?
Solved

Escaped & in java servlet

Posted on 2006-03-29
26
Medium Priority
?
1,738 Views
Last Modified: 2013-11-24
I have many java servlets that create a html link using the a form like

http://mydomain.com?value1=answer1&value2=answer2&value3=answer3

To be proper html for the validator this should look like

http://mydomain.com?value1=answer1&value2=answer2&value3=answer3

How do you write this in a servlet so that when you use
HttpServletRequest.getParameter(value1) you will get a proper value

If i Echo all of the parameters for the HttpServletRequest, they look like
amp;value1=answer1
amp;value2=answer2
amp;value3=answer3

I would have preferred the servlet request to handle the escaped Ampersand.
0
Comment
Question by:Hokester
  • 15
  • 11
26 Comments
 
LVL 92

Expert Comment

by:objects
ID: 16328255
You can use replaceAll() method in string class

> To be proper html for the validator this should look like
> http://mydomain.com?value1=answer1&value2=answer2&value3=answer3

not sure thats correct though.
your curreent url looks fine

0
 
LVL 92

Expert Comment

by:objects
ID: 16328270
> I would have preferred the servlet request to handle the escaped Ampersand.

It *is* handling them correctly, it expects & and not &
0
 

Author Comment

by:Hokester
ID: 16328778
The problem is that getParameter expects & but & is not valid html syntax according to the w3c standards. If you use & in a link, w3c says you do not have valid syntax and instead suggest to use & in the link.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 92

Expert Comment

by:objects
ID: 16328808
> The problem is that getParameter expects & but & is not valid html syntax according to the w3c standards.

not sure I understand. what are you basing that on?
0
 

Author Comment

by:Hokester
ID: 16328848
In my example using the encoded ampersand:
http://mydomain.com?value1=answer1&value2=answer2&value3=answer3

If i said

String result = request.getParameter("value1");

result would be null because value1 is not a parameter;

If i said
String result = request.getParameter("amp;value1"); // Note that is amp;, not &

result would be answer 1.

It seems wrong that the html standard requires the parameters to be separated by & , however the servlet parameters act like & is wrong and & is truly how they should be separated.  

I 'could' change all of my getParameter function calls to have "amp;" in front of the field, but it seems like there should be a better/easier way.
0
 
LVL 92

Expert Comment

by:objects
ID: 16328869
> It seems wrong that the html standard requires the parameters to be separated by &

why do you think it does. Can you show me a pages that does that?

> however the servlet parameters act like & is wrong and & is truly how they should be separated.  

& *is* how they should be seperated.
0
 
LVL 92

Expert Comment

by:objects
ID: 16328873
I suspect you have misunderstood the standard, can you post the section that you are referring to.
0
 

Author Comment

by:Hokester
ID: 16328943
I've created an example
http://ericpastoor.homeip.net/foo.html

The example first has a link using only the & symbol

The second link uses &

Here is the link for the w3c validator
http://validator.w3.org/

There you can try and validate this test file and you will see that the single & is an error.
This is the link w3c provides about & in urls.
http://www.htmlhelp.com/tools/validator/problems.html#amp
0
 
LVL 92

Expert Comment

by:objects
ID: 16329013
And both work the same :)  Its the job of the browser to decode & -> &
0
 
LVL 92

Expert Comment

by:objects
ID: 16329017
ie. by the time it gets to your servlet & will already have been converted to &
0
 

Author Comment

by:Hokester
ID: 16334065
I realize both work the same, however only the & is valid html syntax. That makes the & the right way to write a link. Does the HttpServletRequest have a function that handles the valid syntax? When the link gets to my servlet, and the HttpServletRequest.getParameter function analyzes the link, it analyzes the link as &, not &. It seems wrong that the HttpServletRequest expects invalid html syntax/ does not handle valid syntax properly.
0
 
LVL 92

Expert Comment

by:objects
ID: 16337035
> Does the HttpServletRequest have a function that handles the valid syntax?

It doesn't need to, it should have already been converted by the timne it reaches the server.
0
 
LVL 92

Expert Comment

by:objects
ID: 16337045
"With HTML, the browser translates "&" to "&" so the Web server would only see "&" and not "&" in the query string of the request."
0
 

Author Comment

by:Hokester
ID: 16337178
I realize that you think the webser should see & and not & but it doesn't work that way. My tomcat server sees &
It therefore thinks that the delimeter is & and then amp; is the beginning of the first parameter.

I found this about the API.
The Servlet API has a getParameter method in the HttpServletRequest class that returns the GET or POST value for the name you supply.

    * The HTTP GET request handles name and value pairs as part of the URL. The getParameter method parses the URL passed in, retrieves the name=value pairs deliminated by the ampersand (&) character, and returns the value.

It doesn't say anything about properly handling &
0
 
LVL 92

Expert Comment

by:objects
ID: 16337205
then the problem is in the browser, what browser are you using?

