Database Reference
In-Depth Information
print
(
'<a href="
%s
">
%s
</a><br />'
%
(
url
,
label
))
cursor
.
close
()
The first argument to
cgi.escape()
is the string to be HTML-encoded. By default, this
function converts
<
,
>
, and
&
characters to their corresponding HTML entities. To tell
cgi.escape()
to also convert double quotes to the
"
entity, pass a second argu‐
ment of
1
, as shown in the example. This is especially important if you're encoding values
to be placed within a double-quoted tag attribute.
Java.
The
<c:out>
JSTL tag automatically performs HTML-encoding for JSP pages.
(Strictly speaking, it performs XML-encoding, but the set of characters affected is
<
,
>
,
&
,
"
, and
'
, which includes all those needed for HTML-encoding.) By using
<c:out>
to
display text in a web page, you need not think about converting special characters to
HTML entities. If for some reason you want to suppress encoding, invoke
<c:out>
with
an
encodeXML
attribute value of
false
:
<c:out
value=
"
value to display
" encodeXML="false"/>
To URL-encode parameters for inclusion in a URL, use the
<c:url>
tag. Specify the
URL string in the tag's
value
attribute, and include any parameter values and names in
<c:param>
tags in the body of the
<c:url>
tag. A parameter value can be given either
in the
value
attribute of a
<c:param>
tag or in its body. Here's an example that shows
both uses:
<c:url
var=
"urlStr"
value=
"myscript.jsp"
>
<c:param
name=
"id"
value =
"47"
/>
<c:param
name=
"color"
>
sky blue
</c:param>
</c:url>
This URL-encodes the values of the
id
and
color
parameters and adds them to the end
of the URL. The result is placed in an object named
urlStr
, which you can display as
follows:
<c:out
value=
"${urlStr}"
/>
The
<c:url>
tag does not encode special characters such as spaces in
the string supplied in its
value
attribute. You must encode them
yourself, so it's probably best to avoid creating pages with spaces in
their names.
To display entries from the
phrase
table, use the
<c:out>
and
<c:url>
tags as follows:
<sql:query
dataSource=
"${conn}"
var=
"rs"
>
SELECT phrase_val FROM phrase ORDER BY phrase_val
</sql:query>
<c:forEach
items=
"${rs.rows}"
var=
"row"
>
<%-
-
URL
-
encode
the
phrase
value
for
use
in
the
URL
--
%>