Single quote in url

We are using the following configuration in our env...
Sun web server 6.1 - webserver
Sun appserver 9.1 EE -application server
the application server instances are configured with the webserver via loadbalancer plugin.
If the url contains single quote (%27) the webserver redirects the GET request to a 302 and displaysthe default 404 error page in webserver's docroot
However, if the issue the same url (with %27) to the appserver, the designated web page is displayed.
To test the above..
Try the following
http://<webserver>:<port>/index.html
This displays the webserver welcome page
http://<webserver>:<port>/index.html?test=a
This displays the webserver welcome page, there is no change
Now try this
http://<webserver>:<port>/index.html?test=a%27s
This will result in the webserver doing a 302 and redirectig to the configured error page..
Why is this happening, how can we control this.. there cud be escaped single quotes in the URL, which we cannot control
regds,
Chiths

Hi,
I could not reproduce this with a standalone web server instance. I tried with Web Server 6.1 as well as 7.0 Update 2 release.
http://<Host>:<Port>/index.html?test=a%27s
shows me the index.html page fine.
I tried http://<Host>:<Port>/index.html?test=a's
as well. This also shows me index.html.
Can you check if you can reproduce with your standalone web server instance? BTW, Which SP are you using?

Similar Messages

How to pass a single quote in a URL using Javascript

Can someone tell me how to pass a single quote in a URL using Javascript. I have created a Javascript funciton in which I pass several column values from an APEX report.
The URL for the report link I am using is "JAVASCRIPT:passBack('#EMP_ID#','#Name#','#e-mail#')"
The problem occurs with the Name and e-mail columns contain a single quote (i.e. James O'Brien)

Thank you Saad, that worked.
Since I built the report using type 'SQL Query (PL/SQL function fody returning SQL query)' I had to add some additional quotes to get it to work.
i.e.
replace(EMP_EMAIL_NAME,'''''''',''\'''''')
or
replace(EMP_EMAIL_NAME,chr(39),''\'''''')
Thanks for the help,
Jason

Can a single quote be used at the beginning of a query string parameter

Hi all,
I am a relative newbie and have a newbie question.
Can a single quote be used at the beginning of a query string parameter passed to a jsp page? Are there any inherant problems with this? Is there a comprehensive list of characters that must be escaped in a query string parameter?
Example: http://mysite.com/myjsp.jsp?param1='nghdh
Thanks

You'll have to escape most non-letter characters before you can pass them as a URL. I don't know if it's necessary for a single quote, but better safe than sorry.
Either use java.net.URLEncoder(...) or use javax.servlet.http.HttpServletResponse.encodeURL(String). I wouldn't recommend using unescaped characters in your URLs, that might cause pretty funny behavior that's sometimes hard to trace back. Don't worry about decoding it, your JSP/Servlet container will do it when you call javax.servlet.http.HttpServletRequest.getParameter(String).

Escape single quote from a String variable

Hi,
I have a String variable called "name" which i am using in my form tag.
<form name=test action="test.jsp?fname=<%=name%>" method="post">
But i am getting Javascript error if the "name" variable contains a string with some special characters like single quote( ' ).
Plz help me to escape this special char from my String variable.
Thanks..

You need to url-encode the value using the URLEncoder class.
http://java.sun.com/javase/6/docs/api/java/net/URLEncoder.html
For example:
<form name=test action="test.jsp?fname=<%=URLEncoder.encode(name, "ISO-8859-1")%>" method="post">

Embedded Single Quote in SQL Column truncates Java String

I have a jsp web page that queries a database to see what day a user is registered for and then produces an URL for the user to click on. My problem is that the URL being processed stops when an embedded single quote is encountered.
Here is the database side:
Database side:
Create Table registration
(reg_id int not null,
name varchar2(45) not null,
day_nb int not null);
Insert into registration
(reg_id, name, day_nb)
values (1043,'Johnny''s Diner', 1);
Select name, day_nb from registration
where reg_id = 1043;
name, day_nb
Johnny's Diner 1
Snippet of relevant java code: (JSP page)
<%
int day_nb = rs.getInt("day_nb");
String particpant_name = rs.getString("name");
System.out.println("registration.jsp: particpant_name = " + particpant_name);
%>
<td width="84%">
     <a
     href='<%=response.encodeURL("registrationHandler.jsp?"particpant_name="+ particpant_name + "&day_nb="+ day_nb)%>'><%=particpant_name%>
                              </a>
                         </td>
{code}
The following is printed to System.Out:
registration.jsp: particpant_name = Johnny's Diner
The code produces the following URL
http://www.mycompany.com/registrationHandler.jsp?particpant_name=Johnny
The response.encodeURL is stopping on the single quote contained in "Johnny's Diner"
The URL I want is:
http://www.mycompany.com/registrationHandler.jsp?particpant_name=Johnny's Diner&day_nb=1
How do I account for the embedded single quote so the code works properly? Thanks In Advance!

