ServletRequest Get getparameter and filter cannot get parameter in request requests

Source: Internet
Author: User

A colleague uses the filter in my last article to filter every request, and then filters the values for dangerous tendencies based on the parameter in the request, but something magical happens.

The order in which the system is called is:

Submit Form →filter (Section1) →controller→filter (section2) → page render accordingly.

The main request in Fsection2 is to get the page Uiroot component, which is not related to this process. The problem that is encountered is expressed in the filter method in Section1:

        /**
	 * Overrides the GetParameter method, making both the parameter name and the parameter values XSS & SQL filtering.
	 * If you need to get the original value, get the * Getparameternames by Super.getparametervalues (name)
	 , Getparametervalues and Getparametermap may also need to overwrite
	 *
	/@Override public
	string GetParameter (string name) {
		String value = Super.getparameter (Xssencode (name));
		if (value = null) {
			value = Xssencode (value);
		}
		return value;
	}

Regardless of the experiment, all the parameters of the page have not appeared in the GetParameter method at all, a parameter can not be obtained, the value of the parameter can not be taken. After painful troubleshooting, the reason is that the two systems submitted form methods differ, and then found that the form enctype settings are different.

My system enctype does not have any settings, also is the default value x-www-form-urlencoded. His system is set to: Multipart/form-data.



In the syntax of the form element, Enctype indicates that the format for submitting data uses the Enctype property to specify the type of encoding the browser will use when sending data back to the server.


application/x-www-form-urlencoded: The form data is encoded as a name/value pair. This is the standard encoding format.
Second, Multipart/form-data: The form data is encoded as a message, and each control on the page corresponds to a part of the message.
Text/plain: The form data is encoded in plain text, with no controls or formatting characters.

There are two common types of enctype properties for form: Application/x-www-form-urlencoded and Multipart/form-data, which are application/x-www-form-urlencoded by default.
When action is get, the browser uses x-www-form-urlencoded encoding to convert the form data into a string (Name1=value1&name2=value2 ... ), and then append the string to the URL, using the. Split, to load the new URL.
When the action is post, the browser encapsulates the form data into the HTTP body and then sends it to the server.
If you don't have a type=file control, you can use the default application/x-www-form-urlencoded. If you have type=file, you will need to use Multipart/form-data. The browser splits the entire form into units of controls and adds Content-disposition (form-data or file) to each section, Content-type (default = Text/plain), name (control name), and so on. and add the separator (boundary).



Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.