aspose file tools*
The moose likes Struts and the fly likes Edit HTTP response Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Edit HTTP response" Watch "Edit HTTP response" New topic
Author

Edit HTTP response

Julius Kabugu
Greenhorn

Joined: Nov 02, 2010
Posts: 3
My Struts business layer sends HTTP responses to javascript and actionscript client; When I receive requests from these applications I convert the single quote and other special chars to html codes, e.g. & # 146 ; , mainly to prevent sql injection.
Now when returning the response to the client, I want to scan the xml content of the response after struts forms it and unescape the html (some sort of interceptor that edits the content of the response). Is this possible without throwing the IllegalStateException? How can I achieve it?
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8971
    
    9

One should never construct SQL queries out of user input. Use prepared statements and bound variables, as PreparedStatement correctly escapes any special characters.
Preventing_SQL_Injection_in_Java


[How To Ask Questions On JavaRanch]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Edit HTTP response