HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Is it advisable to integrate SQL statements in the JSP pages that are not displayed to the user but handled at the back?

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
integratethedisplayedsqlstatementsareuserbutbackjsp

Problem

I have a signup form in which the user has to enter the email address and after some quick asynchronous processing at the backend I have to tell the user that whether the email address is already registered or not.

Below is a sample example of the JSP page that I have created,


    var request;
      function createRequest(){
                if(window.XMLHttpRequest){
                    request=new XMLHttpRequest();
                }
                else if(window.ActiveXObject){
                request=new ActiveXObject("Microsoft.XMLHTTP");
                }
            }

            //Below 2 functions are to check whether the email entered by the user is already registered or not
            function checkDuplicate(){

                var email = document.getElementById("inputEmail").value;

                if(email!=""){

                     createRequest();
                     var url = "../ajaxPages/check_email.jsp?email="+email;
                     try{
                        request.onreadystatechange=duplicateEmailMessage;
                        request.open("GET",url,true);
                        request.send();
                     }catch(e){
                        alert("Unable to connect to server");
                     }
                }
            }
            function duplicateEmailMessage(){
                if(request.readyState==4){
                    var x = document.getElementById("duplicateEmail");
                    var msg = request.responseText;
                    x.innerHTML = msg;
                } 
            }


Now the at the backend the check_email.jsp page will be like this,


    
        
    


I know that it is not advisable to include the database interaction in the JSP page but as this page would be handled in the backend without any direct interaction from the user I'm very tempted to use check_email.jsp as above.
Can anyone tell me how to handle the check_email.jsp by the ideal way?

Solution

General advice


I know that it is not advisable to include the database interaction in
the JSP page but as this page would be handled in the backend without
any direct interaction from the user I'm very tempted to use
check_email.jsp as above.

It's a good thing when you know that something is wrong to search for a better way to do it. This is an important part of having good code in my opinion.

What you must not do, is code something that you know is not right, but look like having no impact of security or side effects. There is a chance that you won't be the last programmer on this code. What will happen if he decide that the view is more publicly accessible ? (In this case not much since from my understanding, JSP tag are interpreted server-side)

There is one thing you know for sure, that if this code is in the server/controller/service, it will be where he belong!

Re-usability

This SQL request looks to me like a request that could be re-use in different in an application. Will paste it everywhere you need it or would ratter call a service that will return the result of the query ? The second option look better to me.

I can't provide a good example of a service without knowing what framework you use. There is plenty of resource on the internet that could help you, I could point you some tutorials if I could know what your set-up is.

Quick note

In your JavaScript you have var url = "../ajaxPages/check_email.jsp?email="+email;. Are those pages suppose to be responses to AJAX request ? If so, you should know that you can probably create a controller that do respond to AJAX request. In my opinion, this will help you keep all the important logic in the controller and remove some JSP pages that I guess are not doing what they should be doing.

Context

StackExchange Code Review Q#43115, answer score: 4

Revisions (0)

No revisions yet.