urlencode and asp.net

  • Thread starter Thread starter sviau
  • Start date Start date
S

sviau

im getting a string and urlencoding it (in the SanitizeForQueryString
function) is this the correct approach? should i be encoding each parameter
seperately or the entire string?

Dim AreaID As String = Request.Form(hAreaID.UniqueID)

Dim SalePrice As String =
SanitizeForQueryString(Request.Form(elMinPrice.ControlID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxPrice.ControlID)) & "-0"

Dim RentPrice As String =
SanitizeForQueryString(Request.Form(elMinRent.ControlID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxRent.ControlID)) & "-0"

Dim QString As New System.Text.StringBuilder

With QString

..Append("?Mode=0")

..Append("&Page=1")

..Append("&vs=1")

..Append("&rlt=")

..Append(SanitizeForQueryString(Request.Form(txtRealtorName.UniqueID)))

..Append("&cp=")

..Append(SanitizeForQueryString(Request.Form(txtBrokerCompany.UniqueID)))

..Append("&pt=")

..Append(SanitizeForQueryString(elPropertyTypes.GetSelectedValues))

..Append("&mp=")

..Append(SalePrice)

..Append("&mrt=")

..Append(RentPrice)

..Append("&Beds=")

..Append(SanitizeForQueryString(Request.Form(elBeds.ControlID)))

..Append("&Baths=")

..Append(SanitizeForQueryString(Request.Form(elBaths.ControlID)))

..Append("&f=")

..Append(SanitizeForQueryString(Request.Form(elFeatures.ControlID)))

..Append("&ft=")

..Append(SanitizeForQueryString(Request.Form(ddlFeatureType.UniqueID)))

..Append("&o=")

..Append(SanitizeForQueryString(Request.Form(ddlOrder.UniqueID)))

..Append("&of=")

..Append(SanitizeForQueryString(Request.Form(ddlOrderField.UniqueID)))

..Append("&ps=")

..Append(SanitizeForQueryString(Request.Form(ddlPageSize.UniqueID)))

If Not AreaID Is Nothing AndAlso AreaID <> String.Empty Then

..Append("&aid=")

..Append(SanitizeForQueryString(AreaID))

..Append("&MapURL=")

..Append(SanitizeForQueryString(Request.QueryString("MapURL")))

Else

..Append("&pro=")

..Append(SanitizeForQueryString(Request.Form(elProvinces.ControlID)))

..Append("&ci=")

..Append(SanitizeForQueryString(Request.Form(txtCity.UniqueID)))

..Append("&st=")

..Append(SanitizeForQueryString(Request.Form(txtStreet.UniqueID)))

..Append("&zip=")

..Append(SanitizeForQueryString(Request.Form(txtPostalCode.UniqueID)))

End If

End With
 
Hi sviau,


Thanks for posting in the community!
From your description, you 're wondering how to encode a url string and
whether it's necessary to encode a whole url or just some certain
querystring param,yes?
If there is anything I misunderstood, please feel free to let me know.


As for this problem, here is my suggestions:
Generally we need to encode the url string because in the RFC specification
some certain special characters are not allowed in url as their ascii mode.
So we need to encode them first, for example, we enter some certain
characters in browser's url address textbox, they'll be automatically
encoded to %{HEX}, {HEX} here is the certain character's hex value. For the
more detailed description and reference on these special character, you may
view the following links:

#URL Encoding
http://www.blooberry.com/indexdot/html/topics/urlencoding.htm

#HTML URL-encoding Reference
http://www.w3schools.com/html/html_ref_urlencode.asp

Also, as for your situation, I think you only need to encode those special
characters rather than the whole url string. Otherwise, maybe some
charaters will be incorrectly encoded. For example, the url "http://...."
if we encode the whole url, the "://" in it will be incorrectly encoded
which is not needed, do you think so?

In addition, here is another kb articles on pass Unsafe Characters in a
URL, I believe it maybe also helpful to you:
#How to Pass Unsafe Characters in a URL
http://support.microsoft.com/?id=153545



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Hi sviau,


I haven't heard from you. Have you got any ideas on this issue? Is the
suggestions I provided last tim helpful? If you need any help, please feel
free to let me know. Thanks.



Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
Back
Top