Querystring related

Discussion in 'ASP General' started by abcd, Apr 15, 2006.

  1. abcd

    abcd Guest

    abcd, Apr 15, 2006
    #1
    1. Advertising

  2. abcd

    CB Guest

    Yes, non-alphanumeric characters need to be encoded to travel in a URL. If
    the link is generated by script, you can use the command:
    server.URLEncode("%aaa")

    P.S. it looks like you might be passing query string variables directly to
    SQL queries, which is very hackable and insecure. Rule 1 of web programming
    is to validate all variables from the client You might try:
    ?searchtype=endswith&searchfor=aaa
    and after checking the searchfor string for unexpected junk, construct the
    "%aaa" on the server side.
     
    CB, Apr 15, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. suzy
    Replies:
    3
    Views:
    3,116
  2. Axel Dahmen

    Pack QueryString

    Axel Dahmen, Jun 29, 2003, in forum: ASP .Net
    Replies:
    2
    Views:
    543
    Axel Dahmen
    Jun 29, 2003
  3. Mehdi
    Replies:
    6
    Views:
    36,176
    sloan
    Apr 6, 2006
  4. Maxwell Hammer
    Replies:
    7
    Views:
    654
    Peter Hansen
    Jun 18, 2005
  5. Adeel Ahmad
    Replies:
    1
    Views:
    563
    Anthony Jones
    Mar 7, 2006
Loading...

Share This Page