Escape reserved characters in Contains

I have a problem to query the reserved key ("_").
I have four records.
Description:
P_1234
PA1234
PB1234
PC1234
I want to search for record "P_1234" only. If I use contains(description, 'P\_1234', 0) > 0, I can get the expected result. However if I use contains(description, 'P\_%', 0) > 0, all the four records will be returned. That's not expected.
From above example, does that mean we cannot use escape and wildcard operators together?
Thanks in advanced.

Thanks Ron helping look into this.
The issue occurs on Oracle9i. I have not tried it on 10g. I listed the steps to reproduce the issue below:
1. Create a multi_column_datastore
ctx_ddl.create_preference('ITEM_MULTI_PREF', 'MULTI_COLUMN_DATASTORE');
ctx_ddl.set_attribute('ITEM_MULTI_PREF', 'COLUMNS', 'ITEM_NUMBER,DESCRIPTION');
end;
2. Then create context index on "description" column
CREATE INDEX ITEM_CTX_IDX ON ITEM(DESCRIPTION) INDEXTYPE IS CTXSYS.CONTEXT
PARAMETERS('DATASTORE CTXSYS.ITEM_MULTI_PREF LEXER CTXSYS.OBJECT_LEXER SECTION GROUP CTXSYS.OBJECT_SECTION_GROUP STOPLIST CTXSYS.EMPTY_STOPLIST');
3. Then create the four objects mentioned in my previous thread.

Similar Messages

How to escape special characters in Simple Transformation

Hi Experts,
I have got a problem to get a well formed xml document from the below simple transformation. The content of maktx contains
special characters like & <, which are not allowed in a well formed XML-Document. But the result of the Simple Transformation
contains this charcters even after the transformation as you can the in the result below. Has anyone a hint how to escape the
characters included in the maktx.
The transformation for maktx, should be something like
Before: Material & < TEST
After: Material &amp &lt TEST
Report wihich calls the simple transformation
types:
BEGIN OF t_mat,
 matnr type matnr,
 maktx type maktx,
end of t_mat.
Data:
mat type t_mat,
xml_stream type xstring.
START-OF-SELECTION.
mat-matnr = '4711'.
mat-maktx = 'Material & < Test'.
CALL TRANSFORMATION ztest_st2
 SOURCE mat = mat
 RESULT XML xml_stream.
CALL FUNCTION 'DISPLAY_XML_STRING'
EXPORTING xml_string = xml_stream.
Simple Transformation
<?sap.transform simple?>
<tt:transform xmlns:tt="http://www.sap.com/transformation-templates">
<tt:root name="MAT"/>
<tt:template>
 <Leistungsschild>
 <CHARACT> MATNR </CHARACT>
 <CHARACT_DESCR> Materialnummer </CHARACT_DESCR>
 <VALUE tt:value-ref="MAT.MATNR"/>
 <CHARACT> MAKTX </CHARACT>
 <CHARACT_DESCR> Materialkurztext </CHARACT_DESCR>
 <VALUE tt:value-ref="MAT.MAKTX" />
 </Leistungsschild>
</tt:template>
</tt:transform>
RESULT
<?xml version="1.0" encoding="utf-8" ?>
<Leistungsschild>
<CHARACT>MATNR</CHARACT>
<CHARACT_DESCR>Materialnummer</CHARACT_DESCR>
<VALUE>4711</VALUE>
<CHARACT>MAKTX</CHARACT>
<CHARACT_DESCR>Materialkurztext</CHARACT_DESCR>
<VALUE>Material & < Test</VALUE> </Leistungsschild>

Hi Sandra,
First of all thaks for your quick answer to my problem.
I see what you mean and get the same result, if I am using data-type string instead of xstring. But the recommendation in the XML-Books of SAP is to use XSTRING to save memory and circumflex problems between Codepages, when writing the XML-Stream to a filesystem.
As you can see in the code abvoe I am using a SAP-FM to display the XML-Stream and this FM works only with XSTRING´s,
that is one reason why I don´t understand that it displays it in the wrong way.
Even the Debugger shows me for the XSTRING the wrong result. Does all that mean that the escaping will not be applyed if you are working with XSTING´s??

