Results 1 to 5 of 5

Thread: java parameters and attributes

  1. #1
    Join Date
    Mar 2004

    java parameters and attributes

    Can someone give me a quick description of the differences between a request attribute and a request parameter? I have tried to cycle through all the parameters in a request, using getParameterNames and getParameter,in the hopes that I could modify the data and set it back to the request with setAttribute. This doesn't seem to work.

  2. #2
    Join Date
    Nov 2003
    Jerryville, Tejas
    A "parameter" is a form field name/value pair passed from the HTML side of the world. Its value is a String.

    An "attribute" is a Java object name/value pair passed only through the internal JavaServer processes. (I.e. it can come from a JSP or servlet but not an HTML page.) Its value is an Object.

    You can't alter the request parameters, just read them. If you could there would be a setParameter() method. Parameters and attributes do not share a name space so a parameter named "foo" and an attribute keyed "foo" are distinct.

  3. #3
    Join Date
    Mar 2004
    Thanks. That was very clear. So I am hosed taking this approach. I guess I would have to interogate these fields at the screen level on a submit. I could use JavaScript to go through each and change them before sending them on. More work but is sounds doable.

    If there is a better approach please let me know (anyone).

  4. #4
    Join Date
    Nov 2003
    Jerryville, Tejas
    If you know your users have Javascript enabled then you could certainly massage the parameters before submitting the form. A better way might be to let the servlet create an object using the parameter values then using that object as an attribute.

  5. #5
    Join Date
    Apr 2006
    I know this is a very old thread - but I was looking for something similar in order to create a generic routine to scan the values of incoming parameters and replace/encode characters normally seen as part of an SQL injection attack ( --, ', ") or a Cross site scripting attack ( <, >).

    I ran across this code from the jGuru site that looks potentially useful:
    (Code copy and pasted below)

    I plan (hopefully) to adapt the below technique to "clean" all incoming parameters values so I will not have to go though and edit 300+ exist JSP form pages individually, with all their separate parameter names, etc..

    package com.ragingnet.util;
    import javax.servlet.*;
    import javax.servlet.http.*;
    import java.io.*;
    import java.util.*;
    import java.net.*;
    /** Called by another servlet or jsp page to pass post parameters - both from the original request,
     *  and new ones added to it - on to another page, such as a CGI script.
     *  This is probably not of any use in a pure Servlet/JSP environment, but useful for passing
     *  requests along to existing CGI scripts, etc.
     *  Useage: First call the following:
     *    setUrlForward(url)   [required]
     *    setPassExistingParams(boolean)   [optional - default is TRUE]
     *    setParam(paramName, paramValue)    [multiple times if desired]
     *    setHeader(headerName, headerValue)   [multiple times if desired]
     *  Then call Go(request, response)
     * @author Roger Hand
     * @date  April 2, 2001
    public class PassPostRequestServlet extends HttpServlet {
      private String urlForward = null;
      private Vector vectParams = new Vector();
      private Vector vectHeaders = new Vector();
      /* by default, we pass existing params from the originating page,
      but this can be suppressed if desired. */
      private boolean passExistingParams = true;
      /**Initialize global variables*/
      private static final String CONTENT_TYPE = "text/html";
      private static final int ARRAY_POS_PARAMNAME = 0;
      private static final int ARRAY_POS_PARAMVALUE = 1;
      private static final int ARRAY_POS_HEADERNAME = 0;
      private static final int ARRAY_POS_HEADERVALUE = 1;
      private static final boolean debug = true;
      public void init(ServletConfig config) throws ServletException {
      public void setParam(String paramName, String paramValue) {
        String[] arrayParamName_Value = {paramName, URLEncoder.encode(paramValue)};
      public void setParam(String paramName, int paramValue) {
        setParam(paramName, Integer.toString(paramValue));
      public void setHeader(String headerName, String headerValue) {
        String[] arrayHeaderName_Value = {headerName, headerValue};
      public void Go(HttpServletRequest request, HttpServletResponse response)  throws ServletException, IOException {
        boolean debug = false;
        PrintWriter out = response.getWriter();
             * First we SEND the request to the web server
            URL url = new URL(urlForward);
            URLConnection connection = url.openConnection();
            if (debug) System.out.println("Opened connection to " + urlForward);
            /* ADD our NEW HEADERS here */
            /* We don't pass on any existing headers
              It could be we may want to pick and choose a few to send on */
            for (int iHeader = 0;iHeader < vectHeaders.size(); iHeader++) {
              String[] arrayHeaderName_Value = (String[])vectHeaders.get(iHeader);
              connection.setRequestProperty(arrayHeaderName_Value[ARRAY_POS_HEADERNAME], arrayHeaderName_Value[ARRAY_POS_HEADERVALUE]);
              if (debug) System.out.println("Added header " + arrayHeaderName_Value[ARRAY_POS_HEADERNAME] +
                " with value " + arrayHeaderName_Value[ARRAY_POS_HEADERVALUE]);
            } //next header
            PrintStream outStream =
                   new PrintStream(connection.getOutputStream());
            /* Pass on EXISTING PARAMS here (if desired)
              These are parameters set in the original form from the browser.
              It seems we should just be able to pass them on, but I haven't found a way,
              so we've gotta recreate them here.
            String paramString = "";
            if (passExistingParams) {
              Enumeration enumPNames = request.getParameterNames();
              while(enumPNames.hasMoreElements()) {
                String paramName = (String)enumPNames.nextElement();
                String[] arrayParam = request.getParameterValues(paramName);
                if (arrayParam != null) {
                  for(int iParam=0; iParam < arrayParam.length; iParam++) {
                    paramString += paramName + "=" + arrayParam[iParam] + "&";
            } //if (passExistingParams) {
            /* ADD our NEW PARAMS here */
            for (int iParam = 0;iParam < vectParams.size(); iParam++) {
              String[] arrayParamName_Value = (String[])vectParams.get(iParam);
              paramString += arrayParamName_Value[ARRAY_POS_PARAMNAME] + "=" + arrayParamName_Value[ARRAY_POS_PARAMVALUE] + "&";
            } //next parameter
            /* get rid of last '&' */
            if (paramString.endsWith("&")) {
              paramString = paramString.substring(0, paramString.length() - 1);
            if (debug) System.out.println("paramString is " + paramString);
            //Sending parameter to URL/CGI
             * Now we RECEIVE response from web server and pass it back to browser client
            String inputLine;
       BufferedReader inStream =
          new BufferedReader(
          new InputStreamReader(connection.getInputStream()));
              /* this was in example, but is deprecated usage */
             //inStream = new DataInputStream(connection.getInputStream());
             while (null != (inputLine = inStream.readLine())) {
        } catch (MalformedURLException me) {
            System.err.println("MalformedURLException: " + me);
        } catch (IOException ioe) {
            System.err.println("IOException: " + ioe);
      /**Clean up resources*/
      public void destroy() {
      public void setUrlForward(String newUrlForward) {
        urlForward = newUrlForward;
      public void setPassExistingParams(boolean newPassExistingParams) {
        passExistingParams = newPassExistingParams;

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center

Recent Articles