How to pass parameters in jsp page

Question

I am calling a servlet with params

window.location.href = "/csm/csminfo.jsp?CFG_ID="+cfgid+"&path="+path;

In the other csminfo on body load i am calling a function to retrieve these params

<body onload="getConfigDetails(<%= request.getParameter("CFG_ID") %>,<%= request.getParameter("path") %>)">

JS

function getConfigDetails(cfgid,path)
{
alert(cfgid+","+path);
}

But no alert gets popped up, what is the problem here?

I am using firefox, using error console i got this error enter image description here

@Pointy: Thanks, i was getting an error, though could not get it so i posted it in my question.. may be some escaping is needed — AabinGunz
– AabinGunz, Commented Jun 6, 2011 at 15:45

Pointy · Accepted Answer · 2011-06-06 15:14:12Z

You didn't quote the strings properly:

 <body onload="getConfigDetails('<%= request.getParameter("CFG_ID") %>','<%= request.getParameter("path") %>')">

Some other issues:

When building the URL on the original page, you should make sure the parameter values are properly encoded by using the JavaScript built-in "encodeURIComponent()" function.
JSP scriptlets are an old, ugly way of doing things, and really have no place in new code. You should look for resources to learn about JSTL:
```
<body onload="getConfigDetails('${param.CFG_ID}','${param.path}')">
```
Whether you use JSTL or scriptlets, values you pull from the HTTP parameters and inject into your page source should be run through an HTML escape mechanism. In JSTL, that'd look like this:
```
<body onload="getConfigDetails('${fn:escapeXml(param.CFG_ID)}','${fn:escapeXml(param.path)}')">
```

1 Answer 1