You really need to read up on [SQL Injection|http://en.wikipedia.org/wiki/SQL_injection] and [XSS/Cross-Site Scripting|http://de.wikipedia.org/wiki/Cross-Site_Scripting]. Both present massive security problems and your code seems prone to easily producing both.
For SQL Injection attacks the correct solution is to always use PreparedStatements with only hard-coded String (i.e. never use String concatenation to build SQL statements).
For XSS attacks the solution is a bit harder, but basically you need to learn never to trust user input (that includes user input that you've previously stored in the database!) and always escape what the user sent when you print it back out.

Related Item link is broken in DispForm.aspx for a task in Workflow Tasks list if file name contains " ' " (single quote)

Description:
We have created a custom workflow in Microsoft Visual Studio 2013 and SharePoint 2013. This Workflow is associated with a Document library.
This Workflow starts as soon as any new item is created OR updated in Document library and creates a Task in Workflow Tasks list.
Related Item link is not working in following scenario -
Upload a file that contains “ ' “
in its name, in a document library
Navigate to Workflow Tasks list
Open View Item form (DispForm.aspx ) of Task Created by workflow then click on link in Related Item fields
OUPUT:
Related Item link truncates after “ ' “
Eg.
Original Link: http://<Site URL>/Documents/te'st.txt
Related Item Field: http://<Site URL>/Documents/te
Is this known bug in SharePoint 2013 OR any hotfix available to fix it.

Hi,
As I tested per your description, I can reproduce the issue as well.
From what I have found out, it seems SharePoint resolve single quote into different code in different place. During the test, if I set Task Name to Document Name, single quote will be resolved to ' , if I set some field to Document encoded URL, single
quote will be resolved to %27 . For now, I haven't found out any article talking about this issue.
As workaround, we may find out a way to change the Related Item field. However, it is OOB field in workflow task (SharePoint 2013) content type, and this content type cannot be modified in form.
I'd suggest you add new column to get document url and place in the form in Task content type settings.
Regards,
Rebecca Tu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected]

Single quot problem

Hi friends
Under given code is written in JSP page and passing userid in servlet
document.form1.action="../servlets/myServelt?userid=abc'"Please check abouve line last character is double quout(") and second last character is single quot ( ' ).
my problem is when i pass user id in servlet i got questation mark instead of single quot.
I have to allow single quot in userid due to some reason. so i can't remove single quot.
please help me how can i got single quot instead of questation mark ?
Thanks
virendra

I don't think you are allowed to pass a single quote (apostrophe) over URLs. Web standards limit the characters that are allowed to be used to make room for protocol features.
My guess is that you will need to URLEncode the string:
<% String encodedGoTo = URLEncode("../servlets/myServelt?userid=abc'", "UTF-8"); %>
document.form1.action="<%=encodedGoTo%>";

Single Quote problem with javascript

Hello;
I have a custom popup search page that work very well most times. if the data that I am passing back to me calling page has a single quote in it the popup page fails. Take a look at this URL that is called and you van see why the single quote is causing the problem.
javascript:passBackSearch('413','TOM'S GRILL')

To make it more clear, it should be
javascript:passBackSearch('413',"TOM'S GRILL") Patrick
My APEX Blog: http://inside-apex.blogspot.com
The ApexLib Framework: http://apexlib.sourceforge.net
The APEX Builder Plugin: http://sourceforge.net/projects/apexplugin/

SSAS SSRS Report Action on Cell Value w/ Embedded Single Quote Not Executing

I have configured an SSAS 2008 R2 cube SSRS ReportAction. I'm having problems when the member value for a cell has an embedded single quote, e.g. abc's. The action displays on the context menu appropriately, but when I click on the action, nothing happens.
For member values that do not have the single quote, the action works as designed. I've added a calculated ember to escape the embedded single quote by adding another single quote, e.g. abc''s, with no luck. Is there a resolution or workaround for this?

