This week's book giveaway is in the OO, Patterns, UML and Refactoring forum. We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line! See this thread for details.
Did you look at the HTML sent to the page? You will see that the string is there as expected.
The & character is an introducer for HTML entities and as such is being interpreted by the browser. And since you aren't giving it a legal entity, it's barfing on it.
The best solution is to be sure that any strings on your JSP are HTML-escaped. The easiest way to do this is to use the JSTL <cut> tag to emit the strings; it will automatically escape the characters as necessary.
To do it by hand (not recommended), you would replace the & character with its escaped equivalent & [ April 26, 2005: Message edited by: Bear Bibeault ]
thanks Bear. But, I don't have JSTL installed on this machine and the string with "&" later on is used in SQL query, so I am not sure if 'Black & White' will be ok in the query. Is there a solution to that?
But what about SQL query? If I escape '&', once in the query string, I need to bring it back to its normal representation. And what do I do if I don't have JSTL? Parse it manually? But Bear said it's not a good idea.
So you want to tell me that JSTL will let's say "encode' incoming string and when I need to use it in my SQL query it will "decode" back to "normal state"? And no I am doing SQL in JSP. I have a bean that I send my SQLs to and it returns a Collection.
URLDecoder will not help HTML-escape the string -- it will URL-endcode the string which is a different animal.
when I need to use it in my SQL query it will "decode" back to "normal state"?
No, the original string is untouched. Let's say for example you have the string in a scoped variable named myString in request scope. To showe it on the page, you'd write:
which will properly encode it for output. The original string in the scoped variable remains the same. You can use it for whatever you wish elsewhere on the page. [ April 26, 2005: Message edited by: Bear Bibeault ]
I believe the problem (at least the intial one) that he's having is that he's trying to send an unencoded string as a query string parameter.
He may also run into trouble trying to display the value. [ April 26, 2005: Message edited by: Ben Souther ]
Joined: Jan 24, 2001
Thanks for the link
[Edited] I tried the link but it is not converting &