delete data from db with spaces in jsp

Question

I am unable to delete data, from DB(MySql), with spaces for example:
"blabla blabla" or " blabla", but data without spaces deleting: "blablabla"

Here is how I get value in JSP:

<a href=deleteData?id=<%= rs.getString(1)></a>

and the deleteData - servlet

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;

@WebServlet("/deleteData")
public class deleteData extends HttpServlet {

protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    String value = request.getParameter("id");


    try {
        Class.forName("com.mysql.jdbc.Driver");
        Connection conn = DriverManager.getConnection("jdbc:mysql://localhost:3306/evernoteDB",
                "evernoteDB", "0633739768z");


        Statement st = conn.createStatement();

        st.executeUpdate("DELETE FROM note WHERE noteName='" + value  + "'");

        response.sendRedirect("/userNotes.jsp");

        conn.close();
    } catch (Exception e) {
        e.printStackTrace();
    }
}

} I think the problem is in - getString function, but on oracle website it is mentioned that this function is getting all the rows, I am disappointed

Answer 1

You are redirecting in your href and the spaces in the URL are translated to %20 that's why when you pass "blabla blabla" your delete is not matching results. You should sanitize your value.

Uggly fast way:

Replace %20 for an empty string

Right way:Java: How to unescape HTML character entities in Java?