Thanks for the replies. I figured out what was causing the problem. I
was using parameters with dashes in it and that was causing this
problem. Since I only tested with different parameters with dashes in
them, I assume it was happening with all parameters. My bad!
So the problem would not happen with ${param.P}, but only with
${param.my-code}. I guess with parameters with dashes in it, it treats
it as a calculation and therefore returns a 0.
Regarding the javascript attack in the code sample, you are probably
right. I guess a <c:out> escaping the XML characters will probably help
a lot already, but it does require more thought.
Otmar
On 6/9/2010 4:09 AM, Pid wrote:
On 08/06/2010 19:06, Otmar Manuela wrote:
Hi,
I have a contact page, which contains a struts form. However, on that
page, when trying to read the URL parameters, I get a zero instead of
the parameter value, unless I use<%= request.getParameter() %>.
Example:
URL loading the contact form page:
http://www.somedomain.com/contact.do?itemCode=ABC
Contact Form Page:
......
<p>Please send me info regarding ${param.itemCode}</p>
<html:form action="contactForm">
....
....
<html:submit>Submit</html:submit>
</html:form>
.....
The paragraph in the Contact Form page above shows "Please send me info
regarding 0". If I change ${param.itemCode} with<%=
request.getParameter("itemCode") %>, I get "Please send me info
regarding ABC", which is what I want to show.
This is the first time I encountered this issue. Normally both would
return the same thing.
Any idea what is happening? I'm trying to avoid the "<%= %>" syntax
as much as possible.
Hard to know which JSP version you're using without knowing which Tomcat
version, and which version number you have in your web.xml.
It's usually a good idea to tell us everything about your environment,
including exact Tomcat, OS, JVM and any relevant library versions.
If you want to use EL scripting then you may also need to check it's
enabled by default (jsp-config section of web.xml if memory servers)
p
P.S. Also, the above code is probably horribly exposed to javascript
attacks, you should not display raw parameter information anywhere in
your HTML
Thanks,
Otmar
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
