StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>Simplest way: just let the link point to a JSP page and pass row ID as parameter:</p> <pre><code><a href="delete.jsp?id=1">delete</a> </code></pre> <p>And in <code>delete.jsp</code> <em>(I'm leaving obvious request parameter checking/validating aside)</em>:</p> <pre><code><% dao.delete(Long.valueOf(request.getParameter("id"))); %> </code></pre> <p>This is however a pretty <a href="https://stackoverflow.com/questions/3177733/how-to-avoid-java-code-in-jsp-files/">poor practice</a> (that was still an understatement) and due to two reasons:</p> <ol> <li><p>HTTP requests which modifies the data on the server side should not be done by <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.3" rel="nofollow noreferrer">GET</a>, but by <a href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.5" rel="nofollow noreferrer">POST</a>. Links are implicit GET. Imagine what would happen when a web crawler like googlebot tries to follow all delete links. You should use a <code><form method="post"></code> and a <code><button type="submit"></code> for the delete action. You can however use CSS to style the button to look like a link. Edit links which just preload the item to prefill the edit form can safely be GET.</p></li> <li><p>Putting business logic (<em>functions</em> as you call it) in a JSP using <em>scriptlets</em> (those <code><% %></code> things) is discouraged. You should use a <em>Servlet</em> to control, preprocess and postprocess HTTP requests.</p></li> </ol> <p>Since you didn't tell any word about a servlet in your question, I suspect that you're already using scriptlets to load data from DB and display it in a table. That should also be done by a servlet. </p> <p>Here's a basic kickoff example how to do it all. I have no idea what the table data represents, so let take <code>Product</code> as an example.</p> <pre><code>public class Product { private Long id; private String name; private String description; private BigDecimal price; // Add/generate public getters and setters. } </code></pre> <p>And then the JSP file which uses <a href="https://stackoverflow.com/tags/jstl/info">JSTL</a> (just drop <a href="http://central.maven.org/maven2/javax/servlet/jstl/1.2/jstl-1.2.jar" rel="nofollow noreferrer">jstl-1.2.jar</a> in <code>/WEB-INF/lib</code> to install it) to display the <em>products</em> in a table with an edit link and a delete button in each row:</p> <pre><code><%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> ... <form action="products" method="post"> <table> <c:forEach items="${products}" var="product"> <tr> <td><c:out value="${fn:escapeXml(product.name)}" /></td> <td><c:out value="${product.description}" /></td> <td><fmt:formatNumber value="${product.price}" type="currency" currencyCode="USD" /></td> <td><a href="${pageContext.request.contextPath}/product?edit=${product.id}">edit</a></td> <td><button type="submit" name="delete" value="${product.id}">delete</button></td> </tr> </c:forEach> </table> <a href="${pageContext.request.contextPath}/product">add</a> </form> </code></pre> <p>Name it <code>products.jsp</code> and put it in <code>/WEB-INF</code> folder so that it's not directly accessible by URL (so that the enduser is forced to call the servlet for that).</p> <p>Here's how the servlet roughly look like (validation omitted for brevity):</p> <pre><code>@WebServlet("/products") public class ProductsServlet extends HttpServlet { private ProductDAO productDAO; // EJB, plain DAO, etc. @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { List<Product> products = productDAO.list(); request.setAttribute("products", products); // Will be available as ${products} in JSP. request.getRequestDispatcher("/WEB-INF/products.jsp").forward(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String delete = request.getParameter("delete"); if (delete != null) { // Is the delete button pressed? productDAO.delete(Long.valueOf(delete)); } response.sendRedirect(request.getContextPath() + "/products"); // Refresh page with table. } } </code></pre> <p>Here's how the add/edit form at <code>/WEB-INF/product.jsp</code> can look like:</p> <pre><code><%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> ... <form action="product" method="post"> <label for="name">Name</label> <input id="name" name="name" value="${fn:escapeXml(product.name)}" /> <br/> <label for="description">Description</label> <input id="description" name="description" value="${fn:escapeXml(product.description)}" /> <br/> <label for="price">Price</label> <input id="price" name="price" value="${fn:escapeXml(product.price)}" /> <br/> <button type="submit" name="save" value="${product.id}">save</button> </form> </code></pre> <p>The <code>fn:escapeXml()</code> is just there to prevent <a href="https://stackoverflow.com/questions/2658922/xss-prevention-in-jsp-servlet-web-application">XSS attacks</a> when edit data is redisplayed, it does exactly the same as <code><c:out></code>, only better suitable for usage in attribtues.</p> <p>Here's how the <code>product</code> servlet can look like (again, conversion/validation omitted for brevity):</p> <pre><code>@WebServlet("/product") public class ProductServlet extends HttpServlet { private ProductDAO productDAO; // EJB, plain DAO, etc. @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String edit = request.getParameter("edit"); if (edit != null) { // Is the edit link clicked? Product product = productDAO.find(Long.valueOf(delete)); request.setAttribute("product", product); // Will be available as ${product} in JSP. } request.getRequestDispatcher("/WEB-INF/product.jsp").forward(request, response); } @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String save = request.getParameter("save"); if (save != null) { // Is the save button pressed? (note: if empty then no product ID was supplied, which means that it's "add product". Product product = (save.isEmpty()) ? new Product() : productDAO.find(Long.valueOf(save)); product.setName(request.getParameter("name")); product.setDescription(request.getParameter("description")); product.setPrice(new BigDecimal(request.getParameter("price"))); productDAO.save(product); } response.sendRedirect(request.getContextPath() + "/products"); // Go to page with table. } } </code></pre> <p>Deploy and run it. You can open the table by <a href="http://example.com/contextname/products" rel="nofollow noreferrer">http://example.com/contextname/products</a>.</p> <p><strong>See also:</strong></p> <ul> <li><a href="https://stackoverflow.com/tags/servlets/info">Our servlets wiki page</a> (also contains an example with validation)</li> <li><a href="https://stackoverflow.com/questions/2349633/doget-and-dopost-in-servlets">doGet and doPost in Servlets</a></li> <li><a href="https://stackoverflow.com/questions/5003142/show-jdbc-resultset-in-html-table-in-jsp-page-using-mvc-pattern">Show JDBC ResultSet in HTML in JSP page using MVC and DAO pattern</a></li> </ul>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload