locked
Request.Querystring is truncating parameters RRS feed

  • Question

  • User1943947239 posted

    In an aspx page I have a C# script that pulls a query string paramter and sticks it in a link. This is what the code looks like:

     

    if(Request.QueryString["actionUrl"] != null)
                actionUrl = Request.QueryString["actionUrl"];
            else
      

     My query string looks like this:

     

    http://localhost//topics/register/?actionUrl=/topics/forums/post.aspx?action=reply&forumId=17&topicId=8 

     

    The problem is that the "actionUrl" string looks like this once I run that line of code:

     

    actionUrl=/topics/forums/post.aspx?action=reply

     

    Notice how the rest of the params after "action=reply" are missing. How can I capture the whole string including the ampersand (&) variables?

     

    Thanks. 

    Saturday, March 1, 2008 10:19 PM

Answers

  • User-158764254 posted

    It is surprising to me that the behavior I'm experiencing is by design; wouldn't the "QueryString" be the entire URL including all the trailing parameters?

    There is a different between the querystring in its entirety and reading an individual querystring value.  The querystring can hold many values all separated by ampersand characters.

    Somepage.aspx?var1=value1&var2=value2&var3=value3

    There is no way to differentiate between an ampersand character that that delimits the various individual querystring values and an ampersand character that appears as data inside of a querystring value.

    Is there some other way to read the params in the query string? What if I were to escape the ampersand or something? Would that stop the parser from getting stuck?

    Absolutely.  Any data that will be used on a querystring should be Urlencoded first using Server.UrlEncode.  When you read values back out of the querystring, it will automatically be UrlDecoded for you by the framework.

    So the solution lies in how you create the querystring values rather than in how you read them back out.

    Dim queryStringValue As String

    Dim url As String

    queryStringValue = Server.UrlEncode("/topics/forums/post.aspx?action=reply&forumId=17&topicId=8")

    url = "somePageUrl" & "?actionUrl=" & queryStringValue

    <!--EndFragment-->In this sample, the queryStringValue variable will actually become:

        %2ftopics%2fforums%2fpost.aspx%3faction%3dreply%26forumId%3d17%26topicId%3d8

    Notice how any special characters have been encoded so that they cannot interfere with reading that querystring value back. But, later when you read the querystring value; Request.QueryString("actionUrl"), you will get the unencoded value that you started with

        /topics/forums/post.aspx?action=reply&forumId=17&topicId=8 

     

    Hope this helps...

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, March 2, 2008 12:02 PM

All replies

  • User214117797 posted

    http://localhost//topics/register/?actionUrl=/topics/forums/post.aspx?action=reply&forumId=17&topicId=8 

     

    The problem is that the "actionUrl" string looks like this once I run that line of code:

     

    actionUrl=/topics/forums/post.aspx?action=reply

     

    That is the expected behaviour of the query strings, as query strings are separated by the & character

    the & denotes when the parameter ends, if it does not have a delimiter then one cannot have a way to identify all the query strings

     

    If you want to extract the complete query string you would need to manually parse the URL and extract the query string parameters yourself, but keep in mind how would you identify the end of the query string, so you may need to use another character 

    Saturday, March 1, 2008 10:54 PM
  • User159052556 posted

    Hi

    You can try this

    string virtualpath = System.Uri.EscapeDataString(a virtual path from a query stirng variable goes here);

    Server.transfer/response.redirect(virtualpath);

     

    or

    to get the corresponding special characters for parsing, like %25=%, %2F= blank space,...

    System.Uri.UnescapeDataString(a string containg the spaecial characters);

    Try them, as well as try the other options or methods given in System.Uri.

    poulomi

    Saturday, March 1, 2008 11:21 PM
  • User-442214108 posted

    Make sure you have an actual page in there before the question mark - - - - so that it reads something  like:
    http://localhost//topics/register/yourpage.aspx?actionUrl=........

    with it this way:
    register/?actionUrl

    it will not work - the ? needs to work off of an actual page.

     

    Saturday, March 1, 2008 11:36 PM
  • User1943947239 posted

     So in my case would using something like a substring() be the best bet? If I'm just reading to the end of the URL I suppose I could find the first instance of "actionUrl" and parse to the end of the string. That seems messy though. It is surprising to me that the behavior I'm experiencing is by design; wouldn't the "QueryString" be the entire URL including all the trailing parameters? Is there some other way to read the params in the query string? What if I were to escape the ampersand or something? Would that stop the parser from getting stuck?

