I'm trying to make a web application for the first time, and I use all kinds of tutorials and help of any kind, but I don't get why this happens. Everything worked all right until now:
I'm trying to transmit a "User" attribute between servlets, and I'm doing so by sending part of it as an attribute (using RequestDispatcher or HTML forms), and looking up the rest of it in a database, like this:
String user = (String) request.getAttribute("txt");
Users info = (Users) emf.createEntityManager().createNamedQuery("Users.findByUsername").setParameter("username",user).getResultList().get(0);
Username is Unique key, and the code for the NamedQuery is
#NamedQuery(name = "Users.findByUsername", query = "SELECT u FROM Users u WHERE u.username = :username)
The first time I use this, it works and I get the expected result, but, if I come back to the same servlet or I use the same code again in other servlet, I get java.lang.IndexOutOfBoundsExpcetion: Index: 0, Size: 0
How can this happen if I didn't modify the database at any moment?
Any help would be appreciated.
Seems like your request attribute "txt" is null the second time. It's a request attribute, so it will be only valid during the request. If you don't store it or submit it every time it will be null.
A null as username will produce an empty list. The attempt to read the first element of an empty list produces the IndexOutOfBoundsException.
Use a session attribute or resubmit the attribute every time and it will work.
Related
Ok, I've been bugging with this for too long.
I need to call my website from a rough VB.net app. Then only thing I need is to attach a query string parameter to the calling url, so I can distinguish the pages to be shown to different VB app users.
So I want to click a button and launch that website, giving this parameter.
First I was bugging with adding the system.web libraries. Now I can't use Request/Response.QueryString as well.
I tried getting some example help from this post. but as I said before - I cannot make use of Request.QueryString as I cannot import it.
I am stuck here:
Process.Start("http://localhost:56093/WebSite1?id=")
I need to attach a query string parameter to the url and then open the website with that url.
Can someone just give me a sample code for my problem.
Query parameters are parsed by the web server/http handler off the URL you use to call the page. They consist of key and value pairs that come at the end of the URL. Your code is nearly there. Say you needed to pass through the parameters:
ID = 1234
Page = 2
Display = Portrait
Then you'd turn them into a URL like this:
http://localhost:56093/WebSite1?ID=1234&Page=2&Display=Portrait
Therefore in your code you'd have:
Process.Start("http://localhost:56093/WebSite1?ID=1234&Page=2&Display=Portrait");
After a form is submitted, how does one check server-side if a particular field exists? For example:
If [Exists] Request("FieldName") Then
...
End If
If Request("FieldName").Count > 0 Then
...
End If
Or, for short:
If Request("FieldName").Count Then
...
End If
Background:
The Request collection is magic, in so far as it does not throw an error when you try to access a key that was not part of the request - but the .Count will be 0 for non-existing keys.
In a URL-encoded query string it's legal to send keys that don't have a value, like foo&bar&baz
It's also legal to send the same key multiple times, i.e. multiple values per key, like foo=value1&foo=value2.
Therefore, the reliable way to determine if a key has been sent by the client is to count how many times the client has sent it.
A special case of this test is checking whether there was a non-empty value for that key (If Request("FieldName") > ""). This may or may not be what you want in the end; just be aware that the underlying behavior of query strings is broader than that.
Check if it's not empty. There are a few different ways, but the one I've seen more frequently used is along the lines of:
If Request("FieldName") <> "" Then
'etc.
End If
I usually explicitly check the Form and QueryString collections with some variation of one of the code below if I may be getting the variable from one or the other depending on context:
Select Case True
Case Request.Form("FieldName") <> ""
'Run if the Form isn't empty
Case Request.QueryString("FieldName") <> ""
'Run if the QueryString isn't empty
Case Else
'Set a predefined default if they're both empty
End Select
Or a nested If ... Then:
If Request.Form("FieldName") <> "" Then
'Run if the Form isn't empty
ElseIf Request.QueryString("FieldName") <> "" Then
'Run if the QueryString isn't empty
Else
'Set a predefined default if they're both empty
End If
If I know exactly which collection it's coming from, I'll check that collection specifically. The reason is that I want to make sure it is pulling what I expect from where I expect it to come from. I don't want someone overriding a Form value by sending something in the QueryString when I'm not expecting it.
From MSDN:
If the specified variable is not in one of the preceding five
collections, the Request object returns EMPTY.
All variables can be accessed directly by calling Request(variable)
without the collection name. In this case, the Web server searches the
collections in the following order:
QueryString
Form
Cookies
ClientCertificate
ServerVariables
If a variable with the same name exists in more than one collection,
the Request object returns the first instance that the object
encounters.
It is strongly recommended that when referring to members of a
collection the full name be used. For example, rather than
Request.("AUTH_USER") use Request.ServerVariables("AUTH_USER"). This
allows the server to locate the item more quickly.
To check if the parameter was present (without caring about its value) it is also possible to write:
fieldValue = Request("FieldName")
if Not IsEmpty(fieldValue) ...
One advantage over Count method above is, that you can test the variable, without referring to the field name again.
Advantage over testing for "" is that if you pass &FieldName without assigning value, test for "" will yield true, but IsEmpty returns false.
Edit: Turns out this is not reliable in IIS.
For the url with ?param alone, or ?param=¶m2, IsEmpty(param) returns false, but
For the url with ?param¶m2, IsEmpty(param) weirdly returns true ...
