semicolon dissapears when writing to database

Hi,

I have a problem with dissapearing semicolons.
I have a String that looks like this:
update CLASSIFICATION set  text = "Drimel;dramel" where id = 4;

that I encode with URLEncoder.encode( string )

after it´s encoded the string looks like this:
&type=sql&data=update+CLASSIFICATION+set++text+%3D+%22Drimel%3Bdramel

I post it to a cgi-script but when it reaches the database it looks like this
Drimeldramel
so the semicolon have dissapeared. I cant find where its done. Does anyone know if there is another way of encoding the string?
Is it something special with the semicolon?

LVL 3
otroligafreddeAsked:
Who is Participating?
 
TimYatesConnect With a Mentor Commented:
looks like the cgi script is stripping it out for some reason :-(

I guess it is stripping it out to prevent SQL Injection...  do you have access to the cgi-script?  Can you rewrite the function it performs in Java (using PreparedStatement) ?
0
 
Giant2Commented:
your semicolon is:
%3B

It's not disappeared.
0
 
Giant2Connect With a Mentor Commented:
>I post it to a cgi-script
It's the decode of this script that made disappeareing your semicolon.
Check it.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
TimYatesCommented:
> It's not disappeared.

It has in the database, according to this line:

> I post it to a cgi-script but when it reaches the database it looks like this
> Drimeldramel
0
 
Giant2Commented:
>> It's not disappeared.
>It has in the database, according to this line:
>
>> I post it to a cgi-script but when it reaches the database it looks like this
>> Drimeldramel

I continue the posting (at the same time you put your) see before, TimYates.
:)
0
 
MogalManicCommented:
Try this experiment:
  1) construct the URL like this:
     &type=sql&data=update CLASSIFICATION set  text = "Drimel;dramel" where id = 4;&otherData=xxx
  2) Post the results to your CGI script.

Does the CGI script recieve the statement correctly?  If so, then the CGI-script does not know how to decode encoded strings!
0
 
TimYatesCommented:
> If so, then the CGI-script does not know how to decode encoded strings!

It must know how to decode encoded strings, as it gets the "=" and the "'" chars...
0
 
TimYatesCommented:
I reckon we were right...  Oh well :-)
0
 
otroligafreddeAuthor Commented:
I´m very sorry that it took forever to accept the answers. I wish that I could blame it on something really big, like that a
tornado swept sweden away for a few months or something, but I can´t.

Thanks anyway for all the help.

/Fredrik
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.