Submission of a jsp page after a particular time interval

Question

I have used setTimeout method to do this and passed a variable which contains time but my settimeout method takes only the initialized value of that variable and not the value that is fetched from database.

Here is my code:

  <html>  
        <head>  
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">  
            <title>Givetest</title>  

             <script type = "text/javascript">  
             function submitForm() {  
                 document.forms[0].submit();  
             }  
             </script>  

             <script language="JavaScript" src="http://scripts.hashemian.com/js/countdown.js"></script>  
        </head>  
        <%  
            String ts=request.getParameter("testname");  
            session.setAttribute("tname", ts);  
            Connection con=null;  
            Statement s1=null;  
            Statement s=null;  
            ResultSet r1=null;  
            ResultSet r=null;  
            int t=120000;  
            String time=null;  
            try  
            {  
                Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");  
                con=DriverManager.getConnection("jdbc:odbc:online_testing");  
                s=con.createStatement();   
                s1=con.createStatement();          
                r=s.executeQuery("select * from "+ts+"");     
                r1=s1.executeQuery("select duration from tests where testname="+ts+"");    
                if(r1.next())  
                {  
                    time=r1.getString("duration");  
                    t=Integer.parseInt(time)*60000;  
logger.info(time);           
                } 
else {
   logger.info("No row found in db for test " + ts);
          System.out.println("No row found in db for test " + ts);
           out.println("<br>!! <b>No row found in db </b>for test " + ts + "<br><br><br>");         
}      
      r1.close();  
      }  
            catch(Exception e1)  
            {  
                response.setContentType("text/html");  
                out.println(e1.toString());  
            }  
        %>  
        <body onload="setTimeout('submitForm()',<%=t%>)">      

        <div class="header"></div>  
            <div class="view" style="color: #050505">  
                <form action="Givetest" method="post">   
                    <h1 align="center" style="color: #050505"><%=ts%></h1>  

                    <%  
                        int i=1;  
                        while(r.next()){  
                        String a = r.getString("question");  
                        String b = r.getString("option1");  
                        String c = r.getString("option2");  
                        String d = r.getString("option3");                                              
                        String e = r.getString("option4");                                                              
                    %>  
                    Question <%=i%>:- <label> <%=a%></label><br>  
                    <input type="radio" name="r<%=i%>" value="<%=b%>" checked><label><%=b%></label><br>  
                    <input type="radio" name="r<%=i%>" value="<%=c%>"><label><%=c%></label><br>  
                    <input type="radio" name="r<%=i%>" value="<%=d%>"><label><%=d%></label><br>  
                    <input type="radio" name="r<%=i%>" value="<%=e%>"><label><%=e%></label><br>  
    <br>  
                    <input type="hidden" name="h" value="<%=ts%>">  

                    <%  
                        i++;  
                        }  
                        r.close();  
                        s.close();  
                        con.close();  
                    %>  
                    <input type="submit" class="button">  
                </form>  
                </div>  
            <div class="copyright" align="center"> © SAUMYARAJ ZALA</div>  
        </body>  
    </html>

Answer 1

 <body onload="setTimeout('submitForm()',<%=t%>)">  

You are giving the value only once. DO you mean it gets value

 int t=120000;

and not what is in data base? If so are you sure no error is being thrown?

By the way this is not the best way to write a web app - all in jsp - though it works, better is to make servlets and POJOs/ helper .java files for data base etc. Make sure your tomcat/ app server's temp folder are cleaned every time you restart - to make sure its taking latest jsp.

In jsp can have a text like 'Version 001' and increase that manually so your sure correct code version is running.

---

Use loggers or system.out.println if you do not have logger

    r1=s1.executeQuery("select duration from tests where testname="+ts+"");    
       //if should be enough as you will only have 0 or 1 row per test? 
       if(r1.next())  
        {  
            time=r1.getString("duration");  
            t=Integer.parseInt(time)*60000;           
        }  else{
           logger.warn("No row found in db for test " + ts);
           //okay for debug
           out.println("<br>!! <b>No row found in db </b>for test " + ts + "<br><br><br>");  
        }
        r1.close();  
    }  
    catch(Exception e1)  
    {  
        response.setContentType("text/html");  
        out.println("<br><br> <b> ERROR</b>" + e1.toString());  
    }  

sql
testname="+ts+""

is very bad should use a prepared statement or you are asking for a SQL injection attack. look at owasp https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

Answer 2

The mistake is in the where clause which should be like:-

r1=s1.executeQuery("select duration from tests where testname="+ts+"");  

Moreover this code should be executed in servlets before it is passed to jsp