Win a copy of Mastering Corda: Blockchain for Java Developers this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Jj Roberts
  • Carey Brown
Bartenders:
  • salvin francis
  • Frits Walraven
  • Piet Souris

string literal not properly closed by double quotes

 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<a href="delete.jsp?d=<%=resultSet.getInt("empid") %>"> Delete</a></td>
string literal not properly closed by double quotes
 
Marshal
Posts: 71667
312
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to the Ranch

Maybe the compiler is interpreting the text as the code tags do: “empid” is after the second quote and therefore isn't part of the String literal. What happens if you escape the quotes around “empid”? Otherwise, don't know. Somebody else will know.
 
Marshal
Posts: 67496
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you using scriptlets versus the JSTL/EL?
 
Master Rancher
Posts: 3754
48
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're trying to use " for two different things - it's marking the boundaries of the href attribute value, and it's part of that value, as part of the Java code string literal "empId".  Aside from escaping those as Campbell suggested, try changing the outer quotes to be single quotes:

HTML lets you choose between " and ' for precisely this reason - to avoid a clash with other uses of the characters.
 
Bear Bibeault
Marshal
Posts: 67496
173
Mac Mac OS X IntelliJ IDE jQuery Java
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'll also throw up a seriously red flag that you are sending a resultset to a JSP.
 
Marshal
Posts: 3349
492
Android Eclipse IDE TypeScript Redhat MicroProfile Quarkus Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Also, I would suspect that bad guys would be able to arbitrarily delete records from the database by calling the delete.jsp endpoint with whatever values they please.

And depending on what the scriplet in the in the delete.jsp looks like, you may be vulnerable to SQL injection with something like delete.jsp?d=0; DELETE FROM employees; (like in this example).
 
Saloon Keeper
Posts: 22998
156
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Bear Bibeault wrote:Why are you using scriptlets versus the JSTL/EL?




Scriptlets are sooo last millenium!

 
reply
    Bookmark Topic Watch Topic
  • New Topic