Hi Mdccuber,
According to your description, you create a reporting action in you cube, and it works fine except the members that have embedded single quote, right? In your scenario, it seems that you pass this value to the report as the parameter.
In SQL Server Analysis Services (SSAS), when pass values to a report, multi-select parameters have to be placed into IN statement and SQL Server Reporting Services (SSRS) will do single-quote wrapping for string values automatically. In this case, the original
value that have embedded single quote will be damaged. So this action not work. You can submit a feedback at
http://connect.microsoft.com/SQLServer/Feedback and hope it is resolved in the next release of service pack or product.
Regards,
Charlie Liao
TechNet Community Support

How can I will declare the symbol u2018 (Single Quote) in the report

Hi ,
Could you please tell me how can I will declare the symbol u2018 (Single Quote) in the report.
My requirement is that I have concate the data with single quote and after that I have to store the data in to an internal table and I have to download the data in the form text file in the presentation server.
For example :
Let the below data I want to download into the presentation serve in the format of text file by storing in internal table.
Assume all are constants:
1st line : abcu2019add
2nd line : defu2019gef
Thanks in advance.

Hi Jyothi,
Thanks for the quick reply .
I can agree with you are point but My requirement is like this I am explaining clearly.
I have declared the internal table like this.
DATA: BEGIN OF OTAB OCCURS 0,
LINE (9024),
END OF OTAB.
So I have to append the each line item into the internal table.
So I am explaining what the data I have to append
Ist line contains
'UNBUNOC:2020308u2019 where 020308 I will get the date from reguh table
2nd line contains:
'DTM+20020510' where the 20020510 will be reference document number from the table reguh.
So I want to declare a constant 'UNBUNOC:2
2nd the date from reguh table
And another constant u2018
So that I can concate all the three and I can put into string and I will append into internal table and I can download the data into the presentation server.
Please let me know if you need any more clarification regarding my requirement.
Thanks in advance.

SSRS Report Returning Double Quote string from a Single Quote String

Hi, I'm getting weird thing in resultset from SSRS report when executed. When I pass parameter to a report, which passes String that has single quote value to a split function , it returns rows with double quote.
For example following string:
'N gage, Wash 'n Curl,Murray's, Don't-B-Bald
Returns:
''N gage, Wash ''n Curl,Murray''s, Don''t-B-Bald
through SSRS report.
Here is the split function Im using in a report.
CREATE Function [dbo].[fnSplit] (
@List varchar(8000),
@Delimiter char(1)
Returns @Temp1 Table (
ItemId int Identity(1, 1) NOT NULL PRIMARY KEY ,
Item varchar(8000) NULL
As
Begin
Declare @item varchar(4000),
@iPos int
Set @Delimiter = ISNULL(@Delimiter, ';' )
Set @List = RTrim(LTrim(@List))
-- check for final delimiter
If Right( @List, 1 ) <> @Delimiter -- append final delimiter
Select @List = @List + @Delimiter -- get position of first element
Select @iPos = Charindex( @Delimiter, @List, 1 )
While @iPos > 0
Begin
-- get item
Select @item = LTrim( RTrim( Substring( @List, 1, @iPos -1 ) ) )
If @@ERROR <> 0 Break -- remove item form list
Select @List = Substring( @List, @iPos + 1, Len(@List) - @iPos + 1 )
If @@ERROR <> 0 Break -- insert item
Insert @Temp1 Values( @item ) If @@ERROR <> 0 Break
-- get position pf next item
Select @iPos = Charindex( @Delimiter, @List, 1 )
If @@ERROR <> 0 Break
End
Return
End
FYI: I'm getting @List value from a table and passing it as a string to split function.
Any help would be appreciated!
ZK

