Go Directly To
Oracle Technology Network Community
My Oracle Support Community
OPN Cloud Connection
Oracle Employee Community
Oracle User Group Community
OTN Speaker Bureau
Get Started Guide
Join the world’s largest interactive community dedicated to Oracle technologies.
Learn from thousands of community experts
Get answers to your technical questions
Share your knowledge with peers
Please enter a title.
You can not post a blank message. Please type your message and try again.
Database Application Development
This discussion is archived
on Nov 26, 2012 9:17 AM by Mkirtley-Oracle
encoding using UTL_I18N.ESCAPE_REFERENCE
Nov 23, 2012 6:43 AM
I am facing a problem with UTL_I18N.ESCAPE_REFERENCE.
In my project to protect against xml injection problem the data entered by the user is being encoded and passed to database.
for any special characters received as input, the application encodes this data
eg if the user enters encoded
And so on.
I can use the UTL_I18N.UNESCAPE_REFERENCE function and get the exact string entered by user.
Select UTL_I18N.UNESCAPE_REFERENCE('<>') x from dual;
But when i use the UTL_I18N.ESCAPE_REFERENCE function to encode the above output it gives me some other string
Select UTL_I18N.ESCAPE_REFERENCE('<>') x from dual;
Can someone please help me get the string to encoded to original i.e '<>'.
My findings on this has been that the characters are encoded as entities but what i am looking for is propably hex rendering of it. Please refer to the below link
I observe the site is protecting against xml injection as is converting some text. So the post might not look correct. ESCAPE_REFERENCE returns the values in the entity column but i expect the value in the hex column (refer the link please).
Thanks in advance
Edited by: user11209150 on Nov 22, 2012 10:33 PM
I have the same question
Show 0 Likes
This content has been marked as final.
Show 1 reply
Re: encoding using UTL_I18N.ESCAPE_REFERENCE
Nov 26, 2012 9:17 AM
in response to
This forum is for problems using the SQL*Developer tool.
If you are not using SQL*Developer then it would be better to ask this question in the PL/SQL forum -
SQL and PL/SQL