <td> Nombre: </td>
            <td> <%= rs.getString("nombre")%>
        </tr>
        <tr>
            <td> Apellidos: </td>
            <td> <%= rs.getString("apellidos")%>
        </tr>
        <tr>
            <td> E-mail: </td>
            <td> <%= rs.getString("correoElectronico")%>
        </tr>
        <tr>
            <td> Alias: </td>
            <td> <%= rs.getString("alias")%>
        </tr>
        <tr>
            <td> Nº móvil: </td>
            <td> <%= rs.getString("movil")%>
        </tr>
        <tr>
            <td> Coche: </td>
            <td> <%= rs.getString("marca") + " " + rs.getString("modelo") + " " + rs.getString("color")%>
        </tr>
    </table>
</div>

ModificarDatos.jsp (the one to edit the data)

<%
    Connection conexion = DriverManager.getConnection("jdbc:odbc:gasteizcar", "", "");
    Statement set = conexion.createStatement();
    ResultSet rs = set.executeQuery("SELECT * FROM Usuario WHERE correoElectronico ='"
            + session.getAttribute("username") + "'");
    int i = 0;
    rs.next();
    String marca = rs.getString("marca");
    String modelo = rs.getString("modelo");
    String color = rs.getString("color");
    String movil = rs.getString("movil");
%>
<div id="principal">
    <form id="datos" action="ModificarDatos" method="post">
        <table border="1" align="center">
            <tr>
                <td> * Verificar con contraseña: </td>
                <td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="password" name="password" required></td>
            </tr>
            <tr>
                <td> ** Nueva contraseña: </td>
                <td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="nuevaContrasenia" name="nuevaContrasenia"> </td>
            </tr>
            <tr>
                <td> ** Repita la contraseña: </td>
                <td> <input pattern="[a-zA-Z0-9 ]{3,12}" type="password" id="repContrasenia" name="repContrasenia"> </td>
            </tr>
            <tr>
                <td> * Nº de móvil: </td>
                <td> <input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=<%= movil%>> </td>
            </tr>
            <tr>
                <td> *** Marca del coche: </td>
                <td> <input type="text" name="marca" id="marca" value=<%= marca%>> </td>
            </tr>
            <tr>
                <td> *** Modelo del coche: </td>
                <td> <input type="text" name="modelo" id="modelo" value=<%= modelo%>> </td>
            </tr>
            <tr>
                <td> *** Color: </td>
                <td> <input type="text" name="color" id="color" value=<%= color%>> </td>
            </tr>
        </table>
</div>
<input type="button" id="bActualizar" value="Actualizar datos">

So, if anyone can tell me why does the getString method perform differently in both situations I'd be really grateful.

Do not write scriptlets in JSP, because scriptlets shouldn't be used in JSPs for more than a decade. Learn the JSP [EL](http://stackoverflow.com/tags/el/info), the [JSTL](http://stackoverflow.com/tags/jstl/info), and use servlet for the Java code. [How to avoid Java Code in JSP-Files?](http://stackoverflow.com/q/3177733/1031945) — Aniket Kulkarni, Dec 30 '13 at 05:12
Can you tell us for which field you are not getting complete string. A probable mistake can be the pattern you are using along with input field to validate the value. You check the pattern for the field you are not getting complete string and if not able to solve please tell us for which row input you are not getting the value as the language is not english so just tell us the row number. — Ravi Kumar, Dec 30 '13 at 06:17
Thanks for the info about avoiding Java code in JSPs but the thing is I only have 2 more days to deliver this project and I just can't afford changing it (there are a lot more "problems" like this), in my defense I was only given 12 days to do it. I believe all of them aren't working though I only experimented with 'Modelo' and 'Color'. I'll get rid of the patterns and report back. Thank you all! — localhostloco, Dec 30 '13 at 12:03
The patterns are not the problem because the fields I'm having trouble with are the ones without patterns. — localhostloco, Dec 30 '13 at 12:18

Santhosh · Answer 1 · 2013-12-30T10:47:47.840

0

The purpose of getString () method in ResultSet class is used return the data from the column you specified as String. It can take two arguments sch as

String getString(String columnLabel) throws SQLException

String getString(String columnIndex) throws SQLException

The first one is to iterate the ResultSet using the column for ex as you specified

String marca = rs.getString("marca");

the second one could be like this

String marca = rs.getString(1);

Also iterate the result set entirely until rs.next to get all the values from the table.More information here

Hope it helps !!

edited Dec 30 '13 at 10:47

answered Dec 30 '13 at 10:23

Santhosh

8,181
4
29
56

'String getString(String columnIndex)' must be 'String getString(int columnIndex)' – ovunccetin Dec 30 '13 at 11:08
I tried with getString(int columnIndex) and got the same result. Thanks anyway. – localhostloco Dec 30 '13 at 12:16

score 0 · Accepted Answer · edited May 23 '17 at 10:32

The error is in these lines:

<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=<%= movil%>>

If your variable movil contains abc def, say, then the HTML generated will be this:

<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=abc def>

This then sets the value of the input to abc and creates another attribute def, which isn't recognised and will be ignored. In fact, the Markdown syntax highlighting on Stack Overflow points this out: abc is blue, for a value, and def is red, for an attribute name.

At the very least, you need to put quotes around the <%= movil %>:

<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="<%= movil%>">

If movil contains abc def, this time, the output will be

<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="abc def">

Now you can see that the value has been written correctly.

Aside from this, there are a further couple of comments I'd like to make:

Firstly, your code is vulnerable to SQL injection. If your username session variable ends up as something like test' OR 1=1 --, all results from the database will be returned. Worse still, if it is something like test'; DROP TABLE Usuario;--, you could lose data. Use PreparedStatements instead.
Secondly, as pointed out by Aniket in a comment, you really shouldn't be using scriptlets <% ... %> in JSPs any more. Instead, you should be using JSTL tags and EL expressions. The question linked to by Aniket is a good place to start.

I appreciate this may be your first JSP application. Once you've got it working, however, I'd recommend that you consider making these changes.

Wow, thank you so much! The problem was the missing quotes around the <%= %> parameters. Again, thank you! Once I get some time (after the finals most likely) I will indeed try to improve this code. — localhostloco, Dec 30 '13 at 12:29

getString from ResultSet with spaces

2 Answers2

Linked