how to properly encode ampersands in querystring

Discussion in 'ASP .Net' started by darrel, Jun 13, 2005.

  1. darrel

    darrel Guest

    I am creating a querystring to look like this:

    form_edit.aspx?collectionID=25&confirmationMessage=New+form+entry+saved

    Note that I'm escaping the ampersand.

    However, I can't grab the 'confirmationMessage' querystring unless I do NOT
    encode the ampersand. I assume I'm missing something obvious here. Any
    suggestions?

    -Darrel
     
    darrel, Jun 13, 2005
    #1
    1. Advertising

  2. Are you looking for Server.URLEncode?
    http://www.4guysfromrolla.com/webtech/042601-1.shtml

    Or maybe Server.HTMLEncode and Server.HTMLDecode?
    http://www.devx.com/tips/Tip/13459

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://SteveOrr.net


    "darrel" <> wrote in message
    news:...
    >I am creating a querystring to look like this:
    >
    > form_edit.aspx?collectionID=25&amp;confirmationMessage=New+form+entry+saved
    >
    > Note that I'm escaping the ampersand.
    >
    > However, I can't grab the 'confirmationMessage' querystring unless I do
    > NOT
    > encode the ampersand. I assume I'm missing something obvious here. Any
    > suggestions?
    >
    > -Darrel
    >
    >
     
    Steve C. Orr [MVP, MCSD], Jun 13, 2005
    #2
    1. Advertising

  3. darrel

    darrel Guest

    darrel, Jun 13, 2005
    #3
  4. You could do that. Or, on the receiving page you can get the value off the
    querystring with
    code something like this:


    Dim nvc As NameValueCollection
    nvc=Request.QueryString


    Here's more info:

    http://msdn.microsoft.com/library/d...sSpecializedNameValueCollectionClassTopic.asp

    ---
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net



    "darrel" <> wrote in message
    news:...
    >> Are you looking for Server.URLEncode?
    >> http://www.4guysfromrolla.com/webtech/042601-1.shtml
    >>
    >> Or maybe Server.HTMLEncode and Server.HTMLDecode?
    >> http://www.devx.com/tips/Tip/13459

    >
    > Well, I'm 'encoding' it manually, but yea, maybe I need to unencode it.
    >
    > So, how would I call a querystring in a URL after HTMLDecode?
    >
    > Or would I decode it, then just parse it as a text string?
    >
    > -Darrel
    >
    >
     
    Steve C. Orr [MVP, MCSD], Jun 13, 2005
    #4
  5. darrel

    Guest

    I'm curious why do you need to encode the ampersand? Is it to comply to XHTML
    standards?

    Cheers,
    Tom Pester

    > I am creating a querystring to look like this:
    >
    > form_edit.aspx?collectionID=25&amp;confirmationMessage=New+form+entry+
    > saved
    >
    > Note that I'm escaping the ampersand.
    >
    > However, I can't grab the 'confirmationMessage' querystring unless I
    > do NOT encode the ampersand. I assume I'm missing something obvious
    > here. Any suggestions?
    >
    > -Darrel
    >
     
    , Jun 13, 2005
    #5
  6. I suggest that you put one more ampersand after & because each and every
    value in a query string is separated by ampersand. For example
    index.aspx?a=5&b=10. In your example,
    form_edit.aspx?collectionID=25&amp;&confirmationMessage=New+....

    I hope it helps to encode/decode.

    "darrel" wrote:

    > I am creating a querystring to look like this:
    >
    > form_edit.aspx?collectionID=25&confirmationMessage=New+form+entry+saved
    >
    > Note that I'm escaping the ampersand.
    >
    > However, I can't grab the 'confirmationMessage' querystring unless I do NOT
    > encode the ampersand. I assume I'm missing something obvious here. Any
    > suggestions?
    >
    > -Darrel
    >
    >
    >
     
    =?Utf-8?B?UHJha2FzaC5ORVQ=?=, Jun 14, 2005
    #6
  7. You're using HTML Encoding in a URL. You should use URL Encoding instead:

    form_edit.aspx?collectionID=25%38confirmationMessage=New+form+entry+saved

    OR, you should NOT encode the ampersand at all, if you're trying to send
    multiple parameters:

    form_edit.aspx?collectionID=25&confirmationMessage=New+form+entry+saved

    The ampersand is a standard URL delimiter for parameters in a query string.
    It should never be HTML-Encoded. If you want to send a literal ampersand,
    you should use URL-Encoding, as per my first suggestion.


    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    Ambiguity has a certain quality to it.

    "darrel" <> wrote in message
    news:...
    >I am creating a querystring to look like this:
    >
    > form_edit.aspx?collectionID=25&amp;confirmationMessage=New+form+entry+saved
    >
    > Note that I'm escaping the ampersand.
    >
    > However, I can't grab the 'confirmationMessage' querystring unless I do
    > NOT
    > encode the ampersand. I assume I'm missing something obvious here. Any
    > suggestions?
    >
    > -Darrel
    >
    >
     
    Kevin Spencer, Jun 14, 2005
    #7
  8. darrel

    Oenone Guest

    Kevin Spencer wrote:
    > The ampersand is a standard URL delimiter for parameters in a query
    > string. It should never be HTML-Encoded.


