Announcement Announcement Module
Collapse
No announcement yet.
Validating request parameters in formBackingObject() Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Validating request parameters in formBackingObject()

    I was just wondering what the best way to validate a request parameter that is used to query a database for the command object e.g.

    Code:
        protected Object formBackingObject(HttpServletRequest request)
                throws Exception {
            String reservationNumber = request.getParameter("reservationNumber");
            if(reservationNumber == null || reservationNumber.equals("")){
                return super.formBackingObject(request);
            }
            ReservationEntity reservationEntity = reservationService.findReservationEntity(reservationNumber);
            return (reservationEntity == null) ? super.formBackingObject(request) : reservationEntity;
        }
    Only problem with this code if someone screws around with the parameter reservationNumber and set it to something wierd that causes a sql error.

    I can add validation logic in the method or in a helper class/method, but is this really the right solution?

  • #2
    First up, try using RequestUtils.getRequiredStringParameter, as it will throw nice error messages if the parameter is missing.

    In relation to control characters, your DAO layer should be made responsible for escaping them, not your web controller.

    Comment

    Working...
    X