StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
2148829
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
11
CommunityOwnedDate
CreationDate
2010-01-27T17:07:01.080
FavoriteCount
0
LastActivityDate
2010-01-27T17:16:24.383
LastEditDate
2010-01-27T17:16:24.383
LastEditorUserId
157882
OwnerUserId
157882
ParentId
2148799
PostTypeId
2
Score
18
ViewCount
0
LastEditorDisplayName
text
Body
I presume that you're using JSP. Just escape during display only. There for the <a href="http://java.sun.com/products/jsp/jstl/1.1/docs/tlddocs/" rel="noreferrer">JSTL</a> <a href="http://java.sun.com/products/jsp/jstl/1.1/docs/tlddocs/c/out.html" rel="noreferrer"><code><c:out></code></a> tag is perfectly suitable. It escapes HTML entities by default. Use it to display every user-controlled input, such as request URL, request headers and request parameters. E.g. <pre><code><input type="text" name="foo" value="<c:out value="${param.foo}" />"> </code></pre> Escaping during input is not needed. <a href="http://ha.ckers.org/xss.html" rel="noreferrer">XSS</a> doesn't harm in raw Java code nor in SQL databases. On the other hand, you would also rather save data unmodified in DB so that you can still see what the user actually entered, so that you can if necessary do social actions on mailicious users. If you'd like to know what to escape during input, it would be <a href="http://unixwiz.net/techtips/sql-injection.html" rel="noreferrer">SQL injection</a>. In such case just use <a href="http://java.sun.com/docs/books/tutorial/jdbc/basics/prepared.html" rel="noreferrer"><code>PreparedStatement</code></a> instead of regular <code>Statement</code> whenever you want to save any user-controlled input in the database. E.g. <pre><code>create = connection.prepareStatement("INSERT INTO user (username, password) VALUES (?, MD5(?))"); create.setString(1, username); create.setString(2, password); create.executeUpdate(); </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POEscaping html in Java
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USBalusC
UserOwnerUserId
1. USBalusC
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POEscaping html in Java
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
CommentsPostId

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.