Why JDBC + JSP = Bad

Over years of moderating at The JavaRanch, I’ve seen one type of question spring up on a weekly basis: that asked by people who need help with JDBC code inside of Java Server Pages (JSPs). As much as we may want to help this individual fix their particular problem, the overriding thought of “STOP WHAT YOU’RE DOING” often prevents us from doing so. The purpose of this post is to explain why putting JDBC code inside a JSP file is akin to shooting yourself in the foot. With a shotgun. While not wearing shoes.

Don't use JDBC inside of JSP pages

1. You cannot reuse the code
First and foremost is the issue of code reusability. While importing java classes is quite common, importing code from a JSP is not. While you can write JSP functions, although I never recommend doing so for reasons I won’t get into now, you’re basically writing code that you cannot be used anywhere else, particularly in non-JSP java classes. The most common counter response to this is “Well, I don’t need to use it anywhere else”. Yes, you do. Whether its just reusing code for making the connection to database or the code for performing a query and reading the results, it will be used again at some point in the future in a way you have not thought of yet. Unless you are being paid by the line and prefer this sort of thing, it’s a bad move, and I guarantee your code base will be much larger than someone who put all their JDBC code into normal Java classes. Larger code base means more difficulty to maintain and more headaches for you down the road.

2. You are mixing business logic with the presentation layer
Probably the most overlooked issue for inexperienced developers is the fact that you’re mixing the business/data layers with the presentation layer. I’ll put it another way, if your boss comes in one morning and says we’re throwing out the JSP front end and replacing it with a web service, Java Swing, Flash, or some other interface, there is virtually no way for you to reuse the database code without going through every line of every JSP file by hand. If the database code had been placed in plain java files, then you would have a path for packaging the JDBC code into a single JAR and making it available as a service to a different front-end client such as a web service, Flash, etc.

In enterprise development, the presentation JSP layer and the database are often separated by multiple layers of indirection such as described by the commonly used three-tier architecture pattern. Those who are just starting out programming often do not know why mixing these layers is bad, but I promise you if you stay with software development you’ll understand one day.

3. But it’s just this once!
Often times, JDBC code enters JSPs by developer lying to themselves saying “Well, it’s just this once” or “I just need to test something”. Instead of being removed when the developer is done ‘testing’, the code often persists for a long time afterward. Furthermore, putting your JDBC code inside of reusable Java classes makes testing go faster! Spending 10 minutes setting up a single reusable Java JDBC class will save you hours down the road. Then, if you want to test more than one JSP page with JDBC logic, you already have your Java class file to start with. Proponents of test-driven development tend to understand this better than anyone.

4. It’s really hard to maintain
Code maintenance is another topic that new developers do not fully appreciate since they have not spent years maintaining the same code base. Unless you write the most beautiful JDBC code imaginable, its very difficult to read through huge JSP files looking for bugs and/or making enhancements. It’s a lot easier if all the JDBC access is restricted to a set of files much smaller in size than the JSP code base.

5. It’s a really bad practice
If after reading this article you still do not fully understand why you should not put JDBC code inside of JSPs, let me simplify the issue by saying “Just Don’t Do It”. Whether or not developers understand the reasons against doing so is not as important as stopping them from doing so in the first place. In short, you create code someone else (possibly yourself) will have the misfortune of maintaining down the road.

how to view source code generated by dojo

Dojo abstracts alot from you when creating widgets.  So how do you see the real source?  The source is important when testing certain types of requirements.  Accessibility is one of those requirements.

Normal code

As an example, I wrote a simple line of code to display a Dojo widget for currency.

<input type="text" id="amount" name="amt" dojoType="dijit.form.CurrencyTextBox" constraints="{fractional:true}" currency="USD" invalidMessage="Invalid amount format." />

When I do a simple “view source”, I see exactly what I have here.  However, I’m interested in the source code the browser is rendering.  I installed the Firefox Web Developer extension to find out.  It was a simple as going to my web page and clicking view source –> view generated source.  The result is at the bottom of this post as it’s a bit long.  [I’m curious what other/better ways there are of seeing the source.  Feel free to add a comment if you have one.]

This is really interesting.  A few things jump out at me:

  1. Dojo takes care of quite a bit a code for us!
  2. Dojo creates a Dojo input element that does all the work and wraps a hidden input element representing what I actually wrote.  This lets me use the name I specified in my own code while letting Dojo add everything it needs.
  3. IBM did a good job adding accessibility support to Dojo.

Error messages

I was also interested in what was generated when validation pops up that you did something wrong.  I was able to use the same steps – enter an invalid amount, tab out and then view source –> view generated source.  Dojo generated a single exra div for that.  It also generated the ARIA/WAI alert roles so a screenreader knows the validation has popped up.

<div role="alert" class="dijitTooltipContainer dijitTooltipContents"
dojoattachpoint="containerNode" wairole="alert">Invalid amount format.</div>

The following is what gets generated for the one line input tag:

<div widgetid="amount" value="NaN" role="presentation" class="dijit dijitReset dijitInlineTable dijitLeft dijitTextBox" id="widget_amount" dojoattachevent="onmouseenter:_onMouse,onmouseleave:_onMouse,onmousedown:_onMouse" wairole="presentation">
<div style="overflow: hidden;">
<div class="dijitReset dijitValidationIcon"><br></div>
<div class="dijitReset dijitValidationIconText">?</div>
<div class="dijitReset dijitInputField">
<input aria-invalid="false" aria-valuenow="NaN" value="" tabindex="0" id="amount" class="dijitReset"       dojoattachpoint="textbox,focusNode"
dojoattachevent="onfocus:_update,onkeyup:_onkeyup,onblur:_onMouse,onkeypress:_onKeyPress"
autocomplete="off" type="text">
<input name="amt" style="display: none;" value="" type="text">
</div>
</div>
</div>
</div>