Before I even attempt doing anything in this direction, is it possible to enter a string and get it represented in ascii? I am reading an article about XSS and SQL injections part of a course that I am taking now, and some of the tips are that people in this area should have scripts that do both way translation but I haven't used any scripts at all, so I wonder if it would be possible to do in java as well?

Recommended Answers

All 3 Replies

this might answer some of those questions.

I'm not exactly sure what you mean by converting it into ascii. Ascii is just a way to assign characters values, and java already represents normal strings in ascii. If you want to get the value, you cast it (as mentioned above). I guess you can convert the value into a base 10 representation of the number in a string and save it (ie, 'A' -> 65 -> "65") to try to prevent SQLi/XSS.

One of my favourite methods of preventing SQLi would be using Ascii85 though. Using this, you basically re-encode the data using SQL/XSS safe characters (and it has the advantage that it does not need escaping, and it does not need sanitizing). It's also usefull for encoding any binary data as characters (though, not as popular as base64).

Thanks guys for answering :)
@Hiroshe, I am not trying to prevent SQLI/XSS but to simulate it, we have some vulnerable servers but they have some filtering, so using base 10 or Hx would be one of the solutions. I'll try to get some code running on this thanks

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.