[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Field names?
Sender: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Hi Dave,
> I took the weekend off and was busy with other duties yesterday and am now
> revisiting my project with HTTPAPI. I've read your comments from your
> Friday message several times but I don't understand what you mean when you
> say "Are you escaping the contents of the employee number and/or password
> properly?" What is escaping? Is this putting delimeters or tags around
> the data to identify it? Can this be determined from the HTML source?
It's how the data is encoded. For example, if you have a variable called
"test" that contains the string "The quick brown fox" it should be encoded
as:
test=The+quick+brown+fox
If you have more than one variable, they need to be encoded with:
test1=The+quick+brown+fox&test2=jumped+over+the+lazy+dog
This type of encoding is referred to as "URL Encoded" data.
Obviously, in the example above, all of the spaces in the string have been
converted to plus symbols. That's easy enough to do in RPG with the
%xlate() BIF. But, now how could you include a plus sign if you wanted
to? Or what about an equal sign or ampersand, since they're used to
separate variables...
Here's a list of all of the special characters (to the best of my
knowledge) that need to be properly escaped:
/ = must be encoded because it's used to separate components of a URL
< = starts an HTML tag
> = ends an HTML tag
& = separates variables in a URL encoded list
? = separates variables in list from the path to the script
+ = must be encoded so that + can be used for spaces
% = starts a hex-octet
= = the equal sign must be encoded when it's part of a value
@ = Encoded because some URL's use it to separate a userid from the
hostname.
" = quotes are encoded so that the value can appear in a value=
HTML attribute
' = single quotes as well as double quotes
` = another type of single quote
, = Not sure why, but commas are encoded
$ = Not sure why, but dollar sign is encoded
# = separates an anchor reference from a URL
\ = used for escaping in many programming languages
[] = not sure why, but brackets are encoded
{} = not sure why, but braces are encoded
^ = not sure why, but carets are encoded
| = not sure why, but pipes are encoded
To encode any of these values, what you do is specify a % followed by a
2-digit hex number. This corresponds to the ASCII code for the given
character.
For example, the / character is ASCII x'2F' so you include it in your
string as %2F
For example, if you had a variable called "file" that needed to contain
the string "/qdls/customers/usarmy/test file.csv" you'd encode it as:
file=%2fqdls%2fcustomers%2fusarmy%2ftest+file.csv
In version 1.10 of HTTPAPI, there are routines that will do this for you.
In those routines, you code:
/free
Enc = http_url_encoder_new();
http_url_encoder_addvar_s( Enc
: 'file'
: '/qdls/customers/usarmy/test file.csv');
http_url_encoder_addvar_s( Enc: 'MyVar': 'Something else to send.');
http_url_encoder_getptr(Enc: ptr: size);
http_url_post( 'http://foo.com/bar/whatever/script.asp'
: ptr
: size
: '/tmp/response.txt' );
http_url_encoder_free(Enc);
/end-free
That saves you having to write routines to manually encode the data...
HTTPAPI 1.10 will also have XML parsing capabilities with the help of the
open-source Expat XML parser. This'll be really nice for working with web
services.
I'm both very excited about the new HTTPAPI, and very apprehensive ;)
There are so many major changes, that I'm really worried that it'll
introduce a lot of bugs.
But, in the long run, it'll be worth it!
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubsribe from the list send mail
to majordomo@xxxxxxxxxxxxx with the body: unsubscribe ftpapi mymailaddr
-----------------------------------------------------------------------