SQL Injections and XSS - Escaping Special Characters

Hi, hope someone can help in regards to security and SQL Injections and XSS.
We are using APEX 4.0.2 on Oracle 11.2.0.2.
1. It seems the special characters we have entered into normal 'Text Items' 'Text Areas' etc are not being escaped (ie <,>,&, '). If I enter them into the field (ie Surname) they are saved as is into session state and the database - no escaping. Am I missing something such as an environment setting as I thought the "smart" oracle escaping rules would cater for this.
Surely I don't have to manually do each of then.
Just to confirm, am I looking in the correct places to assess if the characters are escaped or not - ie should they show as '&<>' in session state and/or the database ?
2. Also, for the Oracle procedures such as '‘wwv_flow.accept’ , ‘wwv_flow.show’ , 'wwv_flow_utilities.show_as_popup_calendar' - do these escape special characters. If not, then they must be vulnerable to SQL Injections attacks.
Thx
Nigel

Recx Ltd wrote:
Just to pitch in, escaping values internally (either in the database or session state) is extremely problematic. Data searches, string comparison, reporting and double escaping are all areas which suffer badly when you do this.
Stripping characters on input can also cause problems if not considered within the context of the application. Names such as "O'Niel", statistical output such as "n < 300", fields containing deliberate HTML markup can be annoying to debug. In certain situations stripping is totally ineffective and may still lead to cross-site scripting.
Apex applications that share the database with other applications will also be affected.
The database should contain 'raw' unfettered data and output should be escaped properly, as Joel said, at render time. Either with Apex attributes or using PLSQL functions such as htf.escape_sc() as and when required.Do not needlessly resurrect old threads. After a couple of months watches expire and the original posters are not alerted to the presence of your follow-up.
Shameless plug: If you are in the game of needing to produce secure Apex code, you should get in touch.This crosses the line into spam: it violates the OTN Terms of Use—see 6(j).
Promotional posts like this are liable to be removed by the moderators.

Escape Latin Characters

I need to escape latin characters in an xml doc. Example: "é" is escaped to "&#233;". I thought I could use the ASCII function, but SELECT ASCII('é') FROM DUAL in Oracle gives me 50089.
I coded this as a quick fix, but I'm sure there's a better way.
FUNCTION escape_latin(p_str IN VARCHAR2) RETURN VARCHAR2 IS
v_str VARCHAR2(3000) := p_str;
BEGIN
v_str := REPLACE(v_str, 'À', '&#192;');
v_str := REPLACE(v_str, 'Á', '&#193;');
v_str := REPLACE(v_str, 'Â', '&#194;');
v_str := REPLACE(v_str, 'Ã', '&#195;');
v_str := REPLACE(v_str, 'Ä', '&#196;');
v_str := REPLACE(v_str, 'Å', '&#197;');
v_str := REPLACE(v_str, 'Æ', '&#198;');
v_str := REPLACE(v_str, 'Ç', '&#199;');
v_str := REPLACE(v_str, 'È', '&#200;');
v_str := REPLACE(v_str, 'É', '&#201;');
v_str := REPLACE(v_str, 'Ê', '&#202;');
v_str := REPLACE(v_str, 'Ë', '&#203;');
v_str := REPLACE(v_str, 'Ì', '&#204;');
v_str := REPLACE(v_str, 'Í', '&#205;');
v_str := REPLACE(v_str, 'Î', '&#206;');
v_str := REPLACE(v_str, 'Ï', '&#207;');
v_str := REPLACE(v_str, 'Ð', '&#208;');
v_str := REPLACE(v_str, 'Ñ', '&#209;');
v_str := REPLACE(v_str, 'Ò', '&#210;');
v_str := REPLACE(v_str, 'Ó', '&#211;');
v_str := REPLACE(v_str, 'Ô', '&#212;');
v_str := REPLACE(v_str, 'Õ', '&#213;');
v_str := REPLACE(v_str, 'Ö', '&#214;');
v_str := REPLACE(v_str, '×', '&#215;');
v_str := REPLACE(v_str, 'Ø', '&#216;');
v_str := REPLACE(v_str, 'Ù', '&#217;');
v_str := REPLACE(v_str, 'Ú', '&#218;');
v_str := REPLACE(v_str, 'Û', '&#219;');
v_str := REPLACE(v_str, 'Ü', '&#220;');
v_str := REPLACE(v_str, 'Ý', '&#221;');
v_str := REPLACE(v_str, 'Þ', '&#222;');
v_str := REPLACE(v_str, 'ß', '&#223;');
v_str := REPLACE(v_str, 'à', '&#224;');
v_str := REPLACE(v_str, 'á', '&#225;');
v_str := REPLACE(v_str, 'â', '&#226;');
v_str := REPLACE(v_str, 'ã', '&#227;');
v_str := REPLACE(v_str, 'ä', '&#228;');
v_str := REPLACE(v_str, 'å', '&#229;');
v_str := REPLACE(v_str, 'æ', '&#230;');
v_str := REPLACE(v_str, 'ç', '&#231;');
v_str := REPLACE(v_str, 'è', '&#232;');
v_str := REPLACE(v_str, 'é', '&#233;');
v_str := REPLACE(v_str, 'ê', '&#234;');
v_str := REPLACE(v_str, 'ë', '&#235;');
v_str := REPLACE(v_str, 'ì', '&#236;');
v_str := REPLACE(v_str, 'í', '&#237;');
v_str := REPLACE(v_str, 'î', '&#238;');
v_str := REPLACE(v_str, 'ï', '&#239;');
v_str := REPLACE(v_str, 'ð', '&#240;');
v_str := REPLACE(v_str, 'ñ', '&#241;');
v_str := REPLACE(v_str, 'ò', '&#242;');
v_str := REPLACE(v_str, 'ó', '&#243;');
v_str := REPLACE(v_str, 'ô', '&#244;');
v_str := REPLACE(v_str, 'õ', '&#245;');
v_str := REPLACE(v_str, 'ö', '&#246;');
v_str := REPLACE(v_str, '÷', '&#247;');
v_str := REPLACE(v_str, 'ø', '&#248;');
v_str := REPLACE(v_str, 'ù', '&#249;');
v_str := REPLACE(v_str, 'ú', '&#250;');
v_str := REPLACE(v_str, 'û', '&#251;');
v_str := REPLACE(v_str, 'ü', '&#252;');
v_str := REPLACE(v_str, 'ý', '&#253;');
v_str := REPLACE(v_str, 'þ', '&#254;');
v_str := REPLACE(v_str, 'ÿ', '&#255;');
RETURN v_str;
END escape_latin;
Is there a built in function I can use to make this cleaner and shorter?
Thanks for the help!

