Here,
<jsp:setProperty name="db" property="userName" value="<%=request.getParameter("userName")%>"/>
<jsp:setProperty name="db" property="password" value="<%=request.getParameter("password")%>"/>
you're attempting to mix scriptlets and taglibs. This is invalid. Use the one or the other. When the userName
would contain a doublequote like foo"bar
then the value of the JSP tag will basically end up like value="foo"bar"
. This is syntactically invalid.
Since scriptlets is a dead technology, I'd suggest to just get rid of it altogether. The proper way would be to use EL. In EL, all request parameters are available as a Map<String, String>
through the implicit variable ${param}
. Make use of it.
<jsp:setProperty name="db" property="userName" value="${param.userName}"/>
<jsp:setProperty name="db" property="password" value="${param.password}"/>
Alternatively, you can also let JSP automagically set all properties as below when all parameter names are the same as property names anyway:
<jsp:setProperty name="db" property="*"/>
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…