?
Solved

URL encoded.

Posted on 2003-02-18
21
Medium Priority
?
586 Views
Last Modified: 2012-06-21
Hi,
I read from the book saying that we can encoded the URL link by applying this...

<form action="abc.jsp" method="post" ENCTYPE="application/x-www-form-urlencoded" >


But I tried but the URL stll can see from the browser.

So, wondering how this ENCTYPE will work??
0
Comment
Question by:wjh7554
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 5
  • +1
21 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 7978790
the URL doesn't get url encoded the form data does.

to see the form data URL encoded try this:

<form action="abc.jsp" method="get" ENCTYPE="application/x-www-form-urlencoded">


to manually url encode or decode something use:
java.net.URLEncode.encode("string to encode")
or
java.net.URLDecode.decode("string to decode")

if you want to hide the URL that the page is on.. use either frames or use a dummy JSP that will include/call or make an http connection to the real JSP.

CJ
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7978791
You can still see the url in the browser, however, it
encodes ,if you have special characters like " "(blank), & etc. field you are passing in the URL.
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7978808
Mr CJ, looks like it is typo from you, class name is java.net.URLEncoder,java.net.URLDecoder.
 
java.net.URLEncoder.encode("string to encode");
java.net.URLDecoder.decode("string to decode")

0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 19

Expert Comment

by:cheekycj
ID: 7978817
oops you are correct.

Sorry about that.

CJ
0
 

Author Comment

by:wjh7554
ID: 7979285
CJ, how to implement that encode and decode?

Please explain in details...

let say this is my JSP pages.

<%@ import java.net.*; %>
..
..
.
...
<form action="ABC.jsp" method="POST" />

</form>

<input type="submit" name="submit" />
...
...
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7979476
wjh, url encode and decode is not meant to hide the url from user, it is used to let some special character pass throw the url.

so I hope other experts agree on this and we didn't mislead you.

the fact you cann hide a link from user, use form post always hide the data send to server, but not the link itself.

HTH
0
 

Author Comment

by:wjh7554
ID: 7979547
kennthuxy, what happend if my URL contain varible that I need to pass from one form to another, what can encode this case?

<form action="ABC.jsp?Custid=<jsp:getProperty name"bean" property="test" />">

Can I hide the custid from the user?

0
 
LVL 3

Expert Comment

by:allahabad
ID: 7979777
Take a case : suppose that you have a field to input first name on the form.
As First Name :___________.

And, you allow user to put blank space in the first name say "xxx  xxxxx". When you pass this value to forwarding jsp in the url '/test.jsp?fname='+fName', you will get the error message like 'server encountered error etc.".(not exactly remember)

To solve this problem you will have to encode it before sending and decode it on the retreiving page(jsp).

How will you encode:
1. import java.net.URLEncoder class
<%@ page import="java.net.URLEncoder" %>
 Before calling the forwarding jsp page ,encode the fname  since you know blank space may be there.  
 
   String encodeFname = URLEncoder.encode(fname);
   -- here fname is java variable assigned to input
 -- <input type=text name="fName"  value = "<%=fName%>" >
-- pass    encodeFname (encoded value of fName) in URL
   response.sendRedirect("/test.jsp?fname="+encodeFname);

2. On retreiving jsp (in this case test.jsp)
   decode this encodeFname to get the fName.
-- import URLDecoder    
<%@ page import="java.net.URLDecoder" %>
-- get the actual value passed by user as first name  
String fnamePassed = URLDecoder.decode(request.getParameter("fname"));

This encoding and decoding would help you , when you are passing the value in url that has special characters.
Not really(unnecessary call), when you doing form POST with action to some jsp. or when forwarding to some jsp with out any parameter passing in URL.
0
 

Author Comment

by:wjh7554
ID: 7979856
ha..... ooooooooohhhhhh

that's what encoded for.. I used that b4... so sorry about that.  Now I remember back...

Actually what I hope to ask here is how to "encrypt" not encode loh...

but what does this statement, the ENCTYPE for???

form action="abc.jsp" method="post" ENCTYPE="application/x-www-form-urlencoded" >
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7979876
but what does this statement, the ENCTYPE for???
Encoded type
0
 

Author Comment

by:wjh7554
ID: 7980149
what does that for...
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7981663
first, there is NO need to URLEncode a form field, b/c when the User submits the form, all fields are URL encoded.

according to the HTML spec
ENCTYPE - This attribute specifies the content type used to submit the form to the server (when the value of METHOD is "POST"). The default value for this attribute is "application/x-www-form-urlencoded". You can also have a value of "multipart/form-data" for forms that will take file type inputs.

When you use a GET METHOD type, I don't believe ENCTYPE matters.

I hope that explains a bit to u.

as far as your question about CustID,

Yes you can hide it from being shown in the URL if you use  a POST method and make custID a hidden field.

like so:
<form action="ABC.jsp" method="POST" enctype=""application/x-www-form-urlencoded">

<input type="hidden" name="Custid" value="<jsp:getProperty name"bean" property="test" />">

</form>

CJ

0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7981993
I mostly agree with CJ, exception that if you use "multipart/form-data", you won't be able to use request.getParameter to get data, you'll have to parse it yourself or use some 3rd party tools, like struts or jsp smartupload. this encoding is mainly for upload files.

>> <form action="ABC.jsp?Custid=<jsp:getProperty name"bean" property="test" />">

CJ's code is fine except some server might complaint about the quote mark usage, so try this:

<form action="ABC.jsp" method="POST" >
<input type="hidden" name="Custid" value='<jsp:getProperty name"bean" property="test" />'>
</form>

and in ABC.jsp, you use request.getParameter( "Custid" ) to retrieve it back. this will always work regardless whether the content of custid containts special char or not.

0
 

Author Comment

by:wjh7554
ID: 7984610
So, is that true that I can conclude in order for me to

1. Hide my variable, I have to pass it through HTML as a hidden field.

2. Hide my URL, meaning that can not be done unless you are method="POST".  Then if I use POST, I can't use request.getParameter("XXX");


Am I right?
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7985409
1. correct
2.
>> Hide my URL, meaning that can not be done unless you are method="POST".
NO, you can never hide url. (strictly, you can encode and decode it using you own codec, because url is always encoded and can be easily decoded by everybody)

>> Then if I use POST, I can't use request.getParameter("XXX");
NO, you can use post AND request.getParameter as long as you do NOT use enctype. (enctype=""application/x-www-form-urlencoded" is fine because it equals to not used)
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7985417
1. <INPUT TYPE='hidden'....> is used for not displaying item on the page. If you have any field of "hidden" type in the <form>..</form>, that field will not be displayed on the page. This "hidden" is not related to URL .

2. Using Method "POST"  in form, does not show field values of the form in the URL (Method GET does) when form is submitted.
You can use request.getParametr("XXX") , irrespective of 'POST" or 'GET'. Request object is JSP implicit object,
it will be avaiabale to get any parameter that is passed to this jsp.

0
 

Author Comment

by:wjh7554
ID: 7985488

Meaning there is no way for me to encrypt my URL when I want to pass among tha page right??

But what happend when I browse some of the page, for examole Microsfot Hotmail, the URL that shown on the Address bar got lot of funny funny character like thjis

%%%%%$$$##

Is that what they are doing to encrypt it or something like atht??
 
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 200 total points
ID: 7989444
you can URL encode parameters (using get) and hide data using hidden form fields and post but you can't hide your URL.

if you want to trick the user from not seeing the URL you can use framesets.

as far as hotmail, etc go.. u still see the URL.  they use unique id's or sequences to identify session or stored data.  Nothing else.  They don't hide the URL.  they are hiding the data.

to hide data from the user you can do 1 of 3 things:
URL encode all parameters passed in the url (but that is not really hiding)
use hidden form fields with POST method (but again that is not really hiding)
use session for all your data.  (this will truly hide data unless you display it)

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7989452
oh and 1 more:
cookies (but most users can view cookies using a simple utility or if they have mozilla or netscape in the browser itself)

CJ
0
 

Author Comment

by:wjh7554
ID: 7990389
TQ for your details explanation...
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7996569
Glad I could help and Thanx for the "A"

CJ
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New style of hardware planning for Microsoft Exchange server.
Introducing Priority Question, our latest feature.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question