[Esapi-user] escape some symbols to encode?

Jim Manico jim.manico at owasp.org
Fri Jul 1 03:33:27 EDT 2011


encodeForURL is to be used when encoding an individual GET parameter, like:

<a href="/my/site.php?userName=<%= ESAPI.encoder().encodeForURL( name) %>">User Search Results</a>

- Jim

> hi 
> 
> I am Ashish Gautam from NIC Delhi, India
> 
> I am using
> ESAPI.encoder().encodeForURL("Welcome/NicNet/NiC/CiRt/AdmINistRatOr"). i
> want to escape some symbols to encode, these symbols are / and ?.
> 
> it is possible or not if yes then how
> 
> 
> and 
> 
> can i write a code like this
> 
>  response.sendRedirect(ESAPI.encoder().encodeForURL("Welcome/NicNet/NiC/CiRt/AdmINistRatOr"));
> String querystringnew =ESAPI.encoder().encodeForSQL(mysql, "SELECT
> empcode FROM emailuser WHERE emailid = ?");
> 
>  
> 
> -- 
> Best regards,
> Ashish K. Gautam 
> 



More information about the Esapi-user mailing list