Forum:

string literal not properly closed by double quotes

Greenhorn

Posts: 1

posted 1 year ago

<a href="delete.jsp?d=<%=resultSet.getInt("empid") %>"> Delete</a></td>
string literal not properly closed by double quotes

Campbell Ritchie

Marshal

Posts: 71667

312

posted 1 year ago

Welcome to the Ranch

Maybe the compiler is interpreting the text as the code tags do: “empid” is after the second quote and therefore isn't part of the String literal. What happens if you escape the quotes around “empid”? Otherwise, don't know. Somebody else will know.

Java 8 (verified skill)
Skill verified by Jeanne Boyarsky

Bear Bibeault

Marshal

Posts: 67496

173

I like...

posted 1 year ago

Why are you using scriptlets versus the JSTL/EL?

[Asking smart questions] [About Bear] [Books by Bear]

HTML 5 (verified skill)
Skill verified by Jeanne Boyarsky

CSS 3 (verified skill)
Skill verified by Jeanne Boyarsky

JavaScript (verified skill)
Skill verified by Jeanne Boyarsky

Mike Simmons

Master Rancher

Posts: 3754

posted 1 year ago

You're trying to use " for two different things - it's marking the boundaries of the href attribute value, and it's part of that value, as part of the Java code string literal "empId". Aside from escaping those as Campbell suggested, try changing the outer quotes to be single quotes:

HTML lets you choose between " and ' for precisely this reason - to avoid a clash with other uses of the characters.

Bear Bibeault

Marshal

Posts: 67496

173

I like...

posted 1 year ago

I'll also throw up a seriously red flag that you are sending a resultset to a JSP.

[Asking smart questions] [About Bear] [Books by Bear]

Ron McLeod

Marshal

Posts: 3349

492

I like...

posted 1 year ago

Also, I would suspect that bad guys would be able to arbitrarily delete records from the database by calling the delete.jsp endpoint with whatever values they please.

And depending on what the scriplet in the in the delete.jsp looks like, you may be vulnerable to SQL injection with something like delete.jsp?d=0; DELETE FROM employees; (like in this example).

You are entitled to your opinion. But you are not entitled to your own facts.
-- Daniel Patrick Moynihan

Tim Holloway

Saloon Keeper

Posts: 22998

156

I like...

posted 1 year ago

Bear Bibeault wrote:Why are you using scriptlets versus the JSTL/EL?

Scriptlets are sooo last millenium!

Some people, when well-known sources tell them that fire will burn them, don't put their hands in the fire.

Some people, being skeptical, will put their hands in the fire, get burned, and learn not to put their hands in the fire.

And some people, believing that they know better than well-known sources, will claim it's a lie, put their hands in the fire, and continue to scream it's a lie even as their hands burn down to charred stumps.