Validating request parameters in formBackingObject()

**dwsmith75** · Oct 14th, 2004, 12:05 PM

I was just wondering what the best way to validate a request parameter that is used to query a database for the command object e.g.

Code:

    protected Object formBackingObject&#40;HttpServletRequest request&#41;
            throws Exception &#123;
        String reservationNumber = request.getParameter&#40;"reservationNumber"&#41;;
        if&#40;reservationNumber == null || reservationNumber.equals&#40;""&#41;&#41;&#123;
            return super.formBackingObject&#40;request&#41;;
        &#125;
        ReservationEntity reservationEntity = reservationService.findReservationEntity&#40;reservationNumber&#41;;
        return &#40;reservationEntity == null&#41; ? super.formBackingObject&#40;request&#41; &#58; reservationEntity;
    &#125;

Only problem with this code if someone screws around with the parameter reservationNumber and set it to something wierd that causes a sql error.

I can add validation logic in the method or in a helper class/method, but is this really the right solution?

**Ben Alex** · Oct 14th, 2004, 04:54 PM

First up, try using RequestUtils.getRequiredStringParameter, as it will throw nice error messages if the parameter is missing.

In relation to control characters, your DAO layer should be made responsible for escaping them, not your web controller.

Thread: Validating request parameters in formBackingObject()

Thread Tools

Display

Validating request parameters in formBackingObject()

Similar Threads

Hibernate Long Session Per Flow?

Having the jsp file in more than one resolvers

Request parameters not in command object

RequestScope and request parameters

FilterSecurityInterceptor and request parameters

Posting Permissions