I thought about it, but it will replace not just characters with code >= 192 but characters with code >= 128 (plus \ character).Which should be absolutely ok, since otherwise you may depend on the environment:
C:\>echo %NLS_LANG%
AMERICAN_AMERICA.US7ASCII
C:\>sqlplus michael@oracle
SQL*Plus: Release 11.1.0.7.0 - Production on Thu Oct 22 20:34:54 2009
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL>select xmltype('<?xml version="1.0" encoding="WE8MSWIN1252" ?><e>' || chr(150) || '</e>') from dual;
XMLTYPE('<?XMLVERSION="1.0"ENCODING="WE8MSWIN1252"?><E>'||CHR(150)||'</E>')
<?xml version="1.0" encoding="US-ASCII"?>
<e>?</e>
SQL>exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, Oracle Label Security, OLAP, Data Mining
and Real Application Testing options
C:\>set NLS_LANG=AMERICAN_AMERICA.WE8MSWIN1252
C:\>sqlplus michael@oracle
SQL*Plus: Release 11.1.0.7.0 - Production on Thu Oct 22 20:35:17 2009
Copyright (c) 1982, 2008, Oracle. All rights reserved.
SQL>select xmltype('<?xml version="1.0" encoding="WE8MSWIN1252" ?><e>' || chr(150) || '</e>') from dual;
XMLTYPE('<?XMLVERSION="1.0"ENCODING="WE8MSWIN1252"?><E>'||CHR(150)||'</E>')
<?xml version="1.0" encoding="WE8MSWIN1252" ?><e>û</e>
SQL>

Escaping illegal characters

Hi everyone,
I'm looking for some help on how to encode or "escape" illegal characters when writing strings (which contain the illegal characters) to XML. I'm basically creating an XML document which describes the structure of a JTree I have, but thus far, i've been using the replaceAll method to replace illegal characters in the strings with legal ones before converting to XML but i don't feel this is the best way to do it.
The first part of my export to xml method is:
public void export(DefaultMutableTreeNode rootNode) {
 try {
 textArea.append("Export: Exporting current tree... \n");
 final DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
 final Document document = builder.newDocument();
 try {
 GetTitle parser = new GetTitle();
 Reader reader = getReader(userI.getTarget().toString());
 new ParserDelegator().parse(reader, parser, true);
 catch (Exception e) {
 System.out.println(e);
 String validRoot = docTitle.replaceAll("\\'", "_");
 final Element root = document.createElement(validRoot);
 root.setAttribute("node", "root");
The GetTitle method will simply get the title of the URL returned by userI.getTarget and store it in the docTitle variable. If there are any illegal characters in the validRoot string, then i get an error at the line:
final Element root = document.createElement(validRoot);
Could anyone suggest how i can encode any illegal characters in the validRoot string before i invoke the createElement method? Is there a parser I can use which already does this?
Any help will be much appreciated.
Thanks.

