I have a HTML hidden variable that I'm trying to send from a Servlet to a JSP page. The hidden variable has a SQL Database query assigned to it as its value. However, in my JSP page, when I read the value of the hidden variable, I can't read the entire value. It only reads the SELECT, FROM, but not the WHERE part of the clause. Below is my syntax:
-------Hidden variable syntax in my Servlet---------------- out.println("<form name='printForm' action='../jsp/printdwgSearchQuery.jsp' method='post' target ='_Top'>");
out.println("<input type ='hidden' name ='queryVal' value ='" + SQLQuery + "'></form>");
out.println("</body></html>");
--------My SQL Database query----------------------------- SQLQuery = "Select dwgID, PMDwgNum, projectNum, Title, Type From AJM.Drawing " + whereclause;
NOTE: The 'whereclause variable in my query is put together in another part of the code.
--------Reading the value of the hidden variable in my JSP page------------------------------
hiddenVal = request.getParameter("queryVal");
-------Output when I run the query-------------------------
Select dwgID, PMDwgNum, projectNum, Title, Type From AJM.Drawing where UPPER(Title) LIKE UPPER(
As you can see, the query is read except the WHERE clause parameter.
Can you print the value of the whereclause to the console? Is it split up over multiple lines? What does it look like in the source of the generated page?
The variabel 'whereclause' does have a value. Here's the jist of what this part of my application is:
There's a search engine where a user can select multiple search criterias when searcing for drawings. In my Servlet, I retrieve the parameters the user enters for their criteira, and assign them to the 'whereclause' variable. So for example, if the user enters A24 as the drawing number to search by, then the 'whereclause' variable has the value 'WHERE UPPER(dwgNum)(my database column name) = UPPER('a24').
Then, I append the 'whereclause' variable to the SQLQuery variable as follows:
SQLQuery = "Select dwgID, PMDwgNum, projectNum, Title, Type From AJM.Drawing " + whereclause;
I know this works because I output the results of the query for the user to see. That part works. But I also provide them a 'PRINT' button that when they click it, I send the SQLQuery variable to another JSP page, run the same query so the output is in a report format. That's where the problem is because the SQLQuery variable is sent through an HTML hidden tag and the jsp page retrieving the hidden variable cannot seem to read the WHERECLAUSE part of the SQLQuery.
Your WHERE clause contains quotes... are you escaping them (into &quot; or &apos;) or is the browser interpreting them as ending the hidden value?
IMO, your SELECT statement is not something you want to put in a hidden field. I would put it in the Session. That way, clients won't see what tables you have in your database, and more importantly, change the post info and send a new query to your database to query all the records in your table.
Previous Topic