    Seeing how robust .NET is I'd think there is a best practice way to accomplish this... some kind of collection or something. You know what I mean? 

    Sunday, March 2, 2008 1:37 AM
  • User1181709163 posted
    Most possible reason is your query string would contains a [space] which cause the incomplete query string. To solve this problem replace [space] with [%20].
    Sunday, March 2, 2008 5:26 AM
  • User-48124152 posted

    In an aspx page I have a C# script that pulls a query string paramter and sticks it in a link. This is what the code looks like:

     

    if(Request.QueryString["actionUrl"] != null)
                actionUrl = Request.QueryString["actionUrl"];
            else
      

     My query string looks like this:

     

    http://localhost//topics/register/?actionUrl=/topics/forums/post.aspx?action=reply&forumId=17&topicId=8 

     

    The problem is that the "actionUrl" string looks like this once I run that line of code:

     

    actionUrl=/topics/forums/post.aspx?action=reply

     

    Notice how the rest of the params after "action=reply" are missing. How can I capture the whole string including the ampersand (&) variables?

     

    Thanks. 

     

    hi, this problem happen because of the "&" ,

    A quick way to test it is to replace your browser querystring & with %26 and you can see the complete url.

    Request.QueryString["actionUrl"] --> this will only return one parameter and ignore the & and everything behind it.
    This is the way i will do it,  
            string fullURL, actionURL;
            fullURL = Request.Url.ToString();
            int startIndex = 0;
            int endIndex = 0;
    
            startIndex = fullURL.LastIndexOf("?") + 11; // we want to skip the actionURL=
            endIndex = fullURL.LastIndexOf("") + 1; //basically this is the length of the string
    
            actionURL = fullURL.Substring(startIndex, endIndex - startIndex); //actionURL content
           
            Response.Write("actionUrl=" + actionURL + "&lt;br>");
    Put a break line somewhere in the code so you can see the value of startIndex, endIndex, actionURL 
    Take care, 
     
     
    Sunday, March 2, 2008 11:21 AM
  • User-158764254 posted

    It is surprising to me that the behavior I'm experiencing is by design; wouldn't the "QueryString" be the entire URL including all the trailing parameters?

    There is a different between the querystring in its entirety and reading an individual querystring value.  The querystring can hold many values all separated by ampersand characters.

    Somepage.aspx?var1=value1&var2=value2&var3=value3

    There is no way to differentiate between an ampersand character that that delimits the various individual querystring values and an ampersand character that appears as data inside of a querystring value.

    Is there some other way to read the params in the query string? What if I were to escape the ampersand or something? Would that stop the parser from getting stuck?

    Absolutely.  Any data that will be used on a querystring should be Urlencoded first using Server.UrlEncode.  When you read values back out of the querystring, it will automatically be UrlDecoded for you by the framework.

    So the solution lies in how you create the querystring values rather than in how you read them back out.

    Dim queryStringValue As String

    Dim url As String

    queryStringValue = Server.UrlEncode("/topics/forums/post.aspx?action=reply&forumId=17&topicId=8")

    url = "somePageUrl" & "?actionUrl=" & queryStringValue

    <!--EndFragment-->In this sample, the queryStringValue variable will actually become:

        %2ftopics%2fforums%2fpost.aspx%3faction%3dreply%26forumId%3d17%26topicId%3d8

    Notice how any special characters have been encoded so that they cannot interfere with reading that querystring value back. But, later when you read the querystring value; Request.QueryString("actionUrl"), you will get the unencoded value that you started with

        /topics/forums/post.aspx?action=reply&forumId=17&topicId=8 

     

    Hope this helps...

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, March 2, 2008 12:02 PM
  • User-48124152 posted

     Hi, i don't think my example will return the value below,

    %2ftopics%2fforums%2fpost.aspx%3faction%3dreply%26forumId%3d17%26topicId%3d8

    I was trying to point out that we can replace the & with %26 and then i demonstrate how i did it in my method without using %26 

    Monday, March 3, 2008 10:44 AM
  • User-158764254 posted

     Hi, i don't think my example will return the value below,

    Sorry for the confusion. I wasnt trying to comment on your post. When i said "in the previous sample", i was referring to the sample written higher up in my post.

     

    Monday, March 3, 2008 2:23 PM
  • User-48124152 posted

     Mike,

    I'm sorry, I misunderstood you.

    Monday, March 3, 2008 3:21 PM