void checkIntWithinRange( HttpServletRequest request, String paramName, int min, int max, FormResponse response) { String rawValue; int value; // First, does this parameter exist in the response? rawValue = request.getParameter(paramName); if (rawValue == null) { response.setAcceptance(false); response.addParamResult(paramName, "Field is missing from request."); return; } // Parse the raw value into an integer try { value = Integer.parseInt(rawValue); } catch (Exception ex) { response.setAcceptance(false); response.addParamResult(paramName, "Value is not an integer"); return; } // Check to see if the integer is within range. if (value > max) { response.setAcceptance(false); response.addParamResult(paramName, "Value cannot be greater than " + max); return; } if (value < min) { response.setAcceptance(false); response.addParamResult(paramName, "Value cannot be less than " + min); return; } // All checks have been cleared response.addParamResult(paramName, ""); }
/** * Just see if a parameter is present or not, and update the response as appropriate. * * @param request * @param paramName * @param response */ void checkIsValidString( HttpServletRequest request, String paramName, FormResponse response, boolean canBeBlank) { String rawValue; rawValue = request.getParameter(paramName); if (rawValue == null) { response.setAcceptance(false); response.addParamResult(paramName, "Field is missing from request."); return; } if (rawValue.trim().length() == 0 && !canBeBlank) { response.setAcceptance(false); response.addParamResult(paramName, "Value cannot be blank."); } // Parameter is present; acccept it. response.addParamResult(paramName, ""); }
/** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void addObject(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Connection c; PreparedStatement st; ResultSet set; String objName; int objTileSrc; int objXOff; int objYOff; int objWidth; int objHeight; String objDesc; int objId; int objAuth; Gson Gson; FormResponse resp; resp = null; c = null; st = null; set = null; Gson = new Gson(); try { // Verify we have authorization to do this! TODO: Set a special response code on authorization // failure. // Perform a quick, cursory validation resp = validateAddForm(request); if (!resp.isAccepted()) { resp.setResult("FAIL"); } else { // Apply parameters objName = request.getParameter("title"); objDesc = request.getParameter("desc"); objTileSrc = Integer.parseInt(request.getParameter("tileset")); objXOff = Integer.parseInt(request.getParameter("objXOff")); objYOff = Integer.parseInt(request.getParameter("objYOff")); objWidth = Integer.parseInt(request.getParameter("objWidth")); objHeight = Integer.parseInt(request.getParameter("objHeight")); // objAuth = (Integer) request.getSession().getAttribute("userid"); // TODO: Get the public flag System.out.println("Object name: '" + objName + "'"); // Generate the query c = DBResourceManager.getConnection(); st = c.prepareStatement(OBJTYPE_INSERT, PreparedStatement.RETURN_GENERATED_KEYS); st.setString(1, objName); st.setInt(2, objTileSrc); st.setInt(3, objXOff); st.setInt(4, objYOff); st.setInt(5, objWidth); st.setInt(6, objHeight); st.setString(7, objDesc); st.execute(); set = st.getGeneratedKeys(); // Grab the generated key if (set.next()) { objId = set.getInt(1); resp.setResult("OK"); resp.addParamResult("objId", "VALUEUP:" + objId); // Send the OK. Note that Dojo requires us to wrap the response // in an html doc's text area for max. compatibility. } else { System.out.println("Failure to create object."); resp.setResult("FAIL"); } } // Send the resposne object no matter what response .getWriter() .println("<html><body><textarea>" + Gson.toJson(resp) + "</textarea></html></body>"); } catch (Exception ex) { ex.printStackTrace(); if (resp == null) { resp = new FormResponse(); resp.setAcceptance(false); } resp.setResult("FAIL"); resp.addMessage(ex.toString()); response .getWriter() .println("<html><body><textarea>" + ex.toString() + "</textarea></html></body>"); } finally { DataTools.safeCleanUp(c, st, set); } }