Conflict between url encoding and % in SQL

Source: Internet
Author: User
When a parameter is passed in the url, if the parameter contains the three characters "% 20", the receiving webpage will receive a space which is no longer % 20.
Because the space in the url encoding is encoded as % 20
But what if I want to pass % 20 when I use a url to pass an SQL statement?
Finally solved this problem.
When I pass a parameter, % is not written as % but as % 25, so that the % passed will not be escaped.

Special characters have special meanings when used in URLs or XML documents. Therefore, you must encode the characters to make them take effect.

In the query executed by a special character in a URL, the special character is specified as % xx, where xx is the hexadecimal value of the character. The following table lists these special characters and describes their meanings. For more information, see RFC1738 specification in the http://www.faqs.org/rfcs/rfc1738.html.

Special characters


Special Meaning

Hexadecimal value

+

It indicates space (space is not allowed in the URL ).

% 2B

/

Separate directories and subdirectories.

% 2F

?

Separate the actual URLs and parameters.

% 3F

%

Specify special characters.

% 25

#

Indicates bookmarks.

% 23

&

The delimiter between the parameters specified in the URL.

% 26

For example, evaluate the following query:
SELECT * FROM Employees WHERE EmployeeID =?
Because? The character has a special meaning in the URL (separating the URL and passing parameters). Therefore, when this query is specified in the URL, the character is encoded as % 3F.
The following URL executes the query. This parameter value is passed in the URL. For more information about using HTTP to execute SQL statements, see using HTTP to execute SQL statements.
Http: // IISServer/nwind? SQL = SELECT * FROM Employees WHERE EmployeeID = % 3F FOR XML AUTO & root = root & EmployeeID = 1
The browser will? All the special characters (for example, + characters) on the right are escaped (that is, convert? + Characters on the Right To % 20 ).

Special characters in XML
> And <are XML markup characters, which have special meanings in XML. When specifying these characters in SQL queries (or XPath queries), they must be properly encoded (also known as entity encoding ). The following table lists these special characters and describes their meanings. For more information, see the XML 1.0 specification in the XML 1.0 specification.

Special characters

Special Meaning

Entity Encoding

>

Start tag.

& Gt;

<

End tag.

& Lt;

"

Quotation marks.

& Quot;

'

Marker.

& Apos;

&

.

& Amp;

For example, evaluate the following query:
Select top 2 * FROM [Order Details] WHERE UnitPrice <10 FOR XML AUTO
Because the <character has a special meaning in XML, it must be encoded as & gt; when this query is specified in a template (an XML document ;. The template containing the query is as follows: <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL">
<SQL: query>
SELECT top 2 * FROM [Order Details] WHERE UnitPrice & lt; 10
FOR XML AUTO
</SQL: query>
</ROOT>
In URL encoding, you may need to specify both URL encoding and object encoding. For example, you can specify the following template (instead of the file name) in the URL: <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL">
<SQL: query>
SELECT top 2 * FROM [Order Details] WHERE UnitPrice & lt; 10
FOR XML AUTO
</SQL: query>
</ROOT>
In this example, the & characters in the <flag character specified) entity Encoding & lt; have special meanings in the URL and need to be further encoded. The & character must be encoded as % 26, otherwise it will be considered as a parameter Separator in the URL. The URL is specified:

Http: // IISServer/nwind? Template = <ROOT xmlns: SQL = "urn: schemas-microsoft-com: xml-SQL"> <SQL: query> select top 2 * FROM [Order Details] WHERE UnitPrice % 26lt; 10 for xml auto </SQL: query> </ROOT>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.