Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1372
  • Last Modified:

Hiding the Query String

hi Experts,
              I have a JSP page that reads parameters out of the Query String.  i have some hyperlinks in my page with poing to the same page , each with its own set of Query parameters.. SO each time the Query Parameters are read and i display data based on the Query Parameters..I have 6-7 Parameters that gets displayed on the Query String..

My URL after 2-3 submits looks like this..

http://localhost/My JSP Project/My_JSP_Page.jsp?TableName=ALL_GLOBAL_USERS&REQUESTED_Field=Assignments&OrderBy=EmployeeId etc etc..

Now it there a way by which i can Mask the URL and prevent it from displaying all the  query parameters ???

Thanx in Advance..

newBie Web Programmer.
0
FearFactor_x
Asked:
FearFactor_x
  • 7
  • 4
  • 2
  • +3
1 Solution
 
k41d3nCommented:
what method are you using to submit?

if your variables are defined via from fields, and you are clicking a submit button, you should be able to define the <form> method as post, then your variables shouldn't show up.

0
 
rrzCommented:
Use post method instead of get method for your form.
0
 
rrzCommented:
Sorry, k41d3n, I didn't see your comment.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
FearFactor_xAuthor Commented:
hi Experts,
              I am not using any Forms Or submitting anything.. i am using HyperLInks inside my Page.. and the href attribute of the HyperLink has my page.jsp?<Query Parameters..> .. I populate the Query Parameters Dynamically i have around 20-30 Hyperlinks and when each one is clicked.. and when the page gets loaded i read the parameters off the Query String and then do what is necessary...  In such a case how do i mask the query parameters..??

NewBie Web Programmer

0
 
k41d3nCommented:
Do the hyperlinks lead to something? or is it more like making selections? In which case you could change them to check boxes and a submit button. Barring that, links use the get method, you might be able to use a javascript function to switch the method to post on click, but that's sketchy.

0
 
ramazanyichCommented:
In that case create a form with hidden parameter named 'query' and on href of link call javascript function which will first set value for query and call submit() to the form. On form use method="POST". On your JSP page get parameter 'query' using call:
String query=request.getParameter("query");
and parse that STring as you did previously.

Example:
<html>
<script language="JavaScript">
function ss(String param){
document.test.query.value=param;
document.test.submit();
}
</script>
<body>
<a href="javascript:ss('param=value&...')> Click me</a>
<form name="test" method="POST" action="">
<input type="hidden" name="query" value=""/>
</form>
</body>
</html>
0
 
k41d3nCommented:
Something like:

<a href="page.jsp?q=1&b=3" onClick="javascript:document.links.method=\"get\"">Text</a>

That isn't tested and most likey will not work ;)
0
 
FearFactor_xAuthor Commented:
hi k41d3n,
              The links that i use are numbers which get populated at runtime.. Here is a snapshot of my code

<%

 hrefText="MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName;
OptionSelect=// I assign some value to this.... that

%>

and

 <td height="50%"><span class="style31 style6"><a href="<%=hrefText%>"><%=OptionSelect%> < /a></span></td>


So this being the secnario.. how do i mask my Query String parameters..
0
 
k41d3nCommented:
You can try ramazanyich's idea, or you can make your options in a form. Like a drop down box or a list of checkboxes that are part of a form with the method of post.

You are going to have to incorporate it into a form either way to mask the URL params.

0
 
ramazanyichCommented:
As I suggested you code will not change a lot.
it will be following changes:
<td height="50%"><span class="style31 style6"><a href="javascript:ss('<%=hrefText%>'"><%=OptionSelect%> < /a></span></td>
0
 
k41d3nCommented:
You couls also set the variable into the session using a token:

<%
String OptionSelect = "Text";
String queryString = "MyPage.sjp?TableName="+TableNametoQuery+"&UserID+"?REQUESTED_Field=" +RequestedField+"&ORDER_BY="+OrderByColumnName+";  
String key = new Random().nextLong();  
session.setAttribute( key, queryString );
%>

<a href="<%= key %>"><%= text %>
0
 
k41d3nCommented:
don't forget to import java.util.Random;
0
 
rrzCommented:
>how do i mask my Query String parameters..  
Just don't send them. Just send OptionSelect.
<a href="<%=OptionSelect>"><%=OptionSelect%>
In your JSP use something like  
if(OptionSelect==1){use correct query string}
if(OptionSelect==2){use different query string}
if(OptionSelect==3){use third query string}
or if OptionSelect is a String
if("one".equals(OptionSelect)){use first query string}
if("two".equals(OptionSelect)){use second one}
rrz
0
 
k41d3nCommented:
Yeah, I was wrong.

You can store the query string in the session with a random long, but when you pull it out and pring it out so that the string looks like the random then the URL tries to go to the random not the value of the random as set in the session.

I got nothin.
0
 
rrzCommented:
><a href="<%=OptionSelect>"><%=OptionSelect%>
I was wrong.
I meant to post  
<a href="MyPage.sjp?opt=<%=OptionSelect>"><%=OptionSelect%>
and then use
String option = request.getParameter("opt");
if(option==null)option = "one";
if("one".equals(option)){use first query string}
if("two".equals(option)){use second one}
if("third".equals(option)){use third one}  
rrz

0
 
matthew_yorkCommented:
How about something along these lines:

<% for (int i = 0; i < 10; i++) { %>
   <FORM name="form<%= i %>" method="post" action="this.jsp">
      <-- Values to be hidden -->
      <INPUT type="hidden" name="param" value="<%=i %>">
      <A onclick="document.form<%= i %>.submit()">Update Screen</A>
   </FORM>
<% } %>
0
 
Lucky48390Commented:
Hey Fear Factor. While some might oppose the use of frames, the very simplest way to conceal when the request comes from a hyperlink is to use one.
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 7
  • 4
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now