my servlet accepting the empty input fields through html form
Problem Description:
i’m taking input values through html form and using the servlet to inserting them into the database , but when i don’t put any field in the html form it is also accepting the that input . Although i’ve put the restrictions in my html code for the input fields .
When i tried to renter the empty fields , its shows the below error
ERROR
Duplicate entry ” for key ‘users.PRIMARY
it means its accepting the user name as a empty string .
here it is my html form
<form action="userreg" method="post">
Username : <input type="text" name="username" pattern=".{3,}" title ="must contains more then 3 letters"><br/><br/>
Password : <input type="password" name="password" placeholder="password must be 8 char long one upper, lower case letter must" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must have 8 chars one lowercase , uppercase"><br/><br/>
FirstName: <input type="text" pattern=".{3,}" title="this field cant be empty" name="firstname"><br/><br/>
Last Name: <input type="text" pattern=".{3,}" title="this field cant be empty" name="lastname"><br/><br/>
Address : <input type="text" pattern=".{3,}" name="address"><br/><br/>
Phone No : <input type="text" pattern=".{3,}" name="phone"><br/><br/>
Email Id : <input type="text" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,}$" name="mailid" placeholder="[email protected]" title="please enter valid mail"><br/><br/>
<input type="submit" value=" I AGREE FOR ALL TERMS & CONDITIONS ! REGISTER ME ">
</form>here is my userRegistration servlet class
try {
Connection con = DBConnection.getCon();
PreparedStatement ps = con
.prepareStatement("insert into " + IUserContants.TABLE_USERS + " values(?,?,?,?,?,?,?,?)");
ps.setString(1, uName);
ps.setString(2, pWord);
ps.setString(3, fName);
ps.setString(4, lName);
ps.setString(5, addr);
ps.setString(6, phNo);
ps.setString(7, mailId);
ps.setInt(8, 2);
int k = ps.executeUpdate();
if (k==1) {
RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
rd.include(req, res);
pw.println("<h3 class='tab'>User Registered Successfully</h3>");
} else {
RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
pw.println("<h3 class='tab'>Registration failed !, please enter valid details</h3>");
rd.include(req, res);
pw.println("Sorry for interruption! Register again");
}
} catch (Exception e) {
e.printStackTrace();
}
Solution – 1
That is the expected behavior. You may use HTML input elements attributes like „required“ and some frontend libraries to assist/enforce the presence of values, but in the end all validation needs to be done in the backend.
Because aside using the browser‘s form submit function, one can still send a malicious HTTP request using cURL or SoapUI, bypassing all frontend validations.