    Unless it's being included within the HTML itself (for example, in an anchor
    tag), in which case it should.

    This is valid XHTML (and works just fine):

    <a href="http://myserver/mypage.aspx?a=1&amp;b=2">Link</a>

    When clicked, the actual URL that will be present in the browser will have a
    plain ampersand between the two parameters, not an encoded ampersand.

    This is not valid (though it also works):


    <a href="http://myserver/mypage.aspx?a=1&b=2">Link</a>

    HTML can be a pain in the backside sometimes.

    --

    (O)enone
     
    Oenone, Jun 14, 2005
    #8
  9. darrel

    darrel Guest

    > I'm curious why do you need to encode the ampersand? Is it to comply to
    XHTML
    > standards?


    I don't *need* too...just trying to get in the habit of doing it.

    -Darrel
     
    darrel, Jun 14, 2005
    #9
  10. darrel

    darrel Guest

    > I suggest that you put one more ampersand after & because each and every
    > value in a query string is separated by ampersand. For example
    > index.aspx?a=5&b=10. In your example,
    > form_edit.aspx?collectionID=25&amp;&confirmationMessage=New+....
    >
    > I hope it helps to encode/decode.


    The problem is that I still have an unencoded ampersand in the URL then.

    -Darrel
     
    darrel, Jun 14, 2005
    #10
  11. darrel

    darrel Guest

    > The ampersand is a standard URL delimiter for parameters in a query
    string.
    > It should never be HTML-Encoded. If you want to send a literal ampersand,
    > you should use URL-Encoding, as per my first suggestion.


    I was under the impression that an amersand in a URL, unenecoded, was
    invalid XHTML.

    http://www.456bereastreet.com/archive/200406/ampersands_and_validation/

    Also, you introduce the problem of accidently creating an unintentional
    entity:

    mypage.aspx?id=2&amplitude=4
    ----

    which can mess up some browsers.

    -Darrel
     
    darrel, Jun 14, 2005
    #11
  12. darrel

    darrel Guest


    > This is valid XHTML (and works just fine):
    >
    > <a href="http://myserver/mypage.aspx?a=1&amp;b=2">Link</a>
    >
    > When clicked, the actual URL that will be present in the browser will have

    a
    > plain ampersand between the two parameters, not an encoded ampersand.


    Ah! Perhaps that's my problem. I'm not creating an href link, but rather,
    I'm using response.redirect

    -Darrel
     
    darrel, Jun 14, 2005
    #12
  13. A URL is not HTML or XHTML. It is a URL. I was speaking in the context of a
    URL, not the HTML document itself. When a URL is inside an HTML document (in
    a link, for example), it needs to be HTML-Encoded. Otherwise not. See
    http://www.gbiv.com/protocols/uri/rfc/rfc3986.html

    --
    HTH,

    Kevin Spencer
    Microsoft MVP
    ..Net Developer
    Ambiguity has a certain quality to it.

    "darrel" <> wrote in message
    news:...
    >> The ampersand is a standard URL delimiter for parameters in a query

    > string.
    >> It should never be HTML-Encoded. If you want to send a literal ampersand,
    >> you should use URL-Encoding, as per my first suggestion.

    >
    > I was under the impression that an amersand in a URL, unenecoded, was
    > invalid XHTML.
    >
    > http://www.456bereastreet.com/archive/200406/ampersands_and_validation/
    >
    > Also, you introduce the problem of accidently creating an unintentional
    > entity:
    >
    > mypage.aspx?id=2&amplitude=4
    > ----
    >
    > which can mess up some browsers.
    >
    > -Darrel
    >
    >
     
    Kevin Spencer, Jun 14, 2005
    #13
  14. darrel

    darrel Guest

    > a link, for example), it needs to be HTML-Encoded. Otherwise not. See
    > http://www.gbiv.com/protocols/uri/rfc/rfc3986.html


    OH! I think this clarifies things. So, if it's a URL in my codebehind (as a
    response.redirect) encoding is rather pointless?

    -Darrel
     
    darrel, Jun 14, 2005
    #14
  15. darrel

    Oenone Guest

    darrel wrote:
    > Ah! Perhaps that's my problem. I'm not creating an href link, but
    > rather, I'm using response.redirect


    Right, in that case, you don't want to encode ampersands when you're using
    them as value separators.

    You'd only encode them in a Response.Redirect if they actually formed part
    of one of the values, as detailed somewhere else on this thread.

    --

    (O) e n o n e
     
    Oenone, Jun 14, 2005
    #15
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Howard, Brett
    Replies:
    1
    Views:
    424
    Prasad
    Jul 12, 2003
  2. johkar
    Replies:
    0
    Views:
    714
    johkar
    Feb 25, 2006
  3. SDM
    Replies:
    2
    Views:
    573
  4. Andy Dingley
    Replies:
    1
    Views:
    364
    Bjoern Hoehrmann
    Jun 10, 2004
  5. Replies:
    4
    Views:
    488
    cwdjrxyz
    Sep 24, 2006
Loading...

Share This Page