Correct me if I am wrong but the code:
Element foo = document.createElement("King's College");is essentially creating something corresponding to the XML <King's College></King's College> which is of course illegal characters in the XML tags
the solution that you went for:
Element foo = document.createElement("Root");
foo.setAttribute("Title", "King's College");is essentially equivalent to this XML <Root Title="King's College"></Root> which is a legal use of a tic mark, but still locates the data in the wrong place
Perhaps what you wanted was:
Element foo = document.createElement("Root");
foo.appendChild(document.createText("King's College"))which corresponds to the more natural XML <Root>King's College</Root>
By the way, I've never tried any of this and could have it all wrong. I just happened to be reading the XML tutorial and noticed their comments that the most common mistake in DOM style XML processing is to confuse the element nodes (which are just the tags) with the the data contained in the element which will always be in one or more text children of an element node.
see Document, Element, & Node in the API

How to get the unicode escapes for characters outside a characterset

Hi!
I'm tryiing to edit into a RTF file and have been fairly successful so far. But living outside the U.S i need some characters outside ASCII. Those characters are supposed to be escaped as unicode-escapes, eg \u45. But I can't find a way to get the escapesequense for the unicode-characters that lives outside ASCII.
I'm guessing that this is a very simple thing to do but I have not been lucky with google so far.
So, how do I get the unicode escapes for characters outside a characterset?
Thanks in advance
Roland Carlsson

I'm tryiing to edit into a RTF file and have been
fairly successful so far. But living outside the U.S
i need some characters outside ASCII. Those
characters are supposed to be escaped as
unicode-escapes, eg \u45. But I can't find a way to
get the escapesequense for the unicode-characters
that lives outside ASCII.You are asking about RTF and not java correct?
As a guess....
Unicode is 32 bit (presumably you are not using the newest one.) Thus it requires a 32 bit representation. Thus \u45 actually is the same as \u0045. Thus something like \u1e45 would probably work.

Reserved characters prepended by the masking delimiter in EDIFACT

Hi All
I have a X2E mapping where I may get the reserved characters like +:'? in the input xml.
What happens is that BICMD prepends the reserved characters by the default masking character ?.
For example my input is apple+ball:bat's
then my BICMD output is apple?+ball?:bats?'s
what i want is that input should remain unchanged in the output of the BICMD.
Also i dont want the UNA segment to appear in the BICMD output.
Does any one know what properties i need to change in the BIC MD in order to achieve the desired output?

JTextField has PlainDocument as Model. Write your own PlainDocument and set this as model to JTextField.

Should I use reserved characters?

Hi
I am relatively new to HTML and ASP and have been asked to help update intranet and website pages for a company who very suddenly found themselves without a web developer. I took pages that are currently on the website and changed the content to show the new press release. Everything works absolutely fine in various browser, various versions of browsers and operating systems. The one thing that worries me is I did not use reserved characters anywhere, where I noticed the previous web developer did. Should I have used them or is it not needed anymore as browsers have changed? Is it may be needed for software used by the visually impaired?
Examples of where she used it:
New Zealand - I just used New Zealand
“ and ” - where I just used " "
Any help would be much appreciated!

The quote characters you are describing are the "curly quotes" or the ones that look like two commas look as opposed to "dumb quotes" which look like double straight lines.
I'm a big fan of dumb quotes because all browsers will show them -- even very old browsers. Lots of people freely copy and paste from Microsoft's Word (which is automatically set to use "smart quotes" or "curly quotes") and they'll see Microsoft's Internet Exploder render them correctly, while other browsers will show a diamond with a question mark in their place. This starts to get really ugly in a website when you look at it in Apple's Safari or in Mozilla's Firefox. So I tend to specify the dumb quotes and will take great pains in my code to put them in (and keep Dreamweaver from setting up the curly quotes).
These extended characters as defined by the W3C are mandatory and I prefer to carefully add them using search and replace. The biggest offender is the ampersand character because that initiates an extended character in modern XHTML code and there is an old US telephone company that uses that in their name. Dreamweaver CS3 didn't notice that I was trying to use the ampersand character and simply put that character into the text. I got problems with the W3C validator, despite the fact that every browser I looked at rendered the ampersand correctly.
So I have become very protective about quotes, choosing to mostly not use them (dumb or smart) and, instead, to use styles to indicate when someone is being quoted, like an indent or a paragraph style that is italic or a different color or typestyle.
But your answer is you must. And this is where Dreamweaver's Find and Replace can be your friend. If you do your searches for characters that need to be expressed differently in the source code itself, you'll find it most helpful.

