The error is in these lines:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=<%= movil%>>
If your variable movil
contains abc def
, say, then the HTML generated will be this:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value=abc def>
This then sets the value of the input to abc
and creates another attribute def
, which isn't recognised and will be ignored. In fact, the Markdown syntax highlighting on Stack Overflow points this out: abc
is blue, for a value, and def
is red, for an attribute name.
At the very least, you need to put quotes around the <%= movil %>
:
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="<%= movil%>">
If movil
contains abc def
, this time, the output will be
<input pattern="[0-9]{9}" type="text" name="movil" id="movil" required value="abc def">
Now you can see that the value has been written correctly.
Aside from this, there are a further couple of comments I'd like to make:
Firstly, your code is vulnerable to SQL injection. If your
username
session variable ends up as something liketest' OR 1=1 --
, all results from the database will be returned. Worse still, if it is something liketest'; DROP TABLE Usuario;--
, you could lose data. Use PreparedStatements instead.Secondly, as pointed out by Aniket in a comment, you really shouldn't be using scriptlets
<% ... %>
in JSPs any more. Instead, you should be using JSTL tags and EL expressions. The question linked to by Aniket is a good place to start.
I appreciate this may be your first JSP application. Once you've got it working, however, I'd recommend that you consider making these changes.