In my project there is a particular interface with a COMBO BOX and many text
fields.The combo is populated from a database and displays the names of
lecturers but though it display names the values given to each and every option
is lecturer identity which is a unigue key to each and every lecturer. That
particular code is as follows(only the above discussed part)
...
out.println("<select name=dept size=1>");
while(rs.next()){
out.println("<option
value="+rs.getString("lecturer_id")+">"+rs.getString("lec_name"));
}
out.println("</select>");
....
And after the combo box there is another text box which asks the
user(client=lecturer) to input his lecturer id. Then I wrote a JAVA Script to
validate these two values.
Why I did in this way is since I have lecturer id with me I can compare it
with the
entered value rather than queryying the database again.Take in to account that
lecturer id is a seceret value only that particular lecturer know.
(Consider that though the user go to view-pagesource in his browser he cant
see the
lec-id coz am calling this servlet from a HTml document.)
Now I have 2 problems.
1)Is this method good enough as far as the security is concerned. Or Should
I not
incooperate the LecID with the combo and later querry the database again to
validate
the entered LecturerID with the real value.
2)The Biggest problem is the the relevant java Script does not work the code is
....
out.println("<script language=javascript>");
out.println("function hello(servletName,f)");
out.println("{ if(f.input_lecID.value!=f.combo_LEC_ID.value) {");
out.println("alert(\"Wrong Lec Id Access Denied\");}");
out.println("else {");
out.println("document.myform.action=servletName;");
out.println("document.myform.submit();}}");
...
Gives error in the above comparison.
consider f=form and ignore the servletname for the time being.
Though the lecturer id in the database is text it cannot compare the two
values which
the user enters in the combo and in the text box.Whats wrong. Then I wrote a
Java
Script to get the value combo then it says it is null.What's wrong.
(How can I deal with combo's populated like this)
Write me soon.
Early answer very much appreciated.
lalith
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