I usually check the value of the SUBMIT button. If it was clicked, it's value is posted along with the form data. So, even if all your form data is blank, the submit button's value will not be. And if the submit button's value is blank, then it wasn't clicked.
if request("btn_Submit") <> "" Then
response.write "form was submitted"
end if
This is more difficult if you are using a javascript form.submit() call, in which case I usually opt for the hidden field.
url:http://localhost:51806/fair/PersonPage/personalPages.aspx?idCompany=1338006699#Site/AboutAs
request["idCompany"];
this code return null
how can get value idCompany
EDIT
Request.UrlReferrer.Query
this return ?idCompany=1338006699
this Request.UrlReferrer.Query.Split('=')[1] return 1338006699
but i think this way does not good way
#Site/AboutAs is a tab aboutAs in full tab component
Try this instead:
string id = Page.PreviousPage.Request.QueryString["idComapny"];
If no luck then your method of splitting is the best you can achieve, as you're trying to read the query string of the referrer page.
One work around though is to store the value in that previous page.
To do this, store the value of Request["idComapny"] in the previous page, where it should be available, in Session then you can read the Session value in any other page.
We have some error reporting code that, when an unhandled exception occurs, we send everything over in an email to our groups. This is great except if an unhandled exception occurs on a page with a password field then it's sent over as plain text.
Is there a way to iterate through Request.Form and figure out which item(s) are passwords? This is done at a low level so we can't look for specific controls.
Naturally, we could check to see what type the input box is but I'm not sure if that's the cleanest way. Advice?
Use a whitelist of field names that you want to email.
There could be hundreds of field names that get POSTed to your server. And password isn't the only field that is sensitive. Depending on your application, there could be other things that should be treated with a little respect.
So, make a list of field names that will assist in you in debugging. These are typically unique identifiers / database keys and such. If you have any parameter names in this list, you can include it in the email.
I've suggested a different solution earlier, but I thought you were going to handle this on the client side. Following your comments I now understand that you need to take care of this on the server side. There may be a way for you to do it, which is not really elegant, but it should work:
Add to all pages a script that collects all password field names into a new client-generated field, like so:
function collectPasswordFields() {
var inputs = document.getElementsByTagName('input'), list = [];
for (var i = 0; i < inputs.length; ++i)
if (inputs[i].type == 'password') list.push(inputs[i].name);
var field = document.createElement('input');
field.name = '__password_fields';
field.value = list.join(',');
document.getElementsByTagName('form')[0].appendChild(field);
}
Then intercept the additional field in the server-side error handler, and remove the named fields from the email.
Can something like this work for you?
The cleanest way is to check the type attribute of the input element.
The HTML5 specification has this to say about input type=password:
The input element with a type attribute whose value is "password" represents a one-line plain-text edit control for entering a password.
Data type: Text with no line breaks (sensitive information)
Control type: Text field that obscures data entry
This is a mandatory requirement from all User Agent implmentations, and it has been so since HTML 2. So this is indeed the cleanest way to do what you want.
If you want to do it on the client side (you talked about sending the data to the server) then it is relatively easy:
function hidePasswords() {
var inputs = document.getElementsByTagName('input');
for (var i = 0; i < inputs.length; ++i)
if (inputs[i].type == 'password') input[i].value = '*****';
}
As Jerome already pointed out in the comments, just keep track of the names of your password input fields and filter them before sending the error/exception report. This is the best solution as the type of the input field is not submitted.
A few solutions, though I'm not sure how bright any of them is:
1) Maintain in the page a List of input control IDs that are passwords, pass this list to the exception handler with the expectation to ignore these fields.
2) Keep a resource file in the website that lists a page name, a field id and have the exception handler check against this resource file (may not work if the exception is related to the ResourceManager)
3) Keep a database table as with idea 2. Same problems exist.
I'm creating a time sheet for work to learn more about asp and making database connections I am also using this time to prepare for my next C# and database design class which start on Wednesday. I'd like to know how I can get data from default.aspx and display it in timesheetdisplay.aspx, and I would also like to know how I can make it so the person doesn't have to enter the full id "100000111" as it appears in the database just the last 3.
<asp:TextBox id="xBadgeTextBox" runat="server" width="100px"></asp:TextBox>
As far as passing data between pages you can pass it via QueryString, Session variables, or by persisting it to some sort of data store such as a Database. In the situation above I would look at passing via Querystring parameter. Be sure that if you do do this that you validate the data on the new page to ensure its safety and validity before using it (think SQL Injection Attack).
How to: Pass Values Between ASP.NET Web Pages
As far as your second question goes I would say that this could be handled on the server side if you are sure that the last 3 digits will always be unique. Or were you looking to prompt the user entering data similar to Google? If so look at the AutoComplete Extender in the AJAX Control Toolkit or look at doing something similar in JQuery.
If you're redirecting from page to page, consider using the Server.Transfer("timesheetdisplay.aspx", true) method when navigating away from your default.aspx page. Note the second parameter, true, which will persist all ViewState and QueryString data across from page to page.
I would generate a unique key, store the value you are transfering in the users session, redirect the user and include the key in the query string, grab the key, and then get the value. Something like this:
//---On Default---
var value = "can be a single string or even a complext object...";
var keyName = Guid.NewGuid().ToString();
HttpContext.Current.Session[keyName] = value;
HttpContext.Current.Response.Redirect("timesheetdisplay.aspx?SID=" + keyName);
//---On TimeSheet---
var getKeyName = HttpContext.Current.Request.QueryString["sid"].ToString();
var myValue = HttpContext.Current.Session[keyName];
To get the id from a partial ID I would do it just like Muhammad Akhtar said:
select * From yourtable where id like '%111'