Validation of forms: Client authentication and server-side validation

validation of forms: Client authentication and server-side validation

confirmation of the form

Client Confirmation:

Reduce server load

Shorten user wait times

Compatibility difficult

Server-side acknowledgement:

Unified Confirmation

Strong compatibility

Server negative load

client-side validation examples

First, a form is created and validated with a JavaScript method at the time of submission, and if the method returns True, the form is submitted, and if it returns false, the form is not committed.

      <!--The form commits when the JavaScript method validate () is executed, and if the method returns False, the form is not committed-<FormOnSubmit= "Return Validate ()"Action= "Servlet/validateservlet">Username<InputType= "Text"Name= "username"Id= "UserName1"><Br>Password<InputType= "Password"Name= "Password"Id= "Password1"><Br> Re-password:< input type= "Password"  Name=" Repassword " id< Span style= "color: #0000ff;" >= "Repassword1" ><br > <input type= "Submit"  Value= "Submit" > </>           

The JavaScript methods used for validation are as follows:

<script type= "Text/javascript" >functionValidate () {//First way: Get elements by ID//var username = document.getElementById ("username1");//var password = document.getElementById ("Password1");//var Repassword = document.getElementById ("Repassword1");//Second way: Get by namevar username = document.getelementsbyname ("username") [0];//Because the names are allowed to repeatvar password = document.getelementsbyname ("password") [0];var Repassword = document.getelementsbyname ("Repassword") [0];//Determine if the user name is emptyif ("" = =Username.value) {//The judgment statement can also be written: Username.value.length = = 0 Alert ("username can ' t be blank!");ReturnFalse; }//Password and duplicate password content, length between 6 and 10//Verify Password length Firstif (Password.value.length < 6 | | password.value.length > 10{Alert ("Length of password is invalid!"));ReturnFalse; }if (Repassword.value.length < 6 | | repassword.value.length > 10) {alert ("Length of Repassword is invalid!" ); return false// re-verify that the duplicate password and password are the same if (Password!= Repassword) {alert ("Password and repassword don ' t match!" ); return false//return true     

When the validation is wrong, the dialog box prompts and returns false to not submit the form.

The complete login.jsp is as follows (in the case of client authentication, the steering servlet can be used first):

login.jsp

　　However, the client's validation is unreliable, the user can view the source code, find the servlet of the form action, and then turn to this address , the parameter is connected to the address, this time the parameters are not verified by the client .

server-side validation examples

　　get parameters from the form: JSP obtains form information through the request built-in object, and obtains different kinds of information in different ways.

Server-side validator, first remove the client validation part, that is, remove the form:onsubmit= "return Validate ()"

The data submitted by the user in the form is then uploaded directly to the server side, which is validated by the server-side servlet:

The method is as follows: Put the error message in a String type list when there is an error, finally determine whether the list is empty, if it is empty, turn to verify the success of the page, if the list is not empty, then go to the failed page, display the error message.

PackageCom.shengqishiwind.servlet;ImportJava.io.IOException;ImportJava.util.ArrayList;ImportJava.util.List;ImportJavax.servlet.ServletException;ImportJavax.servlet.http.HttpServlet;ImportJavax.servlet.http.HttpServletRequest;ImportJavax.servlet.http.HttpServletResponse;PublicClass ValidateservletExtendshttpservlet{@OverrideProtectedvoidDoget (httpservletrequest req, HttpServletResponse resp)ThrowsServletexception, IOException {String username = req.getparameter ("username"); String Password = req.getparameter ("Password"); String Repassword = Req.getparameter ("Repassword"); list<string> list =New arraylist<string>();IfNULL = = Username | | "". Equals (username)) {List.add ("username can ' t be blank!"); }IfNULL = = Password | | Password.length () <6 | | Password.length () >10{List.add ("password should be between 6 and 10")); }IfNull = = Repassword | | Repassword.length () <6 | | Repassword.length () >10{List.add ("Repassword should be between 6 and 10")); }IfNull! = password &&Null! = Repassword &&!Password.equals (Repassword)) {List.add ("Password and repassword don ' t match!"); }//There are two kinds of results: validation passed and not passedIf (List.isEmpty ()) {Req.setattribute ("username" else {Req.setattribute ("error" , list); Req.getrequestdispatcher (".. /error.jsp "protected void  DoPost (httpservletrequest req, HttpServletResponse resp) throws Servletexception, IOException {this.doget (req, resp);}          

Success page JSP body section:

  <Body>Username<%=Request.getattribute ("username") %><br> password:<%=  Request.getattribute ("password") %><br> </Body >                   

Failed page:

  <Body><H1>login failed</H1><%List<String>List=<string> "error" ); forstring Str:list) {out.println (Str+ "<br> ");} %> </body>                 

References

Santhiya Garden Zhang Long teacher Java Web Training video 022.

Validation of forms: Client authentication and server-side validation