Another user from TSQL forum posted this code which is returning the same resultset but when I execute both codes in SQL server it works and return single quote as expected.
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/8d5c96f5-c498-4f43-b2fb-284b0e83b205/passing-string-which-has-single-quote-rowvalue-to-a-function-returns-double-quoate?forum=transactsql
CREATE FUNCTION dbo.splitter(@string VARCHAR(MAX), @delim CHAR(1))
RETURNS @result TABLE (id INT IDENTITY, value VARCHAR(MAX))
AS
BEGIN
WHILE CHARINDEX(@delim,@string) > 0
BEGIN
INSERT INTO @result (value) VALUES (LEFT(@string,CHARINDEX(@delim,@string)-1))
SET @string = RIGHT(@string,LEN(@string)-CHARINDEX(@delim,@string))
END
INSERT INTO @result (value) VALUES (@string)
RETURN
END
GO
ZK

Report parameter field value has a single quote. need to escape before pass

Report has a parameter whose value might have a single quote in it. If I pass that value directly into the SQL Command... like
where ... user_name = {?parm_user_name}...
which would translate to
user_name='O'Donnel Honda'
I am getting an error... so would like to convert this parameter value into 'O''Donnel Honda' before passing into the query.
I created a formula called parse_user_name with following:
Replace ({?parm_user_name}, "'", "''")
And used in the query like
where ... user_name = {@parse_user_name}...
I am getting an error like invalid SQL92 character...

I think you should use the condition like this
where ... user_name = '{?parm_user_name}'
keep the parameter in single quote at the command level itself.
Now use the same formula like
replace({?Parameter},"'","''")
This works only if the parameter is a single value parameter but not multi value parameter.
Regards,
Raghavendra

Can we have a Single quote in the tooltip text?

Hi,
We have some tooltips for the presentation columns which contains a single quote.
When I try to view the tooltip from answers the single quote is being replaced by double quotes.
I tried to use all sorts of escape characters for single quote, like "\'" and ''' and "'" but that didn't work.
Is there any way to do this.
Thanks!!
Vasantha.P

As I said in my earlier post, I am looking for the tooltips for the Presentation tables and columns. The tooltips for these were extracted from the RPD using the externalize Strings option and these externalized strings are stored in the database.
So I am escaping the single using a single quote both in rpd and in the database.
Example text I have used both in the rpd and database is something like "Shipment's start time". I tried with "Shipment''s start time", " Shipment'''s start time", but it didn't work.
Thanks!!
Vasantha.P

Adding a single quote in the flash chart legend

Hi all,
I am using a following code to create a line chart.
SELECT null link
,TO_CHAR(monat, 'MON-YY')
,ROUND(No_of_hits/1000) "No of Clicks(''000)"
FROM
SELECT DISTINCT TRUNC(ref_month,'MONTH') monat
,SUM(no_of_hits) OVER (ORDER BY TRUNC(ref_month,'MONTH') RANGE BETWEEN UNBOUNDED PRECEDING AND CURRENT ROW) No_of_hits
FROM goodnews_hits
WHERE ref_month BETWEEN :p77_DATE_startline
AND :p77_DATE_endline
ORDER BY monat;
I get the following legend in the top region of the chart
No Of Stories
No of Clicks(''000)
I need the No of Clicks to be displayed as
No of Clicks('000)
i.e.
Only one single quote before 000
Could you please tell me , how this can be achieved?
Thanks,
Archana

As I said in my earlier post, I am looking for the tooltips for the Presentation tables and columns. The tooltips for these were extracted from the RPD using the externalize Strings option and these externalized strings are stored in the database.
So I am escaping the single using a single quote both in rpd and in the database.
Example text I have used both in the rpd and database is something like "Shipment's start time". I tried with "Shipment''s start time", " Shipment'''s start time", but it didn't work.
Thanks!!
Vasantha.P

How to escape a single quote in a find mode view

Hello,
I'm working with JDeveloper 10g.
I've defined a view that is used in "find mode" in a JSP.
When a value with a single quote is inserted in a field of the search form, an exception is thrown:
JBO-27122: SQL error during statement preparation.
ORA-00907: missing right parenthesis.
The problem is that the "single quote" is not being escaped:
WHERE STREET LIKE 'ABAT ESCARRE, DE L'A'
How could I force the view to escape the "single quote"?
Thanks

Arrest the single quote by calling a javascript method.
This might help you
Re: af:clientListener javascript function call question
http://download.oracle.com/docs/cd/E12839_01/apirefs.1111/e12419/tagdoc/af_clientListener.html
Edited by: Srinidhi on Mar 23, 2011 3:46 PM

Single quote in url

Similar Messages

Maybe you are looking for