java servlets : passing url variable values with spaces

Question

I'm building a simple java Servlet which passes categories using a URL variable into another Servlet.

For example, in the following code

ResultSet rs = qw.DBquery("select distinct manufacturer from Products order by manufacturer asc");
try {
    while (rs.next()) {
        table+= "<tr><td><a href=\"getItems?manufacturer="
                + rs.getString("Manufacturer") + "\">"
                + rs.getString("Manufacturer") + "</a></td></tr>\n";
    }
}

its output includes:

Adobe 
Adobe Acrobat 
IBM 
IBM - Workstations

IF I click on one, the link gets to the URL as:

http://localhost/getItems?getItems?manufacturer=Adobe%20Acrobat

However, when I get the manufacturer variable and its value

String manufacturer = request.getParameter( "manufacturer" );
ResultSet rs1 = qw.DBquery("select * from products where Manufacturer like '"
                           + manufacturer + "'");

the query output fails and doesn't produce anything if there are spaces in the value of manufacturer. Any ideas or workarounds on how to convert this back? Do I need to do some kind of urldecode?

thanks in advance

Answer 1

The encoding of space in a URL as %20 is correct, and the web application container takes care of URL decoding.

String manufacturer = request.getParameter( "manufacturer" );

The String manufacturer in your program should therefore contain 'Adobe Acrobat' (with a space). Can you verify that (by logging it to somewhere)?

"select * from products where Manufacturer like '"+ manufacturer + "'"

Also, please use bind variables. Directly interpolating query parameters (without any validation, too!) into SQL leaves you totally open to SQL injection attacks. It is bad for performance, too.

"select * from products where Manufacturer like ? "