I have a jsp file where I send two parameters using the following url.
var url = 'abc_user_history.jsp?where='+where+'&stock_number=' + StockNumber;
window.open(url, 'Special_Value_History','toolbar=no,location=no,directories=no,status=no, menubar=no,scrollbars=yes,resizable=yes,width=1500,height=900');
Here I am only getting stock_number, where is always null… in where I have some SQL query, ex:
where=where stock_id like '4575%' and stock_name like 'abc%'
In the abc_user_history.jsp I always has where as null. However I am able to get stock_number value. Please suggest how to pass that where value…
So many anti-patterns here i don’t know where to start 😐
If you really need your where parameter to be one single, dynamic parameter,
you can pass a String with all the pairs field=value separated by a custom separator,
and then parse them in Java (using a StringTokenizer) and mount them in a Where condition in the Action.
Example of where variable:
where=”stock_id:::’4575%’;;;stock_name:::’abc%’;;;”
(::: means that the field name is over and its starting the value, ;;; means that that pair is over and you are eventually starting to read a new pair).
of course this will break if some of your values contains “;;;” or “:::” (you should sanitize them first with javascript).
By the way, this is not good because you shouldn’t concat your java mounted string to the query string, but inject your tokenized values in a PreparedStatement (so the PreparedStatement will check and sanitize them for you).
But i suggest to pass every parameter as a single parameter (not a ?where= but a ?stock_id=xxx&stock_name=yyy&… in your URL).
And you should use POST to post a form, not GET that should only be used to read pages, not to post stuff (not possible using window.open(), but you can post a form from an anchor with target=”_blank” and onclick=”javascript:document.getElementById[‘myForm’].submit();”)
Hope that helps…