1 Reply Latest reply on Nov 26, 2012 9:17 AM by Mkirtley-Oracle

    encoding using UTL_I18N.ESCAPE_REFERENCE

      Hi All,

      I am facing a problem with UTL_I18N.ESCAPE_REFERENCE.
      In my project to protect against xml injection problem the data entered by the user is being encoded and passed to database.

      for any special characters received as input, the application encodes this data
      eg if the user enters encoded
      < '&#x3c;'

      > '&#x3e;'

      And so on.

      I can use the UTL_I18N.UNESCAPE_REFERENCE function and get the exact string entered by user.

      Select UTL_I18N.UNESCAPE_REFERENCE('<>') x from dual;


      But when i use the UTL_I18N.ESCAPE_REFERENCE function to encode the above output it gives me some other string

      Select UTL_I18N.ESCAPE_REFERENCE('<>') x from dual;


      Can someone please help me get the string to encoded to original i.e '<>'.

      My findings on this has been that the characters are encoded as entities but what i am looking for is propably hex rendering of it. Please refer to the below link


      I observe the site is protecting against xml injection as is converting some text. So the post might not look correct. ESCAPE_REFERENCE returns the values in the entity column but i expect the value in the hex column (refer the link please).

      Thanks in advance

      Edited by: user11209150 on Nov 22, 2012 10:33 PM