aspose file tools*
The moose likes Struts and the fly likes Edit HTTP response Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Edit HTTP response" Watch "Edit HTTP response" New topic
Author

Edit HTTP response

Julius Kabugu
Greenhorn

Joined: Nov 02, 2010
Posts: 3
My Struts business layer sends HTTP responses to javascript and actionscript client; When I receive requests from these applications I convert the single quote and other special chars to html codes, e.g. & # 146 ; , mainly to prevent sql injection.
Now when returning the response to the client, I want to scan the xml content of the response after struts forms it and unescape the html (some sort of interceptor that edits the content of the response). Is this possible without throwing the IllegalStateException? How can I achieve it?
Joe Ess
Bartender

Joined: Oct 29, 2001
Posts: 8705
    
    6

One should never construct SQL queries out of user input. Use prepared statements and bound variables, as PreparedStatement correctly escapes any special characters.
Preventing_SQL_Injection_in_Java


"blabbing like a narcissistic fool with a superiority complex" ~ N.A.
[How To Ask Questions On JavaRanch]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Edit HTTP response
 
Similar Threads
how to return http response without creating html output
monitoring soap
HF book pg133 ~ setHeader("content-type")
Java/Http Question
before committing the response