how to properly encode ampersands in querystring

[darrel]

I am creating a querystring to look like this:

form_edit.aspx?collectionID=25&confirmationMessage=New+form+entry+saved

Note that I'm escaping the ampersand.

However, I can't grab the 'confirmationMessage' querystring unless I do NOT
encode the ampersand. I assume I'm missing something obvious here. Any
suggestions?

-Darrel

 

[Steve C. Orr [MVP, MCSD]]

Are you looking for Server.URLEncode?
http://www.4guysfromrolla.com/webtech/042601-1.shtml

Or maybe Server.HTMLEncode and Server.HTMLDecode?
http://www.devx.com/tips/Tip/13459

 

[darrel]

Are you looking for Server.URLEncode?

http://www.4guysfromrolla.com/webtech/042601-1.shtml

Or maybe Server.HTMLEncode and Server.HTMLDecode?
http://www.devx.com/tips/Tip/13459

Well, I'm 'encoding' it manually, but yea, maybe I need to unencode it.

So, how would I call a querystring in a URL after HTMLDecode?

Or would I decode it, then just parse it as a text string?

-Darrel

 

[Steve C. Orr [MVP, MCSD]]

You could do that. Or, on the receiving page you can get the value off the
querystring with
code something like this:


Dim nvc As NameValueCollection
nvc=Request.QueryString


Here's more info:

http://msdn.microsoft.com/library/d...sSpecializedNameValueCollectionClassTopic.asp

 

[tom.pesterDeLeTeTHISSS]

I'm curious why do you need to encode the ampersand? Is it to comply to XHTML
standards?

Cheers,
Tom Pester

 

[Guest]

I suggest that you put one more ampersand after & because each and every
value in a query string is separated by ampersand. For example
index.aspx?a=5&b=10. In your example,
form_edit.aspx?collectionID=25&&confirmationMessage=New+....

I hope it helps to encode/decode.

 

[Kevin Spencer]

You're using HTML Encoding in a URL. You should use URL Encoding instead:

form_edit.aspx?collectionID=25%38confirmationMessage=New+form+entry+saved

OR, you should NOT encode the ampersand at all, if you're trying to send
multiple parameters:

form_edit.aspx?collectionID=25&confirmationMessage=New+form+entry+saved

The ampersand is a standard URL delimiter for parameters in a query string.
It should never be HTML-Encoded. If you want to send a literal ampersand,
you should use URL-Encoding, as per my first suggestion.


--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Ambiguity has a certain quality to it.

 

[Oenone]

The ampersand is a standard URL delimiter for parameters in a query
string. It should never be HTML-Encoded.

Unless it's being included within the HTML itself (for example, in an anchor
tag), in which case it should.

This is valid XHTML (and works just fine):

<a href="http://myserver/mypage.aspx?a=1&amp;b=2">Link</a>

When clicked, the actual URL that will be present in the browser will have a
plain ampersand between the two parameters, not an encoded ampersand.

This is not valid (though it also works):


<a href="http://myserver/mypage.aspx?a=1&b=2">Link</a>

HTML can be a pain in the backside sometimes.

 

[darrel]

I'm curious why do you need to encode the ampersand? Is it to comply to
XHTML

standards?

I don't *need* too...just trying to get in the habit of doing it.

-Darrel

 

[darrel]

I suggest that you put one more ampersand after & because each and every

value in a query string is separated by ampersand. For example
index.aspx?a=5&b=10. In your example,
form_edit.aspx?collectionID=25&amp;&confirmationMessage=New+....

I hope it helps to encode/decode.

The problem is that I still have an unencoded ampersand in the URL then.

-Darrel

 

[darrel]

The ampersand is a standard URL delimiter for parameters in a query
string.

It should never be HTML-Encoded. If you want to send a literal ampersand,
you should use URL-Encoding, as per my first suggestion.

I was under the impression that an amersand in a URL, unenecoded, was
invalid XHTML.

http://www.456bereastreet.com/archive/200406/ampersands_and_validation/

Also, you introduce the problem of accidently creating an unintentional
entity:

mypage.aspx?id=2&amplitude=4

 

[darrel]

This is valid XHTML (and works just fine):

<a href="http://myserver/mypage.aspx?a=1&amp;b=2">Link</a>

When clicked, the actual URL that will be present in the browser will have a
plain ampersand between the two parameters, not an encoded ampersand.

Ah! Perhaps that's my problem. I'm not creating an href link, but rather,
I'm using response.redirect

-Darrel

 

[Kevin Spencer]

A URL is not HTML or XHTML. It is a URL. I was speaking in the context of a
URL, not the HTML document itself. When a URL is inside an HTML document (in
a link, for example), it needs to be HTML-Encoded. Otherwise not. See
http://www.gbiv.com/protocols/uri/rfc/rfc3986.html

--
HTH,

Kevin Spencer
Microsoft MVP
..Net Developer
Ambiguity has a certain quality to it.

 

[darrel]

a link, for example), it needs to be HTML-Encoded. Otherwise not. See

http://www.gbiv.com/protocols/uri/rfc/rfc3986.html

OH! I think this clarifies things. So, if it's a URL in my codebehind (as a
response.redirect) encoding is rather pointless?

-Darrel

 

[Oenone]

Ah! Perhaps that's my problem. I'm not creating an href link, but
rather, I'm using response.redirect

Right, in that case, you don't want to encode ampersands when you're using
them as value separators.

You'd only encode them in a Response.Redirect if they actually formed part
of one of the values, as detailed somewhere else on this thread.