> It doesn't say anything about properly handling &

and it shouldn't, it expects &


0
 

Author Comment

by:Hokester
ID: 16337251
I've tried firefox, IE, Opera, and Safari. Any time I use & in the link, the link still works as & as described above, but when it gets to the servlet, the HttpServletRequest sees it as &parameter1=value1 instead of &parameter1=value1
0
 
LVL 92

Expert Comment

by:objects
ID: 16337291
Appears to interpreted fine here in firefox and ie
0
 

Author Comment

by:Hokester
ID: 16338208
It is interpreted fine in the browser. It is when it gets to the java servlet code that it is not interpreted as & anymore, and shows up as &
0
 
LVL 92

Expert Comment

by:objects
ID: 16338235
the browser shouldn't be sending the &, its a html standard, not a http standard.
and it doesn't send it when i tested those pages here.
0
 

Author Comment

by:Hokester
ID: 16338246
Are you checking those values as an HttpServletRequest object, not just in html?
0
 
LVL 92

Expert Comment

by:objects
ID: 16338281
clicking on it and seeing the resulting url being sent.

Which agress with what the html standard states, that the client should be converting them before sending to the server. It nothing to do with the server, it should be dealt with by the client. & is not a valid parameter seperator.
0
 

Author Comment

by:Hokester
ID: 16338519
I wrote a simple jsp to show what I am talking about.

http://ericpastoor.homeip.net/ampersand.jsp?param1=answer1&param2=answer2&param3=answer3

If you click on that link you will see that the & is not handled correctly by HttpServletRequest getParameterNames or getParameter()

Here is the jsp code that is that page


<%@ page import="java.util.Enumeration"%>
<HTML>  
 <HEAD>
  <TITLE>Hello World</TITLE>
 </HEAD>  
 <BODY>
    <H1>Hello World</H1>
       Today is: <%= new java.util.Date().toString() %>
       <BR>    
       HttpServletRequest URL = <%=request.getRequestURL().toString()%>
       <BR>
       Query String = <%=request.getQueryString()%>
       <BR>
       <%
        Enumeration params = request.getParameterNames();
        String paramName = null;
        String[] paramValues = null;
        while (params.hasMoreElements())
        {
          paramName = (String) params.nextElement();
          paramValues = request.getParameterValues(paramName);
       %>
        Parameter name is "<%=paramName%>"
       <%      
         for (int i = 0; i < paramValues.length; i++)
          {
        %>
        , value <%=i%> is "<%=paramValues[i].toString()%>"
        <BR>
        <%
          }
        }
       
       %>
  </BODY>
</HTML>
0
 
LVL 92

Accepted Solution

by:
objects earned 840 total points
ID: 16338540
works fine for me

Hello World
Today is: Thu Mar 30 20:13:38 EST 2006
HttpServletRequest URL = http://ericpastoor.homeip.net/ampersand.jsp
Query String = param1=answer1&param2=answer2&param3=answer3
Parameter name is "param3" , value 0 is "answer3"
Parameter name is "param2" , value 0 is "answer2"
Parameter name is "param1" , value 0 is "answer1"
0
 

Author Comment

by:Hokester
ID: 16338561
This is bizarre
When I click on the link from what I just posted, here is the output
Hello World

Today is: Thu Mar 30 20:17:58 EST 2006
HttpServletRequest URL = http://ericpastoor.homeip.net/ampersand.jsp 
Query String = param1=answer1&param2=answer2&param3=answer3
Parameter name is "param3" , value 0 is "answer3"
Parameter name is "param2" , value 0 is "answer2"
Parameter name is "param1" , value 0 is "answer1"

Which is what I wanted, 10 minutes ago when I did that, it gave me this

Today is: Thu Mar 30 20:10:55 EST 2006
HttpServletRequest URL = http://ericpastoor.homeip.net/ampersand.jsp 
Query String = param1=answer1&param2=answer2&param3=answer3
Parameter name is "amp;param3" , value 0 is "answer3"
Parameter name is "amp;param2" , value 0 is "answer2"
Parameter name is "param1" , value 0 is "answer1"
0
 
LVL 92

Expert Comment

by:objects
ID: 16338590
sorry, don't have an answer for you there :)
0
 

Author Comment

by:Hokester
ID: 16338639
I really don't know why this didn't work all this time and now it is. I'm not sure what changed, but it clearly works now. I can't figure out what happened, but at least here I can see that it can work as you have decribed. Thanks a ton for your help. I've increased your points to as much as I have to give.
Thanks!
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By the end of 1980s, object oriented programming using languages like C++, Simula69 and ObjectPascal gained momentum. It looked like programmers finally found the perfect language. C++ successfully combined the object oriented principles of Simula w…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
This video teaches viewers about errors in exception handling.
Suggested Courses
Course of the Month17 days, 10 hours left to enroll

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question