How send the value of a dropdownlist item in servlet

Question

I want to show the book details of various type(math,phy,chem) from database to webpage. When I select a particular item from dropdowlist its corresponding book will be shown in webpage. My jsp page looks like :

<%@ page contentType="text/html; charset=utf-8" language="java" import="java.sql.*"   
    errorPage="" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org    
        /TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <title>Untitled Document</title>
</head>

<body>
    <center>
        <h1>Science Book</h1><br /><br />
        <hr color="#CC9999" size="5px" /><br /><br />

        <form action="Controller">
            <select name="book">
                <option value="Math">Math</option>
                <option value="Phy">Physics</option>
                <option value="Chem">Chemistry</option>
            </select>
            <input type="submit" value="Submit"/>
        </form>
    </center>
</body>

Here Controller is the servlet name. My servlet is look like :

package com.sayan.myservlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

public class Controller extends HttpServlet
{
private static final long serialVersionUID = 1L;

public Controller()
{
    super();

}


protected void doGet(HttpServletRequest request, HttpServletResponse response) throws 
               ServletException, IOException 
{
    doProcess(request,response);
}


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws 
               ServletException, IOException
{
    doProcess(request,response);
}


protected void doProcess(HttpServletRequest request, HttpServletResponse response) 
               throws ServletException, IOException
{
    String booktype=null;         //set drowdownlist item value
    PrintWriter out = response.getWriter();

    String drivername = "oracle.jdbc.OracleDriver";
    String url = "jdbc:oracle:thin:@172.16.0.30:1521:orcl";
    String username = "scott";
    String password = "tiger";

    Connection con = null;
    Statement st = null;
    ResultSet rs = null;

    try{
        Class.forName(drivername);
        con = DriverManager.getConnection(url,username,password);
        st = con.createStatement();

        String sql = "select name,author,publisher,price from book where 
                      type="+booktype;
        System.out.println(sql);
        rs = st.executeQuery(sql);
        out.println("<html><body><table border=5>");
        out.println("<tr><th>name</th>");
        out.println("<th>author</th>");
        out.println("<th>publisher</th>");
        out.println("<th>price</th></tr><tr>");
        while(rs.next()){
            String name = rs.getString("name");
            String author = rs.getString("author");
            String publisher = rs.getString("publisher");
            String price = rs.getString("price");

            out.println("<td>" + name + "</td>");
            out.println("<td>" + author + "</td>");
            out.println("<td>" + publisher + "</td>");
            out.println("<td>" + price + "</td>");
        }
        out.println("</tr></table></body></html");
    }catch(ClassNotFoundException cnfe){
        System.out.println("Exception caught : " + cnfe);
    }catch(SQLException se){
        System.out.println("Exception caught : " + se);
    }finally{
        try{
            con.close();
        }catch(SQLException se1){
            System.out.println("Exception caught : " + se1);
        }
    }


}

}

I want to set the dropdownlist item value in booktype String.How can I do this?. If other way is possible then please mention.

Answer 1

If I understand your question, then

String booktype=request.getParameter("book");

Also, you should use a PreparedStatement because your posted code is vulnerable to SQL Injection. Finally, close your Statement and ResultSet as well as your Connection or you might start leaking DB cursors.

Connection con = null;
PreparedStatement st = null;
ResultSet rs = null;
String sql = "select name,author,publisher,price from book where "
    + "type=?";

try {
  // Class.forName(drivername); // <-- not needed since JDBC Version 4
  // http://stackoverflow.com/a/8053125/2970947
  con = DriverManager.getConnection(url, username,
      password);
  st = con.prepareStatement(sql);
  st.setString(1, booktype);

  System.out.println(sql);
  rs = st.executeQuery();
  out.println("<html><body><table border=5>");
  out.println("<tr><th>name</th>");
  out.println("<th>author</th>");
  out.println("<th>publisher</th>");
  out.println("<th>price</th></tr><tr>");
  while (rs.next()) {
    String name = rs.getString("name");
    String author = rs.getString("author");
    String publisher = rs.getString("publisher");
    String price = rs.getString("price");

    out.println("<td>" + name + "</td>");
    out.println("<td>" + author + "</td>");
    out.println("<td>" + publisher + "</td>");
    out.println("<td>" + price + "</td>");
  }
  out.println("</tr></table></body></html");
} catch (ClassNotFoundException cnfe) {
  System.out.println("Exception caught : " + cnfe);
} catch (SQLException se) {
  System.out.println("Exception caught : " + se);
} finally {
  try {
    rs.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
  try {
    st.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
  try {
    con.close();
  } catch (SQLException se1) {
    System.out
        .println("Exception caught : " + se1);
  }
}