如何在URL中传递多个参数?

时间:2022-07-13 15:16:16

I am trying to figure out how to pass multiple parameters in a URL. I want to pass latitude and longitude from my android class to a java servlet. How can I do that?

我试图弄清楚如何在URL中传递多个参数。我想将我的android类的纬度和经度传递给java servlet。我怎样才能做到这一点?

URL url;
double lat=touchedPoint.getLatitudeE6() / 1E6;
double lon=touchedPoint.getLongitudeE6() / 1E6;
url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+lon);

In this case output (written to file) is 28.53438677.472097. This is working but I want to pass latitude and longitude in two separate parameters so that my work at server side is reduced. If it is not possible how can I at least add a space between lat & lon so that I can use tokenizer class to get my latitude and longitude. I tried following line but to no avail.

在这种情况下,输出(写入文件)是28.53438677.472097。这是有效的,但我想在两个单独的参数中传递纬度和经度,以便减少我在服务器端的工作。如果不可能,我怎么能至少在lat和lon之间添加一个空格,以便我可以使用tokenizer类来获取我的纬度和经度。我尝试了以下行,但无济于事。

    url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+" "+lon);
output- Nothing is written to file
        url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"&?param2="+lon);
output- 28.534386 (Only Latitude)
        url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"?param2="+lon);
output- 28.532577?param2=77.502996

My servlet code is as follows:

我的servlet代码如下:

req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
final String par1 =  req.getParameter("param1");
final String par2 = req.getParameter("param2");
FileWriter fstream = new FileWriter("C:\\Users\\Hitchhiker\\Desktop\\out2.txt");
BufferedWriter out = new BufferedWriter(fstream);
out.write(par1);
out.append(par2);
out.close();

Also I wanted to the know is this the most safe and secured way to pass the data from android device to server.

另外我想知道这是将数据从Android设备传递到服务器的最安全和最安全的方式。

3 个解决方案

#1


45  

This

url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"&param2="+lon);

must work. For whatever strange reason1, you need ? before the first parameter and & before the following ones.

必须工作。无论什么奇怪的原因1,你需要吗?在第一个参数之前和之后的&之前。

Using a compound parameter like

使用复合参数

url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"_"+lon);

would work, too, but is surely not nice. You can't use a space there as it's prohibited in an URL, but you could encode it as %20 or + (but this is even worse style).

也会工作,但肯定不好。你不能在那里使用空格,因为它在URL中被禁止,但你可以将其编码为%20或+(但这是更糟糕的风格)。


1 Stating that ? separates the path and the parameters and that & separates parameters from each other does not explain anything about the reason. Some RFC says "use ? there and & there", but I can't see why they didn't choose the same character.

1说明了吗?将路径和参数分开,并且将参数彼此分开并不能解释原因。一些RFC说“使用?那里和那里”,但我不明白为什么他们没有选择相同的角色。

#2


3  

I do not know much about Java but URL query arguments should be separated by "&", not "?"

我对Java知之甚少,但URL查询参数应该用“&”分隔,而不是“?”

http://tools.ietf.org/html/rfc3986 is good place for reference using "sub-delim" as keyword. http://en.wikipedia.org/wiki/Query_string is another good source.

http://tools.ietf.org/html/rfc3986是使用“sub-delim”作为关键字的参考的好地方。 http://en.wikipedia.org/wiki/Query_string是另一个很好的来源。

#3


2  

You can pass multiple parameters as "?param1=value1&param2=value2"

您可以将多个参数传递为“?param1 = value1&param2 = value2”

But it's not secure. It's vulnerable to Cross Site Scripting (XSS) Attack.

但它并不安全。它很容易受到跨站点脚本(XSS)攻击。

Your parameter can be simply replaced with a script.

您的参数可以简单地用脚本替换。

Have a look at this article and article

看看这篇文章和文章

You can make it secure by using API of StringEscapeUtils

您可以使用StringEscapeUtils的API使其安全

static String   escapeHtml(String str) 
          Escapes the characters in a String using HTML entities.

Even using https url for security without above precautions is not a good practice.

即使使用https url来保证安全性而不采取上述预防措施也不是一个好习惯。

Have a look at related SE question:

看看相关的SE问题:

Is URLEncoder.encode(string, "UTF-8") a poor validation?

URLEncoder.encode(字符串,“UTF-8”)验证不好吗?

#1


45  

This

url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"&param2="+lon);

must work. For whatever strange reason1, you need ? before the first parameter and & before the following ones.

必须工作。无论什么奇怪的原因1,你需要吗?在第一个参数之前和之后的&之前。

Using a compound parameter like

使用复合参数

url = new URL("http://10.0.2.2:8080/HelloServlet/PDRS?param1="+lat+"_"+lon);

would work, too, but is surely not nice. You can't use a space there as it's prohibited in an URL, but you could encode it as %20 or + (but this is even worse style).

也会工作,但肯定不好。你不能在那里使用空格,因为它在URL中被禁止,但你可以将其编码为%20或+(但这是更糟糕的风格)。


1 Stating that ? separates the path and the parameters and that & separates parameters from each other does not explain anything about the reason. Some RFC says "use ? there and & there", but I can't see why they didn't choose the same character.

1说明了吗?将路径和参数分开,并且将参数彼此分开并不能解释原因。一些RFC说“使用?那里和那里”,但我不明白为什么他们没有选择相同的角色。

#2


3  

I do not know much about Java but URL query arguments should be separated by "&", not "?"

我对Java知之甚少,但URL查询参数应该用“&”分隔,而不是“?”

http://tools.ietf.org/html/rfc3986 is good place for reference using "sub-delim" as keyword. http://en.wikipedia.org/wiki/Query_string is another good source.

http://tools.ietf.org/html/rfc3986是使用“sub-delim”作为关键字的参考的好地方。 http://en.wikipedia.org/wiki/Query_string是另一个很好的来源。

#3


2  

You can pass multiple parameters as "?param1=value1&param2=value2"

您可以将多个参数传递为“?param1 = value1&param2 = value2”

But it's not secure. It's vulnerable to Cross Site Scripting (XSS) Attack.

但它并不安全。它很容易受到跨站点脚本(XSS)攻击。

Your parameter can be simply replaced with a script.

您的参数可以简单地用脚本替换。

Have a look at this article and article

看看这篇文章和文章

You can make it secure by using API of StringEscapeUtils

您可以使用StringEscapeUtils的API使其安全

static String   escapeHtml(String str) 
          Escapes the characters in a String using HTML entities.

Even using https url for security without above precautions is not a good practice.

即使使用https url来保证安全性而不采取上述预防措施也不是一个好习惯。

Have a look at related SE question:

看看相关的SE问题:

Is URLEncoder.encode(string, "UTF-8") a poor validation?

URLEncoder.encode(字符串,“UTF-8”)验证不好吗?