Home

JSP and Beyond

a pragmatic primer on building web-based solutions with Java technologies


Validating User Input

JSPs do not inherently have any ability to provide basic form validation. Due to this, there are many different ways in which to augment the core that JSP provides to enable form validation for user input.

JavaScript
JavaScript is a powerful client side tool that can help to validate forms by understanding each part of a form and comparing the values submitted with those that you would like to require. The only issue with JavaScript form validation is that you need to rely on the client side to process the form correctly. Some users disable JavaScript and malicious users can circumvent JavaScript-based form validation. This means that although it is an option (and perhaps the most common option to implement for web applications), it is not the most secure method of validation.

The sample below illustrates a form that validates a user’s email address to ensure that it conforms to a standard email address pattern.

<html>
<head>
<script type=”text/javascript”>
function validate_email(field,alerttxt)
{
with (field)
{
apos=value.indexOf(”@”)
dotpos=value.lastIndexOf(”.”)
if (apos<1||dotpos-apos<2)
{alert(alerttxt);return false}
else {return true}
}
}
function validate_form(thisform)
{
with (thisform)
{
if (validate_email(email,”Not a valid e-mail address!”)==false)
{email.focus();return false}
}
}
</script>
</head>
<body>
<form action=”submitpage.htm”
onsubmit=”return validate_form(this);”
method=”post”>
Email: <input type=”text” name=”email” size=”30″>
<input type=”submit” value=”Submit”>
</form>
</body>
</html>

For complete details on a range of JavaScript validation more information can be found at:
http://www.w3schools.com/js/js_form_validation.asp

JSTL Form Validation
Validation using JSTL provides a few advantages over the above method. Namely the validation happens on the server side. It is fairly elegant and easy to use.

<%@ page contentType=”text/html” %>
<%@ taglib prefix=”c” uri=”http://java.sun.com/jstl/core_rt” %>
<html>
<head>
<title>JSTL Validation Test</title>
</head>
<body>
<form action=”JSTLValidation.jsp” method=”post”>
<input type=”hidden” name=”submitted” value=”true”>
<c:if test=”${param.submitted && empty param.yourName}”>
*Please submit a value for your name<br>
</c:if>

<c:choose>
<c:when test=’${not empty param.yourName}’>
Thanks <c:out value=’${param.yourName}’/>!<br>
</c:when>

<c:otherwise>
*Please submit a value for your name<br>
</c:otherwise>
</c:choose>

Your name <input type=”text” name=”yourName” value=”<c:out value=”${param.yourName}” />”>
<input type=”submit” value=”submit”>
</form>
</body>

Advanced Validation
With all of this being said more intricate frameworks like Struts and JSF provide additional tools to help with form validation as it is a staple of application development. These are beyond the scope of this primer, but we encourage you to dig in and check them out as they are becoming the preferred method for medium to large scale application development. We provide an overview of these frameworks in our Next Steps section.