How to escape special characters in a region title

I have created a drill down report where the second report is filtered by a value chosen in the first report. I am using &Pn_field. syntax to pass the name of the select value to the region title of the second report. Some of the returned values have a ':' in them and therefore the text does not print after the ':'. How do I escape the ':' in the region title?
regards
Paul P

Paul,
I think your question is "How do I use f?p URL syntax to pass data values to a page where the data includes a colon?" (Please correct me if that's not the issue.) The answer is, you can't. Same with commas. HTML DB reserves those two characters for the f?p request syntax. You'll have to save the string into the item before the page branch. There is no restriction on what characters can be used in a region title, it's just HTML-formatted text, except that you must escape anything that looks like HTML unless you want the browser to treat it as HTML. There are restrictions, however, on what characters you can pass in URLs in general and you must take care to escape them properly, e.g., ?, &, whitespace.
And do speak up if I've missed the point.
Scott

Escape special characters in url for redirection

In my web page, I want all the characters of the URL to be lower case. For that I created the following method:
private bool UrlFormatoCorrecto(string url)
bool formatoCorrecto = true;
bool upperCa = url.Any(c => char.IsUpper(c));
if (url.Any(c => char.IsUpper(c)))
formatoCorrecto = false;
if (url.Contains(" ") || url.Contains("+"))
formatoCorrecto = false;
return formatoCorrecto;
This works like a charm until a special character appears. The url that I get then will be the following:
http://localhost/web/coches/proven%C3%A7a-aribau,-08036-barcelona,-barcelona
So I have upper case characters. When I redirect it using the following code:
if (!UrlFormatoCorrecto(urlActual))
Response.RedirectPermanent(urlActual.Replace(" ", "-").Replace("+", "-").ToLower());
I get the code again with the same URL with upper case. How can I escape the special characters so they won't bother me anytime I want to make the redirection?

hello,
you could escape special caracters with :
Regex.Escape Method
Regards
Cédric

Handling HTML-reserved characters in passed item values

I've got a pair of pages in an application where one gets an item value from an inline value of a report on the other page. Since the link I created is conditional, I used the concatenate html string method to create the link. However, some of the values that are getting passed contain "+" as part of the value. How can I get this value to pass via the concated HTML string?
Here's the SQL I'm using:
SELECT x.*
,decode(x.source,'S','<a href ="f?p=&APP_ID.:403:&SESSION.::&DEBUG.:RP:P403_PAGE_LOAD,P403_LOT_NO,P403_ATTRIBUTE:1,'||x.lot_no||',\'||to_char(x.attribute)||'\">S</a>','P') as icon
FROM x
where x.attribute sometimes contains the "+" character.
Any help would be appreciated!

Thank you both for replies ....
Since these urls are generated through code, what is the best way to go about it ?
Could you please explain a little about using of hash map in this case?
and excpet using escape characters, is there any other way to do it ?
Thanks again

Escaped (special) Characters Aren't Rendering Properly

We upgraded our development server from apex 3.0 to 3.1 recently and I notice now that escaped characters on one of my pages don't display properly. Specifically, in my "Display as Text (saves state)" item, the text 
&.#.9.5.5.2.;.&.#.9.5.5.2.;. New Sheet &.#.9.5.5.2.;&.#.9.5.5.2.;. 
(The item definition doesn't contain any of the periods)

that displays on our production (3.0) server like this 
══ New Sheet ══
displays on our development server literally like this
&.#.9.5.5.2.;.&.#.9.5.5.2.;. New Sheet ... (excluding the periods)
The item source is "pl/sql function body" and the source expression is a simple series of if statements that returns the appropriate escaped text.
Any idea what I can do to fix this problem?

