urlencode and asp.net

S

sviau

im getting a string and urlencoding it (in the SanitizeForQueryString
function) is this the correct approach? should i be encoding each parameter
seperately or the entire string?

Dim AreaID As String = Request.Form(hAreaID.UniqueID)

Dim SalePrice As String =
SanitizeForQueryString(Request.Form(elMinPrice.ControlID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxPrice.ControlID)) & "-0"

Dim RentPrice As String =
SanitizeForQueryString(Request.Form(elMinRent.ControlID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxRent.ControlID)) & "-0"

Dim QString As New System.Text.StringBuilder

With QString

..Append("?Mode=0")

..Append("&Page=1")

..Append("&vs=1")

..Append("&rlt=")

..Append(SanitizeForQueryString(Request.Form(txtRealtorName.UniqueID)))

..Append("&cp=")

..Append(SanitizeForQueryString(Request.Form(txtBrokerCompany.UniqueID)))

..Append("&pt=")

..Append(SanitizeForQueryString(elPropertyTypes.GetSelectedValues))

..Append("&mp=")

..Append(SalePrice)

..Append("&mrt=")

..Append(RentPrice)

..Append("&Beds=")

..Append(SanitizeForQueryString(Request.Form(elBeds.ControlID)))

..Append("&Baths=")

..Append(SanitizeForQueryString(Request.Form(elBaths.ControlID)))

..Append("&f=")

..Append(SanitizeForQueryString(Request.Form(elFeatures.ControlID)))

..Append("&ft=")

..Append(SanitizeForQueryString(Request.Form(ddlFeatureType.UniqueID)))

..Append("&o=")

..Append(SanitizeForQueryString(Request.Form(ddlOrder.UniqueID)))

..Append("&of=")

..Append(SanitizeForQueryString(Request.Form(ddlOrderField.UniqueID)))

..Append("&ps=")

..Append(SanitizeForQueryString(Request.Form(ddlPageSize.UniqueID)))

If Not AreaID Is Nothing AndAlso AreaID <> String.Empty Then

..Append("&aid=")

..Append(SanitizeForQueryString(AreaID))

..Append("&MapURL=")

..Append(SanitizeForQueryString(Request.QueryString("MapURL")))

Else

..Append("&pro=")

..Append(SanitizeForQueryString(Request.Form(elProvinces.ControlID)))

..Append("&ci=")

..Append(SanitizeForQueryString(Request.Form(txtCity.UniqueID)))

..Append("&st=")

..Append(SanitizeForQueryString(Request.Form(txtStreet.UniqueID)))

..Append("&zip=")

..Append(SanitizeForQueryString(Request.Form(txtPostalCode.UniqueID)))

End If

End With
 
S

Steven Cheng[MSFT]

Hi sviau,


Thanks for posting in the community!
From your description, you 're wondering how to encode a url string and
whether it's necessary to encode a whole url or just some certain
querystring param,yes?
If there is anything I misunderstood, please feel free to let me know.


As for this problem, here is my suggestions:
Generally we need to encode the url string because in the RFC specification
some certain special characters are not allowed in url as their ascii mode.
So we need to encode them first, for example, we enter some certain
characters in browser's url address textbox, they'll be automatically
encoded to %{HEX}, {HEX} here is the certain character's hex value. For the
more detailed description and reference on these special character, you may
view the following links:

#URL Encoding
http://www.blooberry.com/indexdot/html/topics/urlencoding.htm

#HTML URL-encoding Reference
http://www.w3schools.com/html/html_ref_urlencode.asp

Also, as for your situation, I think you only need to encode those special
characters rather than the whole url string. Otherwise, maybe some
charaters will be incorrectly encoded. For example, the url "http://...."
if we encode the whole url, the "://" in it will be incorrectly encoded
which is not needed, do you think so?

In addition, here is another kb articles on pass Unsafe Characters in a
URL, I believe it maybe also helpful to you:
#How to Pass Unsafe Characters in a URL
http://support.microsoft.com/?id=153545



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
S

Steven Cheng[MSFT]

Hi sviau,


I haven't heard from you. Have you got any ideas on this issue? Is the
suggestions I provided last tim helpful? If you need any help, please feel
free to let me know. Thanks.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Can someone help me sort this one out and quick? 2
syntax error while converting asp to asp.net 5
whats wrong with this header??? 1
ARGH! Images to and from SQL Server 3
firewalls "removing bogus header" 4
Newbie, error between asp.net 1.1 and asp.net 2.0 1
ASP.NET Message Box causing problems with SmartNavigation property 1
Programming challenge: wildcard exclusion in cartesian products 78

Members online

No members online now.
Total: 32 (members: 0, guests: 32)
Robots: 446

Forum statistics

Threads
473,768
Messages
2,569,574
Members
45,048
Latest member
verona

Latest Threads

Top