my servlet accepting the empty input fields through html form-CodePudding

i'm taking input values through html form and using the servlet to inserting them into the database , but when i don't put any field in the html form it is also accepting the that input . Although i've put the restrictions in my html code for the input fields . When i tried to renter the empty fields , its shows the below error

ERROR

Duplicate entry '' for key 'users.PRIMARY it means its accepting the user name as a empty string .

here it is my html form

<form action="userreg" method="post">
                    Username : <input type="text" name="username" pattern=".{3,}" title ="must contains more then 3 letters"><br/><br/>
                    Password : <input type="password" name="password" placeholder="password must be 8 char long one upper, lower case letter must" pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{8,}" title="Must have 8 chars one lowercase , uppercase"><br/><br/>
                    FirstName: <input type="text" pattern=".{3,}" title="this field cant be empty" name="firstname"><br/><br/>
                    Last Name: <input type="text" pattern=".{3,}" title="this field cant be empty" name="lastname"><br/><br/>
                    Address : <input type="text"  pattern=".{3,}" name="address"><br/><br/>
                    Phone No : <input type="text" pattern=".{3,}" name="phone"><br/><br/>
                    Email Id : <input type="text" pattern="[a-z0-9._% -] @[a-z0-9.-] \.[a-z]{2,}$" name="mailid" placeholder="[email protected]" title="please enter valid mail"><br/><br/>
                    <input type="submit" value=" I AGREE FOR ALL TERMS & CONDITIONS ! REGISTER ME ">
                </form>

here is my userRegistration servlet class

try {
            Connection con = DBConnection.getCon();
            PreparedStatement ps = con
                    .prepareStatement("insert into "   IUserContants.TABLE_USERS   "  values(?,?,?,?,?,?,?,?)");
            ps.setString(1, uName);
            ps.setString(2, pWord);
            ps.setString(3, fName);
            ps.setString(4, lName);
            ps.setString(5, addr);
            ps.setString(6, phNo);
            ps.setString(7, mailId);
            ps.setInt(8, 2);
            int k = ps.executeUpdate();         
            if (k==1) {
                RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
                rd.include(req, res);
                pw.println("<h3 class='tab'>User Registered Successfully</h3>");
            } else {
                    
                RequestDispatcher rd = req.getRequestDispatcher("Sample.html");
                pw.println("<h3 class='tab'>Registration failed !, please enter valid details</h3>");
                rd.include(req, res);               
                pw.println("Sorry for interruption! Register again");
            }
        } catch (Exception e) {
            e.printStackTrace();
        }

CodePudding user response：

That is the expected behavior. You may use HTML input elements attributes like „required“ and some frontend libraries to assist/enforce the presence of values, but in the end all validation needs to be done in the backend.

Because aside using the browser‘s form submit function, one can still send a malicious HTTP request using cURL or SoapUI, bypassing all frontend validations.