Say for instance you want to filter for all the ' " \ characters in request parameters either removing them, or escaping them.
Either way if you do it before the action form gets them, then on prepopulation of form fields the user will see these alterations (not desirable). If you do it after you decide the form won't be returned then: a) It becomes difficult because you have just form bean method calls to get the parameters something like filter(getMyString()) becomes a pain and open to missing out the filtering with potentially disastorous consequences! b) If you decided to somehow globally alter a session scoped form then again you have prepopulation alterations. I have seen that RequestProcessor may offer hope, I'd like to know the order that these RP methods are called. I realise that I could use BeanUtils and make a DynaBean copy of a form bean, filtering the parameters during the copy. Just seems overkill, and yet another object in the request. Any pointers? How do you filter your sql sensitive characters? -- Mike W --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]