Solved

Problem with German characters passed as request

Posted on 2006-07-23
17
440 Views
Last Modified: 2013-12-03
I am working on a German site where user is allowed to enter German chanracters in the text fields.

There is a form where user enters name and contents.
Then these values are stored in the DB and displayed in a page where there is a "Delete" link corresponding to each row.
User clicks on the Delete link and the  name is passed to a Servlet, as a request paraemter (with the URL).
The servlets gets the search name from the request and deletes the row from the DB.

Problem comes when the name field consists of all German characters
Suppose user saved the values with
name : < Ö¬ßÖ?Üo¦â»Æ+ >

When this value is passed as a request

 <a href="controller?action=deleteRow&searchName=<%= sName %>&param1=<%=param1%>" onclick="return confirmDelete()"> Delete</a><br />

and the servlet gets it using request.getParamter(), it is retreived as

< Ö¬ßÖ?Üo¦â»Æ >  //the last + sign is missing

Thie porblem comes when there are all German characters in the name. Even if there is just one english character in the name, it works perfectly fine.
PLease tell me how to resolve this.
0
Comment
Question by:thomas908
  • 7
  • 4
  • 4
  • +1
17 Comments
 
LVL 6

Assisted Solution

by:Holger101497
Holger101497 earned 100 total points
ID: 17165877
> Even if there is just one english character in the name, it works perfectly fine.

This is surprising :-) Have you tested this with more than one browser? :-)

MOST probably (>90%), this is a problem with your URL. Put a debug statement into your code to see if you get the correct name in the code at all (just a little general troubleshooting help :-)

In general, you HAVE TO escape all URL parameters (which could contain anything other than alphanumerics like this:
action=deleteRow&searchName=<%=java.net.URLEncoder.encode(sName)%>

This will turn every "illegal character" (like German special characters, but also spaces and &-signs) into the "well known" %20-thinghies...

Just imagine what happens if your sName is "Tom&Jerry" - your URL now turns into "....&searchName=Tom&Jerry&param1=..."

which will OF COURSE give you a search name of "Tom" and a strange empty parameter called Jerry :-)

Try it, let me know...
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 17165913
What encoding have you set for the page containing the form?
0
 
LVL 92

Expert Comment

by:objects
ID: 17165919
try using utf8 for your pages
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 17165955
> try using utf8 for your pages

well, he could, but that's not strictly "required" - the default locales (ISO-8859-1) work quite fine for Germany :-)
Also, just changing that won't help because you could still have stuff like "&" or quotation marks in the data that will "break the link" if not urlencoded

P.S.:
< Ö¬ßÖ?Üo¦â»Æ >  //the last + sign is missing

Yes, that's exactly "part of the problem" I described. I'm really surprised everything else works, but probably the browser does a lot of work for you based on "smart guessing". However, if it finds a "+" in the URL, it doesn't do anything to it because a "+" is the official (or inofficial?) "encoding" for a space. Therefore, the browser doesn't touch it, but the servlet "decodes" it and turns it into a space....

> Even if there is just one english character in the name, it works perfectly fine.

Are you REALLY sure of that? Even if the string contains a "+"-sign??? Or a "&"? Or a quotation mark??? (that would break your HTML!)

Cheers,

Holger
0
 
LVL 8

Author Comment

by:thomas908
ID: 17166201
>>n general, you HAVE TO escape all URL parameters (which could contain anything other than alphanumerics like this:
action=deleteRow&searchName=<%=java.net.URLEncoder.encode(sName)%>

I did that and now I get < ?????o???+ > from the request
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 17166212
>>and now I get

How are you viewing this? If at the console, that normally won't support higher 'ascii' characters
0
 
LVL 92

Expert Comment

by:objects
ID: 17166225
you'll to use a font that supports the chars you are using to be able to view what it is.
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 17166238
See? You get the "+" sign ok now :-D

Well... I don't know exactly what you're doing, character encoding seems to be a problem. Some people always say "use UTF-8" if there are any problems. That often works, but really isn't usually required and can actually cause problems depending on the encoding your files really have!

Which encoding do you use for your page(s)?
What's the default Locale on the server?

What's the page source for that input field now? Is this an encoding problem or a decoding problem?
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 8

Author Comment

by:thomas908
ID: 17166251
>>Are you REALLY sure of that? Even if the string contains a "+"-sign??? Or a "&"? Or a quotation mark???
No, you are right. This does not always. Couple of times when I had put some english character it worked, but it was just a coincidence.
0
 
LVL 8

Author Comment

by:thomas908
ID: 17166261
>> try using utf8 for your pages

i have this op top of my JSP page
<%@ page language="java" contentType="text/html; charset=UTF-8" %>
0
 
LVL 8

Author Comment

by:thomas908
ID: 17166272
Do I need to set encoding in the Seervlet also, where I am using request.getParameter() to get the name from the request
0
 
LVL 8

Author Comment

by:thomas908
ID: 17166294
I am viewing the names in the browser (they display perfectly fine). When I click on the Delete link, correponding to each name (name is send as a request parameter as specified above to a servlet), the Servlet does request.getParameter() to get the name. But it doesn't get the correct name (as mentioned in discussion above).

Instead of

<a href="controller?action=deleteRow&searchName=<%=java.net.URLEncoder.encode(sName)%>&param1=<%=param1%>" onclick="return confirmDelete()"> Delete</a><br />

Should i make it a form and submit it using Javascript (with POST)?
0
 
LVL 92

Expert Comment

by:objects
ID: 17166307
btw, why are you using the name to lookup. Wouldn't the primary key be a better choice? And you wouldn't have any issues with encoding then also.
0
 
LVL 92

Accepted Solution

by:
objects earned 400 total points
ID: 17166315
and try:

java.net.URLEncoder.encode(sName, "UTF8")
0
 
LVL 8

Author Comment

by:thomas908
ID: 17166379
>>java.net.URLEncoder.encode(sName, "UTF8")
That works great. Thanks a lot objects.

Thanks everyone for pitching in.
0
 
LVL 6

Expert Comment

by:Holger101497
ID: 17166500
pheeeeeew....

So I'm gone for 30 minutes, the question is closed and I get 20% of the points although I had basically already answered it... I'm REALLY not here for the points (what I can buy for them?), but this is the reason I don't do EE frequently any more - you really need to be here "full-time" or not at all :-(((
I would've had to answer within 10 minutes...

btw.:
This:
> Which encoding do you use for your page(s)?
> What's the default Locale on the server?

really was the solution. If the two are different, you can get into trouble - which can mostly be solved, but if the two were the same, it wouldn't be there in the first place. If your page didn't specify UTF-8-encoding, everything would've worked the way I had initially suggested... (and if they remain different, you might run into further trouble when using some libraries which don't handle this perfectly - sometimes they can't because they have no idea they're being called from a page with a different encoding...). I still recommend  using the same encoding...

*sigh*

Well, glad everything works now anyways...

Holger (no, not a "newbie expert")
0
 
LVL 8

Author Comment

by:thomas908
ID: 17173746
Thanks Holger for your inputs
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This was posted to the Netbeans forum a Feb, 2010 and I also sent it to Verisign. Who didn't help much in my struggles to get my application signed. ------------------------- Start The idea here is to target your cell phones with the correct…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now