Hi Tom,
I researched this issue (and Scott will vet my conclusion).
I apologize for changing the behavior of your production application. This change was made to fix a different bug (6707591) in Application Express, where entity references were not properly being escaped when rendering a page.
Even though this change will cause a change in behavior of an existing application, I believe this change is correct and should remain. For an item type of Display as Text (saves state)", and the source value of this item is:
&#9552;&#9552; New Sheet &#9552;&#9552;
when someone submits the page, session state will be updated with the interpreted and non-escaped value. I.e, the session state value would now be:
══ New Sheet ══
This is incorrect.
This is the way this item type "Display as Text (saves state)" should have behaved all along. If you do not wish to have the item value escaped on rendering, then, as Scott suggested, the item type "Display as Text (does not save state)" should be used.
Thanks for pointing this out.
Joel

Escaping special characters in SECURITY_PRINCIPAL

I am trying to connect to AD-LDAP with
env.put(Context.SECURITY_PRINCIPAL, "CN=cn /18,CN=Users,DC=company,DC=com");
As you can see I have a / character in my DN. I cannot get a context using this security_principal, I am always getting javax.naming.AuthenticationException. When my DN does not contain / or any special character everything works fine. I thought I had to maybe escape / so I tried
env.put(Context.SECURITY_PRINCIPAL, "CN=cn \\/18,CN=Users,DC=company,DC=com");
env.put(Context.SECURITY_PRINCIPAL, "CN=cn \\\\/18,CN=Users,DC=company,DC=com");
env.put(Context.SECURITY_PRINCIPAL, "CN=cn \\\\\\/18,CN=Users,DC=company,DC=com");
without any success.
Thanks in advance,
Nikola

That did not seem to help. By the way, I was really looking for a more generic answer since for example I have the same problem when my SECURITY_PRINCIPAL DN includes /, \, or ' characters.

Strategies for escaping special characters.

Hi all,
Our app(built using Workshop) needs to have a generic way of scrubbing special
characters that a user might enter in the UI,and which might cause our sql that
queries the DB to become malformed. To explain further,some of our DB controls
are not using PreparedStatements to set Strings..instead, we are constructing
the sql as a java string like:
String myQuery="Select * from * where TOUPPER(name) like"+param.ToUpperCase().
and then we do:
Statement stmt=conn.createStatement();
stmt.executeQuery(myQuery).
In such cases, Oracle JDBC driver does not escape any special chars in the String
param,and fails.Other than converting all our queries to use PreparedStatements,
is there a generic pattern/Util class(mebbe RequestUtils) or some way of using
the Servlet Filter API to scrub out any special chars that are input by the user?
Thanks in advance.
Vik.

ServletFilter is the way to go on this one. Don't think there is anything built
into Servlet spec that handles these characters, however, there are a number of
sample filters that do such a task. I think there is a sample in either the O'Reilly
book on Servlets or Core Servlets.
"Vik" <[email protected]> wrote:
>
Hi all,
Our app(built using Workshop) needs to have a generic way of scrubbing
special
characters that a user might enter in the UI,and which might cause our
sql that
queries the DB to become malformed. To explain further,some of our DB
controls
are not using PreparedStatements to set Strings..instead, we are constructing
the sql as a java string like:
String myQuery="Select * from * where TOUPPER(name) like"+param.ToUpperCase().
and then we do:
Statement stmt=conn.createStatement();
stmt.executeQuery(myQuery).
In such cases, Oracle JDBC driver does not escape any special chars in
the String
param,and fails.Other than converting all our queries to use PreparedStatements,
is there a generic pattern/Util class(mebbe RequestUtils) or some way
of using
the Servlet Filter API to scrub out any special chars that are input
by the user?
Thanks in advance.
Vik.

Escaping special characters

Environment:
Client: win2k sp4, 10.2 client
Server: 9.2 on solaris 9
Is there any way to set an escape character?
Many times we have '&' characters in strings in procedures, and when I try to compile them sqldeveloper prompts for a value thinking that it is a variable.
I've tried the default '\', and 'set escape on' doesn't work either.
Would be even better if there was an option in sqldeveloper to tell it to ignore the '&' character alltogether.
Thanks.

not really the answer I was looking for :(
the devs would end up driving me nuts wondering what all the CHR stuff is in their code.
i guess for now, i'll just keep using PLedit to compile all the procs that have any special chars.
...someday we'll have one tool that does everything ;)

Escape reserved characters in Contains

Similar Messages

Maybe you are looking for