I am trying to figure out how to pass multiple parameters in a URL. I want to pass latitude and longitude from my android class to a java servlet. How can I do that?

URL url;
double lat=touchedPoint.getLatitudeE6() / 1E6;
double lon=touchedPoint.getLongitudeE6() / 1E6;
url = new URL(""+lat+lon);

In this case output (written to file) is 28.53438677.472097. This is working but I want to pass latitude and longitude in two separate parameters so that my work at server side is reduced. If it is not possible how can I at least add a space between lat & lon so that I can use tokenizer class to get my latitude and longitude. I tried following line but to no avail.

 url = new URL(""+lat+" "+lon);
output- Nothing is written to file url = new URL(""+lat+"&?param2="+lon);
output- 28.534386 (Only Latitude) url = new URL(""+lat+"?param2="+lon);
output- 28.532577?param2=77.502996

My servlet code is as follows:

req.setCharacterEncoding("UTF-8");
resp.setCharacterEncoding("UTF-8");
final String par1 = req.getParameter("param1");
final String par2 = req.getParameter("param2");
FileWriter fstream = new FileWriter("C:\\Users\\Hitchhiker\\Desktop\\out2.txt");
BufferedWriter out = new BufferedWriter(fstream);
out.write(par1);
out.append(par2);
out.close();

Also I wanted to the know is this the most safe and secured way to pass the data from android device to server.

1

3 Answers

This

url = new URL(""+lat+"&param2="+lon);

must work. For whatever strange reason¹, you need ? before the first parameter and & before the following ones.

Using a compound parameter like

url = new URL(""+lat+"_"+lon);

would work, too, but is surely not nice. You can't use a space there as it's prohibited in an URL, but you could encode it as %20 or + (but this is even worse style).

---

^{1 Stating that ? separates the path and the parameters and that & separates parameters from each other does not explain anything about the reason. Some RFC says "use ? there and & there", but I can't see why they didn't choose the same character.}

6

I do not know much about Java but URL query arguments should be separated by "&", not "?"

is good place for reference using "sub-delim" as keyword. is another good source.

You can pass multiple parameters as "?param1=value1&param2=value2"

But it's not secure. It's vulnerable to Cross Site Scripting (XSS) Attack.

Your parameter can be simply replaced with a script.

Have a look at this article and article

You can make it secure by using API of StringEscapeUtils

static String escapeHtml(String str) Escapes the characters in a String using HTML entities.

Even using https url for security without above precautions is not a good practice.

Have a look at related SE question:

Is URLEncoder.encode(string, "UTF-8") a poor validation?

2

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password Submit

Post as a guest

Post Your Answer Discard

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy