?
Solved

URL encoded.

Posted on 2003-02-18
21
Medium Priority
?
590 Views
Last Modified: 2012-06-21
Hi,
I read from the book saying that we can encoded the URL link by applying this...

<form action="abc.jsp" method="post" ENCTYPE="application/x-www-form-urlencoded" >


But I tried but the URL stll can see from the browser.

So, wondering how this ENCTYPE will work??
0
Comment
Question by:wjh7554
  • 7
  • 6
  • 5
  • +1
21 Comments
 
LVL 19

Expert Comment

by:cheekycj
ID: 7978790
the URL doesn't get url encoded the form data does.

to see the form data URL encoded try this:

<form action="abc.jsp" method="get" ENCTYPE="application/x-www-form-urlencoded">


to manually url encode or decode something use:
java.net.URLEncode.encode("string to encode")
or
java.net.URLDecode.decode("string to decode")

if you want to hide the URL that the page is on.. use either frames or use a dummy JSP that will include/call or make an http connection to the real JSP.

CJ
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7978791
You can still see the url in the browser, however, it
encodes ,if you have special characters like " "(blank), & etc. field you are passing in the URL.
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7978808
Mr CJ, looks like it is typo from you, class name is java.net.URLEncoder,java.net.URLDecoder.
 
java.net.URLEncoder.encode("string to encode");
java.net.URLDecoder.decode("string to decode")

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 19

Expert Comment

by:cheekycj
ID: 7978817
oops you are correct.

Sorry about that.

CJ
0
 

Author Comment

by:wjh7554
ID: 7979285
CJ, how to implement that encode and decode?

Please explain in details...

let say this is my JSP pages.

<%@ import java.net.*; %>
..
..
.
...
<form action="ABC.jsp" method="POST" />

</form>

<input type="submit" name="submit" />
...
...
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7979476
wjh, url encode and decode is not meant to hide the url from user, it is used to let some special character pass throw the url.

so I hope other experts agree on this and we didn't mislead you.

the fact you cann hide a link from user, use form post always hide the data send to server, but not the link itself.

HTH
0
 

Author Comment

by:wjh7554
ID: 7979547
kennthuxy, what happend if my URL contain varible that I need to pass from one form to another, what can encode this case?

<form action="ABC.jsp?Custid=<jsp:getProperty name"bean" property="test" />">

Can I hide the custid from the user?

0
 
LVL 3

Expert Comment

by:allahabad
ID: 7979777
Take a case : suppose that you have a field to input first name on the form.
As First Name :___________.

And, you allow user to put blank space in the first name say "xxx  xxxxx". When you pass this value to forwarding jsp in the url '/test.jsp?fname='+fName', you will get the error message like 'server encountered error etc.".(not exactly remember)

To solve this problem you will have to encode it before sending and decode it on the retreiving page(jsp).

How will you encode:
1. import java.net.URLEncoder class
<%@ page import="java.net.URLEncoder" %>
 Before calling the forwarding jsp page ,encode the fname  since you know blank space may be there.  
 
   String encodeFname = URLEncoder.encode(fname);
   -- here fname is java variable assigned to input
 -- <input type=text name="fName"  value = "<%=fName%>" >
-- pass    encodeFname (encoded value of fName) in URL
   response.sendRedirect("/test.jsp?fname="+encodeFname);

2. On retreiving jsp (in this case test.jsp)
   decode this encodeFname to get the fName.
-- import URLDecoder    
<%@ page import="java.net.URLDecoder" %>
-- get the actual value passed by user as first name  
String fnamePassed = URLDecoder.decode(request.getParameter("fname"));

This encoding and decoding would help you , when you are passing the value in url that has special characters.
Not really(unnecessary call), when you doing form POST with action to some jsp. or when forwarding to some jsp with out any parameter passing in URL.
0
 

Author Comment

by:wjh7554
ID: 7979856
ha..... ooooooooohhhhhh

that's what encoded for.. I used that b4... so sorry about that.  Now I remember back...

Actually what I hope to ask here is how to "encrypt" not encode loh...

but what does this statement, the ENCTYPE for???

form action="abc.jsp" method="post" ENCTYPE="application/x-www-form-urlencoded" >
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7979876
but what does this statement, the ENCTYPE for???
Encoded type
0
 

Author Comment

by:wjh7554
ID: 7980149
what does that for...
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7981663
first, there is NO need to URLEncode a form field, b/c when the User submits the form, all fields are URL encoded.

according to the HTML spec
ENCTYPE - This attribute specifies the content type used to submit the form to the server (when the value of METHOD is "POST"). The default value for this attribute is "application/x-www-form-urlencoded". You can also have a value of "multipart/form-data" for forms that will take file type inputs.

When you use a GET METHOD type, I don't believe ENCTYPE matters.

I hope that explains a bit to u.

as far as your question about CustID,

Yes you can hide it from being shown in the URL if you use  a POST method and make custID a hidden field.

like so:
<form action="ABC.jsp" method="POST" enctype=""application/x-www-form-urlencoded">

<input type="hidden" name="Custid" value="<jsp:getProperty name"bean" property="test" />">

</form>

CJ

0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7981993
I mostly agree with CJ, exception that if you use "multipart/form-data", you won't be able to use request.getParameter to get data, you'll have to parse it yourself or use some 3rd party tools, like struts or jsp smartupload. this encoding is mainly for upload files.

>> <form action="ABC.jsp?Custid=<jsp:getProperty name"bean" property="test" />">

CJ's code is fine except some server might complaint about the quote mark usage, so try this:

<form action="ABC.jsp" method="POST" >
<input type="hidden" name="Custid" value='<jsp:getProperty name"bean" property="test" />'>
</form>

and in ABC.jsp, you use request.getParameter( "Custid" ) to retrieve it back. this will always work regardless whether the content of custid containts special char or not.

0
 

Author Comment

by:wjh7554
ID: 7984610
So, is that true that I can conclude in order for me to

1. Hide my variable, I have to pass it through HTML as a hidden field.

2. Hide my URL, meaning that can not be done unless you are method="POST".  Then if I use POST, I can't use request.getParameter("XXX");


Am I right?
0
 
LVL 14

Expert Comment

by:kennethxu
ID: 7985409
1. correct
2.
>> Hide my URL, meaning that can not be done unless you are method="POST".
NO, you can never hide url. (strictly, you can encode and decode it using you own codec, because url is always encoded and can be easily decoded by everybody)

>> Then if I use POST, I can't use request.getParameter("XXX");
NO, you can use post AND request.getParameter as long as you do NOT use enctype. (enctype=""application/x-www-form-urlencoded" is fine because it equals to not used)
0
 
LVL 3

Expert Comment

by:allahabad
ID: 7985417
1. <INPUT TYPE='hidden'....> is used for not displaying item on the page. If you have any field of "hidden" type in the <form>..</form>, that field will not be displayed on the page. This "hidden" is not related to URL .

2. Using Method "POST"  in form, does not show field values of the form in the URL (Method GET does) when form is submitted.
You can use request.getParametr("XXX") , irrespective of 'POST" or 'GET'. Request object is JSP implicit object,
it will be avaiabale to get any parameter that is passed to this jsp.

0
 

Author Comment

by:wjh7554
ID: 7985488

Meaning there is no way for me to encrypt my URL when I want to pass among tha page right??

But what happend when I browse some of the page, for examole Microsfot Hotmail, the URL that shown on the Address bar got lot of funny funny character like thjis

%%%%%$$$##

Is that what they are doing to encrypt it or something like atht??
 
0
 
LVL 19

Accepted Solution

by:
cheekycj earned 200 total points
ID: 7989444
you can URL encode parameters (using get) and hide data using hidden form fields and post but you can't hide your URL.

if you want to trick the user from not seeing the URL you can use framesets.

as far as hotmail, etc go.. u still see the URL.  they use unique id's or sequences to identify session or stored data.  Nothing else.  They don't hide the URL.  they are hiding the data.

to hide data from the user you can do 1 of 3 things:
URL encode all parameters passed in the url (but that is not really hiding)
use hidden form fields with POST method (but again that is not really hiding)
use session for all your data.  (this will truly hide data unless you display it)

CJ
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7989452
oh and 1 more:
cookies (but most users can view cookies using a simple utility or if they have mozilla or netscape in the browser itself)

CJ
0
 

Author Comment

by:wjh7554
ID: 7990389
TQ for your details explanation...
0
 
LVL 19

Expert Comment

by:cheekycj
ID: 7996569
Glad I could help and Thanx for the "A"

CJ
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you have a site with just static html pages or a dynamic database-driven one, this step-by-step migration guide will help you get started with your new DV server. This guide is by no means comprehensive but it should cover the basics to get …
The following information will get you familiar with your new DV server, including the (mt) Account Center, the Plesk Control Panel, our world-renowned support department and the rest of the (mt) tools that come with your new service.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question