my servlet accepting the empty input fields through html form

my servlet accepting the empty input fields through html form

Problem Description:

i’m taking input values through html form and using the servlet to inserting them into the database , but when i don’t put any field in the html form it is also accepting the that input . Although i’ve put the restrictions in my html code for the input fields .
When i tried to renter the empty fields , its shows the below error


Duplicate entry ” for key ‘users.PRIMARY
it means its accepting the user name as a empty string .

here it is my html form

<form action="userreg" method="post">
                    Username : <input type="text" name="username" pattern=".{3,}" title ="must contains more then 3 letters"><br/><br/>
                    Password : <input type="password" name="password" placeholder="password must be 8 char long one upper, lower case letter must" pattern="(?=.*d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must have 8 chars one lowercase , uppercase"><br/><br/>
                    FirstName: <input type="text" pattern=".{3,}" title="this field cant be empty" name="firstname"><br/><br/>
                    Last Name: <input type="text" pattern=".{3,}" title="this field cant be empty" name="lastname"><br/><br/>
                    Address : <input type="text"  pattern=".{3,}" name="address"><br/><br/>
                    Phone No : <input type="text" pattern=".{3,}" name="phone"><br/><br/>
                    Email Id : <input type="text" pattern="[a-z0-9._%+-]+@[a-z0-9.-]+.[a-z]{2,}$" name="mailid" placeholder="[email protected]" title="please enter valid mail"><br/><br/>
                    <input type="submit" value=" I AGREE FOR ALL TERMS & CONDITIONS ! REGISTER ME ">

here is my userRegistration servlet class

try {
            Connection con = DBConnection.getCon();
            PreparedStatement ps = con
                    .prepareStatement("insert into " + IUserContants.TABLE_USERS + "  values(?,?,?,?,?,?,?,?)");
            ps.setString(1, uName);
            ps.setString(2, pWord);
            ps.setString(3, fName);
            ps.setString(4, lName);
            ps.setString(5, addr);
            ps.setString(6, phNo);
            ps.setString(7, mailId);
            ps.setInt(8, 2);
            int k = ps.executeUpdate();         
            if (k==1) {
                RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
                rd.include(req, res);
                pw.println("<h3 class='tab'>User Registered Successfully</h3>");
            } else {
                RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
                pw.println("<h3 class='tab'>Registration failed !, please enter valid details</h3>");
                rd.include(req, res);               
                pw.println("Sorry for interruption! Register again");
        } catch (Exception e) {

Solution – 1

That is the expected behavior. You may use HTML input elements attributes like „required“ and some frontend libraries to assist/enforce the presence of values, but in the end all validation needs to be done in the backend.

Because aside using the browser‘s form submit function, one can still send a malicious HTTP request using cURL or SoapUI, bypassing all frontend validations.

Rate this post
We use cookies in order to give you the best possible experience on our website. By continuing to use this site, you agree to our use of cookies.