0

On one page I displayed a table from my database and the user chooses a department. Based on that option the next page will display the items within that department. Is there a way that you can pass the department id from page 1 to page 2's SQL query so that you can display only that department's items?

The only thing I am aware of is printing the department number on the page with

    <%=session.getAttribute("deptid")>;

First Page: 

    <table>
    <tr>
        <td>Select Department</td>
        <td><select name="deptid">
        <option value="select">select</option>
        <%
            while(rs.next()){
                String deptid= rs.getString("deptid");
        %>
        <option value=<%=deptid%>><%=deptid%></option>
        <%
            }
    }catch(SQLException sqe){
        out.println("showcourses"+sqe);
    }
        %>
        </select></td>
    </tr>
</table>

Here's a connector JSP page

    String sql = "select * from courses where deptid=?";

String deptid= request.getParameter("deptid");

if(!(deptid.equalsIgnoreCase("select"))){
    try{
        Class.forName(driverName);
        con = DriverManager.getConnection(url, user, dbpsw);
        ps = con.prepareStatement(sql);
        ps.setString(1, majorid);
        rs = ps.executeQuery();
        if(rs.next()){ 
            userdeptid = rs.getString("deptid");
            System.out.println(userdeptid );

            if(deptid.equals(userdeptid )){
                session.setAttribute("deptid",userdeptid);
                response.sendRedirect("showitems.jsp");
            }
        }else
            response.sendRedirect("error.jsp");
        rs.close();
        ps.close(); 
    } catch(SQLException sqe){
        out.println(sqe);
    } 
}

%>

minionhacking
  • 145
  • 3
  • 10
  • I hope "user chooses the department" by selecting a value from a combo box or a list of options? Please add your HTML code and JSP code. – sampathsris Jul 31 '14 at 03:10

1 Answers1

0

Wrap everything inside a <form> element Also add a submit button (I'll change the name of the select to selected_dept_id to avoid confusion:

<form action="second_page.jsp" method="get">
    <table>
    <tr>
        <td>Select Department</td>
        <td><select name="selected_dept_id">
        <option value="select">select</option>
        <%
            while(rs.next()){
                String deptid= rs.getString("deptid");
        %>
        <option value=<%=deptid%>><%=deptid%></option>
        <%
            }
    }catch(SQLException sqe){
        out.println("showcourses"+sqe);
    }
        %>
        </select></td>
    </tr>
    </table>
    <input type="submit" value="Show Items" />
</form>

You can get the selected department from the second_page.jsp by querying request parameters:

reqeust.getParameter("selected_dept_id");

Also, careful when you send the user input to the database. It can be used to SQL injection attacks. See this article on Preventing SQL Injection in Java.

Community
  • 1
  • 1
sampathsris
  • 21,564
  • 12
  • 71
  • 98