How can i call a parametrized method of java class into a servlet doget method

Question

I have a java class where i have a method which is returning me a json i want to call that method into my servlet doGet method so that i can make a AJAX call later

but while calling the java class method (Outlet.Outlet) it asks for a parameter to pass i dont know what to pass there please have a look into my code

this is my java class

public class Outlet {
static Connection con = null;
static Statement statement = null;
ResultSet resultSet = null;

public static String Outlet(String idDB) throws ClassNotFoundException, SQLException {
    List<String> list = new ArrayList<String>();
    con = DBConnection.createConnection();
    statement = con.createStatement();

    String sql="select CUSTOMERDESCRIPTOR as OUTLETNAME from ecustomer where CUSTOMERIDENTIFIER in(select CUSTOMERIDENTIFIER from mt_distributrol where mt_distributr_vcdistributrcode = '"+idDB+"')";

  System.out.println("iddb  :"+idDB);
    try {

        ResultSet resultSet = statement.executeQuery(sql);
        while (resultSet.next()) {
            list.add(resultSet.getString("OUTLETNAME"));

        }

    } catch (SQLException e) {
        e.printStackTrace();
    }
    String json = new Gson().toJson(list);
    System.out.println("Json Outlet :"+json);
    return json;
}

}

In the above java class i am returning a Json and i want to call that method into my servlet doGost

my doGet is

    try {
        String json = Outlet.Outlet();  //what should i pass here as a parameter
        response.setContentType("application/json");
        response.getWriter().write(json);
        System.out.println("dheeraj"+json);
    }
    catch (Exception e) {

        e.printStackTrace();
    }

}

if i am passing idDB then it throws error.please anybody having any knowledge help me out

By the way, you might want to research "SQL Injection" before writing more SQL queries like that — OneCricketeer, Nov 20 '18 at 05:57
@cricket_007 in servlet when i am calling Outlet.Outlet() it says to pass a parameter what parameter should i pass? and what is SQL INJECTION ? — , Nov 20 '18 at 05:59
`where mt_distributr_vcdistributrcode = '"+idDB+"'` - so check the DB for a valid value — Scary Wombat, Nov 20 '18 at 06:02
@ScaryWombat this value is comming from user login query based on that only — , Nov 20 '18 at 06:03
where do you think you will get the value from? HTML? Does it display somewhere? — Scary Wombat, Nov 20 '18 at 07:47
you are talking about idDB? no i am not getting this value from HTML..i am getting this value from a query which is login query for login user..this value is based on the user loging in so i want to use this value "idDB" in other class to display somthing on the basis of user who is looged in — , Nov 20 '18 at 07:49

OneCricketeer · Answer 1 · 2018-11-20T06:32:58.763

1

Please read OWASP - SQL Injection and learn about PreparedStatements

First, methods should not start with capital letter, so rather you could name it like Outlet.findById rather than Outlet.Outlet (the method should not be the same as the class; it is really confusing to read), and you can get parameters from the request

@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
    String id = request.getParameter("id");
    String s = Outlet.findById(id);

When calling the API, you add ?id=value

Or you can get the final part of the path from request, assuming your API is setup like /path/ids/value - Refer What's the difference between getRequestURI and getPathInfo methods in HttpServletRequest? for options with this

Before doing this, of course you should double-check that query you are running actually returns data when querying the database directly.

edited Nov 20 '18 at 06:32

answered Nov 20 '18 at 06:02

OneCricketeer

179,855
19
132
245

hey from where you are getting this "id" ? – Nov 20 '18 at 06:05
on my ui i don't have any input feild for idDB.. its is comming from loging query like there is a form form loging in on mu ui when ever a user looged in i run a query which checks username and pasword and also i get that value **idDB** from that query now i am passing that value into the java class methot which is **Outlet** and in that method i am using idDB in a query – Nov 20 '18 at 06:08
i didn't get you :( – Nov 20 '18 at 06:10
okay... I don't know your API, or your app's logic... The answer is still the same. You need to form that URL so that you can actually get an ID. Either that is part of the path, `http/your.api.com/someAPI/ids/x` to get that ID, or you can put `?id=x` at the end – OneCricketeer Nov 20 '18 at 06:10
Then name `idDB` is not important here. The parameter can be named anything in your code. It does not mean that your API needs to use the same thing – OneCricketeer Nov 20 '18 at 06:13
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/183921/discussion-between-dheeraj-kumar-and-cricket-007). – Nov 20 '18 at 06:14
No... If you want to only learn Javascript terms, I don't really think you should be writing Java sevlets... Node.JS can run web servers and can run AJAX calls, and do SQL things, and JSON, etc... – OneCricketeer Nov 20 '18 at 06:16

How can i call a parametrized method of java class into a servlet doget method

1 Answers1