UTL_URL : Escape and unescape strings in URLs
The UTL_URL package was introduced in Oracle 12.2 to help escape and unescape strings in URLs.
oracle 12cconfigurationintermediate
by OracleDba
12 views
📋Steps in this guide1/2
1
Escape
In its simplest form the function escapes all illegal characters the %XX format. In this example we encrypt a URL, converting a whitespace into a "%20".
Setting the parameter to TRUE will escape reserved characters, as well as illegal characters. Notice how the ":" and "/" characters are also escaped in this example.
In some situations it may be sensible to escape only the parameter values. In this example we use a URL with parameters, and set simple parameter values. Escaping the whole URL works fine.
This time we make the second parameter value more complex, including "&", which is a reserved character. This time the output is not correct and the "&" in the second parameter should be escaped.
We don't want to escape all reserved characters, so we need to escape the parameter values separately to get the correct result.
Code/Command (click line numbers to comment):
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
set serveroutput on define off
begin
dbms_output.put_line(utl_url.escape(url => '
http://oracle-base.com/my page.html
'));
end;
/
http://oracle-base.com/my
%20
page.html
PL/SQL procedure successfully completed.
SQL>
begin
dbms_output.put_line(utl_url.escape(
url => 'http://oracle-base.com/my page.html',
escape_reserved_chars => true
));
end;
/
http%3A%2F%2Foracle-base.com%2Fmy%20page.html
PL/SQL procedure successfully completed.
SQL>
declare
l_param1 varchar2(10) := 'yes';
l_param2 varchar2(10) := 'no';
l_url varchar2(255);
begin
l_url := 'http://oracle-base.com/my-service?param1=' || l_param1 || '¶m2=' || l_param2;
dbms_output.put_line(utl_url.escape(url => l_url));
end;
/
http://oracle-base.com/my-service?param1=yes¶m2=no
PL/SQL procedure successfully completed.
SQL>
declare
l_param1 varchar2(10) := 'yes';
l_param2 varchar2(10) := 'yes&no';
l_url varchar2(255);
begin
l_url := 'http://oracle-base.com/my-service?param1=' || l_param1 || '¶m2=' || l_param2;
dbms_output.put_line(utl_url.escape(url => l_url));
end;
/
http://oracle-base.com/my-service?param1=yes¶m2=
yes&no
PL/SQL procedure successfully completed.
SQL>
declare
l_param1 varchar2(10) := 'yes';
l_param2 varchar2(10) := 'yes&no';
l_url varchar2(255);
begin
l_url := 'http://oracle-base.com/my-service?param1=' ||
utl_url.escape(l_param1, true) ||
'¶m2=' || utl_url.escape(l_param2, true);
dbms_output.put_line(l_url);
end;
/
http://oracle-base.com/my-service?param1=yes¶m2=
yes%26no
PL/SQL procedure successfully completed.
SQL>2
Unescape
The function does the reverse of the function. In this example we unescape all the URLs we previously escaped.
In a real situation, you would probably have a call into your code containing escaped parameter values, which you subsequently unescape.
For more information see:
- UTL_URL
Hope this helps. Regards Tim...
Code/Command (click line numbers to comment):
123456789101112131415161718192021222324252627282930313233
begin
dbms_output.put_line(utl_url.unescape('http://oracle-base.com/my%20page.html'));
dbms_output.put_line(utl_url.unescape('http%3A%2F%2Foracle-base.com%2Fmy%20page.html'));
dbms_output.put_line(utl_url.unescape('http://oracle-base.com/my-service?param1=yes¶m2=no'));
dbms_output.put_line(utl_url.unescape('http://oracle-base.com/my-service?param1=yes¶m2=yes&no'));
dbms_output.put_line(utl_url.unescape('http://oracle-base.com/my-service?param1=yes¶m2=yes%26no'));
end;
/
http://oracle-base.com/my page.html
http://oracle-base.com/my page.html
http://oracle-base.com/my-service?param1=yes¶m2=no
http://oracle-base.com/my-service?param1=yes¶m2=yes&no
http://oracle-base.com/my-service?param1=yes¶m2=yes&no
PL/SQL procedure successfully completed.
SQL>
create or replace procedure my_proc (
p_param1 IN VARCHAR2,
p_param2 IN VARCHAR2
)
as
l_param1 varchar2(32767);
l_param2 varchar2(32767);
begin
l_param1 := utl_url.unescape(p_param1);
l_param2 := utl_url.unescape(p_param2);
-- Do something with the parameter values.
end;
/Comments (0)
Please to add comments
No comments yet. Be the first to comment!