File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes getting value from request object Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "getting value from request object" Watch "getting value from request object" New topic
Author

getting value from request object

Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
I send a string to my JSP page that looks like this: 'Black & White'. The page is called from another page thru JavaScript function:


In my JSP page I get the parameter item, but when I print it out I see it as just word black: "Black "

What should I do to get the whole string "Black & White" ?

thanks,
Alex


All right brain, you don't like me and I don't like you, but let's just do this one thing so I can get back to killing you with beer.<br /> <br />- Homer Simpson
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

Did you look at the HTML sent to the page? You will see that the string is there as expected.

The & character is an introducer for HTML entities and as such is being interpreted by the browser. And since you aren't giving it a legal entity, it's barfing on it.

The best solution is to be sure that any strings on your JSP are HTML-escaped. The easiest way to do this is to use the JSTL <cut> tag to emit the strings; it will automatically escape the characters as necessary.

To do it by hand (not recommended), you would replace the & character with its escaped equivalent &amp;
[ April 26, 2005: Message edited by: Bear Bibeault ]

[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
thanks Bear.
But, I don't have JSTL installed on this machine and the string with "&" later on is used in SQL query, so I am not sure if 'Black & White' will be ok in the query. Is there a solution to that?
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

'&' is a control character in a querystring.
Also, empty spaces are not allowed.

However you do it (JSTL's cut or c:url are two good ways) you will need to escape those characters if you want to use them in a URL Query String.



[obnoxious smilies]
[ April 26, 2005: Message edited by: Ben Souther ]

Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
But what about SQL query? If I escape '&', once in the query string, I need to bring it back to its normal representation. And what do I do if I don't have JSTL? Parse it manually? But Bear said it's not a good idea.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

You're not passing a full SQL statement in a querystring parameter, I hope.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

don't have JSTL installed on this machine


No time like the present! You're either going to have to do that or come up with your own solution such as your own custom tag or bean. Or do something crufty like hard-code it.

Why not take the standardized road?

string with "&" later on is used in SQL query


You're not really doing SQL queries directly on the JSP, are you?

Even if so, that's why performing the transform upon display (rather than hard-coding it) is the proper thing to do -- the original string remains unchanged.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Alternately, look at this:
http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLEncoder.html
and it's sister:
http://java.sun.com/j2se/1.4.2/docs/api/java/net/URLDecoder.html
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
So you want to tell me that JSTL will let's say "encode' incoming string and when I need to use it in my SQL query it will "decode" back to "normal state"?
And no I am doing SQL in JSP. I have a bean that I send my SQLs to and it returns a Collection.
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476


Yes, thanks Ben I looked at URLEncoder, but not sure how I would use it if I prepare and send my URL string thru JavaScript.
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Here.
Put this hideous JSP on your machine and run it.
It should be enough to get you going.

You don't need to unescape the querystring.
getParameter does that for you.



For the record, I agree with Bear, if you're going to do scripting in a JSP, take the time to install JSTL. This will, at least, standardize it.

Also, are you passing SQL Statements via query string parameters?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

URLDecoder will not help HTML-escape the string -- it will URL-endcode the string which is a different animal.

when I need to use it in my SQL query it will "decode" back to "normal state"?


No, the original string is untouched. Let's say for example you have the string in a scoped variable named myString in request scope. To showe it on the page, you'd write:



which will properly encode it for output. The original string in the scoped variable remains the same. You can use it for whatever you wish elsewhere on the page.
[ April 26, 2005: Message edited by: Bear Bibeault ]
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I believe the problem (at least the intial one) that he's having is that he's trying to send an unencoded string as a query string parameter.


He may also run into trouble trying to display the value.
[ April 26, 2005: Message edited by: Ben Souther ]
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
Exectly
I don't use a JSP to prepare link for page execution, I do it in JavaScript and thus cannot use URLEncoder. And using <c ut> I don't think will help since I have to not only display it but use it as a parameter for my DB select function.
[ April 26, 2005: Message edited by: Alex Kravets ]
Shailesh Chandra
Ranch Hand

Joined: Aug 13, 2004
Posts: 1081



Since it is javascript function I am wondering if javascript's escape method could be used to escape & , here is the url for the details of escape/unescape ,but URL works on IE only
http://www.yuki-onna.co.uk/html/encode.html it doesn't work on my firefox

Shailesh
[ April 26, 2005: Message edited by: Shailesh Chandra ]

Gravitation cannot be held responsible for people falling in love ~ Albert Einstein
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

I'm sure plenty of people have published Javascript encode/unencode functions.
Try a Google search to see if you can find a good one.
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 61103
    
  66

using <cut> I don't think will help since I have to not only display it but use it as a parameter for my DB select function.


One more time: use of <cut> will affect only the display of the string and will not change the original string so that it can be used for any other purpose elsewhere on the page.

Perhaps it's time to show us how you are using the string on the page so we can figure out where the disconnect is.
[ April 26, 2005: Message edited by: Bear Bibeault ]
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
I will, thanks a lot for your help guys!
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476

One more time: use of <c ut> will affect only the display of the string and will not change the original string so that it can be used for any other purpose elsewhere on the page.

Yes I got it Bear. Typed witout thinking first.
All I need to do now is encode my string in JavaScript before sending and I should be fine.
[ April 26, 2005: Message edited by: Alex Kravets ]
Alex Kravets
Ranch Hand

Joined: Jan 24, 2001
Posts: 476
OK got it.
Found a nice example of url encoding via javascript at http://www.blooberry.com/indexdot/html/topics/urlencoding.htm
I encode url on javascript side before sending and use URLDecoder to decode the string when time to send it to DB object.

Thanks again everybody!
Shailesh Chandra
Ranch Hand

Joined: Aug 13, 2004
Posts: 1081

nice to know that it is working, but still I am wondering if you tried with javascript's inbuilt function of esacepe and if you escape a URL before sending you need not to unescape it on next page
document.getElementById('favList').src=escape("favorites/addToFavorites.jsp?item=" + item);

Thanks for the link

[Edited]
I tried the link but it is not converting &

Shailesh
[ April 26, 2005: Message edited by: Shailesh Chandra ]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: getting value from request object