IIS ASP - Querystring related

This is Interesting: Free IT Magazines  
Home > Archive > IIS ASP > April 2006 > Querystring related





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Querystring related
abcd

2006-04-27, 7:51 am

I am making request to my asp page as

http://localhost/test/test.asp?id=mike

this works great query string value is retrived as "mike"

whereas when I give the URL like this

http://localhost/test/test.asp?id=%aaa

I dont get id value = %aaa

instead I get some garbage value...

is there some kind of encoding required when % is involved in querystring...


CB

2006-04-27, 7:51 am

Yes, non-alphanumeric characters need to be encoded to travel in a URL. If
the link is generated by script, you can use the command:
server.URLEncode("%aaa")

P.S. it looks like you might be passing query string variables directly to
SQL queries, which is very hackable and insecure. Rule 1 of web programming
is to validate all variables from the client You might try:
?searchtype=endswith&searchfor=aaa
and after checking the searchfor string for unexpected junk, construct the
"%aaa" on the server side.
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com