Same request Parameters in Url String and POST request - html

I have observed a confusing thing while checking some basics of query parameters and POST requests.
Below is a code portion in index.jsp
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Index Page</title>
</head>
<body>
<form name = "testForm" action="index.jsp?username=uname1" method = "POST">
Username : <input type="text" name="username" value=""/>
<input type="submit" value="Submit">
</form>
<%
String username = request.getParameter("username");
out.println("Username = " + username);
%>
</body>
</html>
On running this code, When I enter the value in textbox username as 'uname2' and click Submit button, the output is shown as 'uname1'.
After that I change the method of form 'testForm' as 'GET' and then re-run the file on server.
When I enter the username as 'uname2' and click submit button, I get output as 'uname2'
I am not able to understand this behavior. Can anyone please help me understand why is this happening ?

Because multiple parameters with the same name can be submitted using GET, POST or by a combination of both. The order in which they are applied is completely arbitrary.
Look at the Servlet API documentation and you will see the following:
getParameterValues
java.lang.String[] getParameterValues(java.lang.String name)
Returns an array of String objects containing all of the values the given
request parameter has, or null if the parameter does not exist. If the
parameter has a single value, the array has a length of 1.
Parameters: name - a String containing the name of the parameter whose
value is requested Returns: an array of String objects containing the
parameter's values See Also: getParameter(java.lang.String)
The method getParameterValue(String name) is provided as a convenience:
getParameter
java.lang.String getParameter(java.lang.String name)
Returns the value
of a request parameter as a String, or null if the parameter does not
exist. Request parameters are extra information sent with the request.
For HTTP servlets, parameters are contained in the query string or
posted form data. You should only use this method when you are sure
the parameter has only one value. If the parameter might have more
than one value, use getParameterValues(java.lang.String).
If you use this method with a multivalued parameter, the value
returned is equal to the first value in the array returned by
getParameterValues.
http://docs.oracle.com/javaee/6/api/javax/servlet/ServletRequest.html

Because getParameter() in this case is grabbing it from your GET, not your POST.
See, your action is explicitly specifying the username to be uname1, and then your POST says uname2, I'm not really sure how java decides which parameter to accept, off the top of my head, but you can just remove the query trying parameter of your post form and it should work fine.

By default http uses GET method, here you are mentioning explicitly username in the action and trying to send them using POST. I think http is sending that data through GET method rather than POST.

Related

HTML validation error message reveals correct value unintentionally

I am trying to use an HTML number input field to validate a one-time code a user has. The one-time code is a Django model attribute under the user model, with the user object passed into the HTML template. Currently it is set up as such:
<input type="number" name="auth_code" value="" min="{{user.auth_code}}" max="{{user.auth_code}}" onchange="this.setCustomValidity('')" onkeypress="this.setCustomValidity('')" oninput="this.setCustomValidity('')" oninvalid="this.setCustomValidity('This authorization code is incorrect.')" required />
If the user's code is 100000, and I enter 100001, I get the oninvalid message (as expected). However, if I delete a digit (or the whole number), I get a message stating "The value must be user.authcode." Clearly I don't want this value shown.
If I set any message in the onchange or oninput field other than ('') (i.e. ('Enter a code.')), I can't validate any code (correct or incorrect). I run into the "This authorization code is incorrect." message even when validating 100000.
How can I get around this?

How to retrieve a single contact with gdata? Getting a 'not supported' error

I'm copying the code here https://developers.google.com/google-apps/contacts/v3/#retrieving_a_single_contact.
And here's my code:
Dim cr = ContactAuthentication()
Dim groups = GetGroups(cr)
Dim entry As Contact
entry = cr.Retrieve(Of Contact)(New Uri("https://www.google.com/m8/feeds/contacts/default/full/38B2D4F80D96B2C2"))
On the last line, it falls with the following error:
Google.GData.Client.GDataRequestException: 'Execution of request
failed:
https://www.google.com/m8/feeds/contacts/default/full/38B2D4F80D96B2C2?max-results=100'
"The 'max-results' parameter is not supported on this
resource"
Which is odd, since I never put in a max result parameter. Also, if it makes any difference, the Google docs show an example that takes a string url as the param for Retrieve. I could not find such an overload, the closest is what I put here, using a Uri
Anyone have any ideas how I can retrieve a single contact by id for updating?
Thanks!
You may refer with this documentation: Retrieving a single contact. To retrieve a single contact, send an authorized GET request to the contact's selfLink URL:
https://www.google.com/m8/feeds/contacts/{userEmail}/full/{contactId}
With the appropriate values in place of userEmail and contactID. Be noted that the special userEmail value default can be used to refer to the authenticated user.
And as referred with this post, maybe you had setting.Pagesize = 100, which caused your uri to be https://www.google.com/m8/feeds/contacts/{userEmail}/full/{contactId}?max-results=100.
Hope this helps!

