User input is a necessity in modern web pages. Most dynamic web sites generate pages based on user input submitted through an HTML form. Unfortunately, users seldom enter information in exactly the format you need, so before you can use such input, you need to validate it to make sure it’s usable.
And it’s not only the input format that’s important. Web browsers are also picky about the format of the HTML you send them. For instance, when you generate an HTML form with values taken from a database, a name such as O’Reilly can cause problems. The single quote character after the O can fool the browser into believing it’s at the end of the string, so you end up with just an O in your form.
In this chapter, we look at how you can use either JSTL actions or beans to access and validate user input. We also look at how special characters in the output must be treated so they don’t confuse the browser.
The HTML specification defines a set of elements for presenting a form with fields in which the user can enter text or select among predefined choices. I’m sure you have encountered these countless times -- to tell a vendor about yourself when downloading demo software, to specify what you’re looking for on a search engine site, or to select the toppings when you order a pizza online. But you may not be familiar with what’s going on behind the scene when you fill out the form and click Submit. Example 8-1 shows an ...