How does <input type="hidden" name.../> work with JSP Servlets

Question

I'm studying JSP and Servlets by reading a book and following some online tutorials. I'm totally new with web programming using JSP and Servlets.

I came across an example which I am trying to understand.

index.html

<form action="emailList" method="post">

    <input type="hidden" name="action" value="add" />

    <label>Email: </label>
    <input type="email" name="email" required /> <br />
    <label>First Name:</label>
    <input type="text" name="firstName" required /> <br/>
    <label>Last Name:</label>
    <input type="text" name="lastName" required /> <br />

    <label>&nbsp;</label>
    <input type="submit" value="Join Now" id="submit" />

</form>

EmailServlet.java

public class EmailListServlet extends HttpServlet{

    @Override
    protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        String url = "/index.html";

        //get the current action
        String action = req.getParameter("action");

        if(action == null){
            action = "join"; //default action
        }

        //perform action and set URL to appropriate page
        if(action.equals("join")){
            url = "/index.html"; //the join page
        }
        else if(action.equals("add")){
            //get parameters from the request
            String firstName = req.getParameter("firstName");
            String lastName = req.getParameter("lastName");
            String email = req.getParameter("email");

            //store data in User object and save User object in database
            User user = new User(firstName, lastName, email);
            UserDB.insert(user);

            //set User object in request object and set URL
            req.setAttribute("user", user);
            url = "/thanks.jsp"; //the thanks page
        }

        //forward request and response objects to specified url
        getServletContext().getRequestDispatcher(url).forward(req, resp);
    }

The thing I don't understand is the IF-ELSE part.

I read somewhere that the main purpose of using hidden <input> is to determine the state of a form. The way I understand it is that of, a way to check if form fields (or parameters) are null or not.

If that's the case, then what is the purpose of the value="add" attribute?

Because on else if(action.equals("add")) , add was used.

What could the req.getParameter() return ?

//get the current action
    String action = req.getParameter("action");

I'm asking because in the past I did some CRUD project on PHP where it used the ff to check if form has no null parameters.

if(isset($_POST['btnSave'])){

}

<form method ="POST" action="index.php">
        <label>First Name<input type="text" name="firstname" required></label>
        <br /><br />
        <label>Last  Name<input type="text" name="lastname" required></label>
        <br /><br />
        <input type = "submit" name="btnSave" value="Save" />
        <input type = "submit" name="btnSearch" value="Search" />
    </form>

Instead, in the last form example it used the btnSave (form button) instead of a hidden input.

I just don't see the point of using a value="add" and what req.getParameter("action") could return. Because it was used on the IF-ELSE

I'd appreciate any explanation.

Thank you.

Answer 1

Covering your questions in reverse order:

What could the req.getParameter() return ?

It could return anything. The <form> you posted will generate a request to the server that looks like this:

POST /emailList HTTP/1.1
Host: example.com
Cache-Control: no-cache

action=add&email=MyEmail&firstName=MyFirstName&lastName=MyLastName&submit=Join Now

Now, consider the case where someone submits the following request instead:

POST /emailList HTTP/1.1
Host: example.com
Cache-Control: no-cache

action=edit&id=1&email=NewEmail&firstName=TypoFreeName&lastName=TypoFreeLastName&submit=Update Details

Since you don't have an "edit" case in your servlet, but you do have that if check, your servlet will just redirect to /index.html instead of changing a user's details or inserting a new user.

A logical next step for code like this would be to add new sections to your servlet:

if(action.equals("join")){
    url = "/index.html"; //the join page
}
else if (action.equals("delete") {
    //Call UserDB.delete()
}
else if (action.equals("edit") {
    //Call UserDB.update()
}
else if(action.equals("add")){
    ...
}

what is the purpose of the value="add" attribute?

It's partly to control the flow of your servlet and partly to act as an error prevention measure; if the request includes action=add, you proceed with the assumption that you'll have the other form elements (better practice would be to check to make sure that firstName, lastName, and email are set in the request before calling UserDB).

Answer 2

The code is frankly a bit odd. It appears to be designed to handle the case where a different form (without an action field) is POSTed to the servlet, and to handle it by presenting the index.html page. Perhaps there's another form somewhere else in the chapter that does that?

If the form in the question is posted to the server, the servlet will receive an action parameter. (Well, unless JavaScript code actively removes the input from the form first.) So getParameter("action") will not return null. It might (if JavaScript code changed the input's value) get a different string, even a "" string, but not null.

It's probably worth noting that it doesn't handle the possibility that a different form with an action=add field is posted to the server, and happily uses the other parameters without checking them server-side, which is poor practice. Validation must be done server-side.