I have a JSP page with some text boxes. The user fills out the form, clicks the Apply button, the inputs get saved to an Oracle 10.g database. The form can be viewed again and the text boxes are populated with the saved data so the entries can be edited and re-saved.

When reading in from an inputText text box on my JSP page, Oracle stores the < character as &lt;

This means that when the text is retrieved from the database and printed as the value in a JSP inputText box, it is rendered as &lt; instead of <.

The same thing happens with > which gets stored as &gt; but only if one or more < characters are included in the same input text box, otherwise it gets stored in oracle as > and there is no problem retrieving it. No other characters like & or the copyright symbol get converted to their HTML entities, it is just < and >.

Is there a way to stop < and > being converted to their HTML entities when they are saved to the database? When retrieving and displaying, writing a function to examine a string and replace any instances of &lt; with < is not an option because if the string "&lt;" is entered by the user in the text box, I'll want &lt; to be displayed, not <.

Thanks!

Have you tried outputting the value in your servlet to see what it is receiving? Form values are submitted as they are; the job of encoding and decoding is automatically performed by your browser unless you are manually submitting the form using Javascript.

Also AFAIK, no database performs automatic conversion to HTML entities. Are you using any external libraries in your project? Anyways, printing the values submitted in a servlet would help us in coming one step closer to the solution.

You're right, it's not happening at the database.

The values from the form fields are of type HtmlInputText, and the conversion from < to &lt; is happening as soon as the form is submitted.

I have some validators on the form, and if one of them fails, all <'s currently in the form text boxes are replaced by &lt;'s when the form is re-displayed for the user to fix the inputs that failed validation.

I know there is an escapeXml="false" attribute you can use for HtmlOutputText, but I can't find anything to stop < being converted to &lt; when using HtmlInputText.

Any ideas?

I would be assuming that you are using JSF as your UI framework here along with JSP as presentation technology. Even if you are not; the below discussion should be applicable to your problem more or less.

You have an 'escape' attribute for the HtmlOuputText since it's a display only entity and you might want to have complete control over how the data is presented to the client without manually doing the conversion every single time. HtmlInputText doesn't have an 'escape' attribute; actually it shouldn't have an escapeXml attribute since the data entered by the client should reach *as it is* to the server.

That being said, the only problematic area I see is the validation code which automatically converts all the < and > to their HTML Entities. It must be that even when the validation succeeds, the user input is still getting processed and converted to a String having HTML entities in place of < and >.

It might be a good idea to clearly explain your problem than to let the ones helping you out do all the guesswork. You bring up terms like HtmlInputText and validators as if they are commonplace here which isn't the case since they are not part of plain vanilla JSP API. Post the relevant code if you still encounter problems and don't forget to enclose the code in code tags; read the forum announcements regarding that.

This article has been dead for over six months. Start a new discussion instead.