Enummerate Field Names In Swagger

So I have done some hunting around online, and have been able to figure out how to use the enum tag in a swagger doc to specify a list of possible values for a field. However, in my current API what I need instead is to have a list of potential fields, each of which has a string value.
To be more precise, I have a POST request that sends JSON in the request body. As part of this request users need to send a single ID field. However, we accept multiple types of ID fields. So the request would look something like this:
{name:"name", product:"product", [FirstIdType, SecondIdType, ThirdIdType]:"ID Value"}
So I need to have the user submit a JSON that has a name, product, and one of FirstIdType, SecondIdType, or ThirdIdType. Technically it is required to have exactly one of those three ID types in the request, but I don't really mind if that isn't possible in the swagger doc. Noting it in the description for the field is fine.
The other constraint is that I can't really change the design at this point. The app has already been built using this design and changing it is out of my hands. Which means that I can't just make an array of ID Types and then choose one of them.
Here is the relevant bit from my swagger doc. The area that needs changed is the ID field. Any thoughts or directions on how to get that to go forward would be really appreciated.
definitions:
request_post:
description: (post) request schema
properties:
name:
type: string
product:
type: string
Id:
type: string
Instead of defining what optional fields can come on the path, you can label the fields that are required and make the rest variable by default.
http://swagger.io/specification/#parameterObject
required boolean Determines whether this parameter is mandatory. If
the parameter is in "path", this property is required and its value
MUST be true. Otherwise, the property MAY be included and its default
value is false.

GET and POST values in the same link

I want something like this:
link
GET and 2x POST in hyperlink. How can I do that? Nothing wants to work
I have a GET array in PHP and I want to generate a link which leads to the correct url to give me those GET variables.
You can't have 2 GET variables with the same name. You can arrange them into an array as follows:
link
Just for clarification, this is still a GET request, links cannot normally produce a POST request, nor you should try to achieve that not-normally.
EDIT: To answer OP's calrification.
If you have a $_GET array, and you want to generate a link to get you there, you can use http_build_query()
I don't think you understand what GET and POST means in the HTTP world. Any items you put on a query string of a URL are GET parameters, you can't have 2 with the same name. POST parameters are sent as a part of the request, not as a query string on the URL.
GET and POST are http operations.
Sending values by using the ? as a separator in the url is different but related. eg:
foo.com/page.php?val1=1&val2=2
The values are called Query String values.
For GET operations, values are sent as a query string values. For POST operations, the values are sent in the body of the POST request. This is why POST must be used when a lot of data is being sent to the server. (Query strings have a maximum length, HTTP requests do not.)
You can do a POST operation to a url that includes query string values. This is more common with Ajax requests but can be done in a form as well. Just set the action url to something like index.php?val1=1&val2=2 the form's (additional) values will be sent as the http body. Remember to set method="post" in the form.
Note that you will need to create the query string yourself in this example, including escaping it properly.
Repeating value names in the query string values
Usually this causes both values to be sent, but the server overwrites the variable and ends up only presenting the last one to the client software.
So if you use a url such as
<a href="http://localhost/index.php?get=abc&post=cde&post=efg">
// It will be decoded by php and most server-side frameworks as
set get to abc
set post to cde
set post to efg
Result: 2 variables, get and post
There is nothing in the HTTP standard that says you can't send two query string params with the same name. However, you won't be able to use $_GET to retrieve these values; $_GET will pick up the last one. Instead, you'll have to manually parse $_SERVER['QUERY_STRING']. It's not that hard and I've done it a number of times when PHP has to handle a URL pattern generated by a third-party tool. If you're feeling really fancy you can have your query-string parse routine generate a $_GET member as an array if more than one instance of that member is encountered.

Populate plugin not working correctly

Hi i'm trying to retrieve and populate a form. The following link with username Testing and password test123 .
The page is returning a correct JSON object (I tested it by putting on screen between paragraph tags) but the populate plugin is not populating. In firebug it show "no such element as" without displaying the element's name. The input field names are exactly the same is in the DB.
any ideas?
The problem is that your success callback gets passed a string argument, instead of the expected Object/Array, which causes the populate method to treat the whole input as a single unnamed value. This is caused by a typo in the options object passed to your $.ajax() call:
$.ajax({
// ...
datatype: 'json'
});
The option names are case sensitive and the correct spelling for the datatype attribute is dataType with a capital tee. By default, if the datatype option is missing/misspelled, jQuery will try to intelligently guess the datatype of the response and return the result as a formatted string (see the jQuery documentation). So just rename the datatype option to dataType and your fields get populated correctly.