Results 1 to 5 of 5

Thread: Char and String functionality

  1. #1
    Join Date
    Mar 2004

    Char and String functionality

    I have a set of characters I want to escape in an http request so that I can make a web site more secure.

    I will be iterating through all the fields on the form and I want to compare each character in each request parameter to a string of known problem characters such as "%&<>" etc. I will then want to escape them by adding a "\" in front of it so they are taken as literals.

    I am writing both the parameter value (form field value) and the string of bad characters to char[]s and I am comparing each element in these arrays to each other in nested for loops.

    * I want to ultimately have a new string, that I can post back to the request, that will have "\" in front of all the invalid characters. *

    My questions are...

    1) I can't replace a char[] element with more than 1 character. So I can't, say, replace a "%" with a "\%" directly inside the char[] array. What is the best way to build the new string outside of updating the array?

    Instead of placing a "\" in front I may just strip out the invalid characters altogether.
    2) How do I write an empty value, say "", to a char[] element so I can replace "%" with nothing say?

    3) How do I write out the contents of a char[] to a string in general?

    I am willing to give up using char[] altogether if it will help reach the goal.

    I am sort of new to Java so I don't know all the functions at my disposal and do not have enough time to go through everything. I know this was a bit long. Thanks for reading it.

  2. #2
    Join Date
    Dec 2004

    Regular Expression parsing is much more flexible

    ---> It seems that most of what you are trying to accomplish can be achieved with regular expression parsing. I don't know the exact details of your app, however the String class has many overloaded constructors, one which takes a char[].

    --->It is always easier to manipulate a java object as compared to primitive types. Strings are highly flexible, however do take a lot of overhead to use. If it some small task, using Strings is what I would recommend. You can easily covert back and forth between String and char[].

    --->As for char replacement, that could be achieved with regular expression parsing or simple String methods.

    Hope this helps!

  3. #3
    Join Date
    Mar 2004
    Thanks for the response. Unfortunately I am using Java 1.3.1 and regex was introduced in 1.4. I initially started out looking to use regular expressions but was thwarted by this version issue.

  4. #4
    Join Date
    Dec 2004
    Your welcome.

    That's too bad. Regex package is quite powerful. String objects are still quite useful due to the ease of conversion between char[] and String.

    Good luck.

  5. #5
    Join Date
    Nov 2003
    Jerryville, Tejas
    Parse/copy the content of the char[] into a StringBuffer then toString() that if String is a required ouput type. Using a StringBuffer instead of the char[] might get you something else, too.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center