replace keywords in string

Hi,

There is url which is created through a procedure from the database.In the url there is a query string which is encrypted.

www.abc.com?id=xcvr!@&?12ERT+

now when i fetch it in java
String Id = request.getParameter("id");

Since the characters in the query string are encrypted and contain keywords of query string(?&)
Is there any way (like escapeHTML of apache utils)  in which i can store the codes instead of keywords in database.
RockingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

dpearsonCommented:
Check out URLEncoder (http://docs.oracle.com/javase/7/docs/api/java/net/URLEncoder.html):

String encodedUrl = URLEncoder.encode(url, "UTF-8");
String decodedUrl = URLDecoder.decode(url, "UTF-8");

It should give you what you need.

Doug
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RockingAuthor Commented:
what if we provide space it will convert it to "+" sign which again is a keyword,how to get rid in this case?

public static void main (String rags[]) throws UnsupportedEncodingException{
		String key = "$%#@qwer 1212+";
		System.out.println(DatatypeConverter.parseBase64Binary(key));
		String encodedKey = URLEncoder.encode(key,"UTF-8");
		System.out.println("encodedKey::"+encodedKey);
		System.out.println("URLEncoder"+URLDecoder.decode(encodedKey,"UTF-8"));
	}

Open in new window

0
CEHJCommented:
What do you mean by 'keywords'? Do you mean sql reserved words? If so, since you're storing the encrypted value in a text field, then there's no problem - text fields don't care about reserved words. What they do care about is things like quote characters, so make sure you use a PreparedStatement to do the insert/update, as it will take care of the necessary quoting for you.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RockingAuthor Commented:
no the problem is not in insertion of keyword,the problem is when the url is created from the database procedure this parameter is appended as query string which treat " " as + sign.
http://localhost:8080/test.jsp?id=$%#@qwer 1212+

String id = request.getParameter("id");
It gives as $%#@qwer+1212+
insetad of

$%#@qwer 1212+
0
CEHJCommented:
Sorry - you're not being clear on what is getting it wrong
0
RockingAuthor Commented:
Ok let me put in short.
I am encrypting a id (long value).
Can there be a case when there is space comes during encrypting the above?
0
CEHJCommented:
I don't think that's likely but it might not be impossible
0
RockingAuthor Commented:
now if the space comes in the encrypted string and save in the database
String encodedUrl = URLEncoder.encode(url, "UTF-8");
AS per the api (The space character " " is converted into a plus sign "+".)

So i can't use this method?please suggest any other alternative
0
CEHJCommented:
and save in the database
String encodedUrl = URLEncoder.encode(url, "UTF-8");
AS per the api (The space character " " is converted into a plus sign "+".)
But url encoding is only done to respect the operation of HTTP. It's not meant to be used for other things (like insertion into a db)
What you should be doing is getting the plain string and saving that in the db. A PreparedStatement will prevent any problem with insertion
0
RockingAuthor Commented:
what about getting the bytes of the string and store in the database? I don't want to store the string as it is in the database for security purpose?

Any other alternative would be helpful
0
CEHJCommented:
I don't want to store the string as it is in the database for security purpose?
Sorry - this is not making much sense - you already said you DID want to save it.
Unless it's not clear to you, url encoding is not done for security purposes
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.