Callback URL is ignoring parameter value after & - asp.net

I got stuck at this point. After login i am getting referral-url which i am putting into www.url.com?par1=val&callback="referral-url". My referral url is like www.ref-url.com?param1=val1&param2=val2&param3=val3. My problem is that i am getting a cut url i.e., www.ref-url.com?param1=val1 after login. I think it is ignoring url after '&'.I am using classic asp for development. Any Help would be very helpful.

You need to use Server.URLEncode if you're including a URL as a querystring parameter, especially if the included URL also contains querystrings.
Dim login_redirect, login_referrer
login_redirect = "http://www.url.com/?par1=val&callback="
login_referrer = "http://www.ref-url.com/?param1=val1&param2=val2&param3=val3"
response.write login_redirect & Server.URLEncode(login_referrer)
Output:
http://www.url.com/?par1=val&callback=http%3A%2F%2Fwww%2Eref%2Durl%2Ecom%2F%3Fparam1%3Dval1%26param2%3Dval2%26param3%3Dval3

Passing the URL with query inside another URL query is a bit tricky. The only way it works is to encode it. For example:
https://website.com/?a=1&url=https%3A%2F%2Fwebsite.com%2F%3Fz%3D1%26y%3D2
But, when you want to return to the url you passed through query, you need to decode it otherwise it will not work. You can use the following function on your "login Page" before redirecting the url.
Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If
' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")
' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")
If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If
URLDecode = sOutput
End Function
For example, you should have above function and the following code on your login page:
Dim callback
callback = Request("callback")
callback = URLDecode(callback)
Response.redirect(callback)

Related

Escaping apostrophe/single quote in parameterized sql in asp

I'm new to parametrized SQL. I've got a query in an .asp page that's getting one or more client names from a form. These are held in an array called clientArr and then passed through to SQL server as parameters. I'm escaping the ' as '' but this doesn't appear to be working. If I run the query with a client name like McDonald's, it returns no results.
clientArr(y) = Replace(clientArr(y),"'","''"
...
if qsClient > "" Then
dim booComma
booComma = false
if mySQLwhere > "" Then
mySQLwhere = mySQLwhere& " AND "
End if
mySQLwhere = mySQLwhere & " (p.client IN ( "
for y = 0 to Ubound(clientArr)
if booComma = true Then
mySQLwhere = mySQLwhere & ","
end if
mySQLwhere = mySQLwhere & "?"
booComma = true
Next
mySQLwhere = mySQLwhere & ")) "
end if
...
if qsClient > "" Then
for y = 0 to Ubound(clientArr)
Response.write clientArr(y)
set prm = cmd.CreateParameter("#prm", 129, 1, 50, clientArr(y))
cmd.Parameters.Append prm
next
end if
If I run the query directly or create it by concatenating strings rather then use parameters, it works fine. It also works fine is I use a client name without an apostrophe.
Any help would be much appreciated. Happy to provide more info if I can.
Thanks,
Tim
After working on this for far too long, it just hit me. Passing the parameter straight through like this means that I don't need to escape it at all. If I remove that replace statement, it works just fine keeping the single quote. I was definitely over-thinking this.

how to run response.redirect on for loop

I Have process that should run atau go to url , but it should run on for loop :
For i = 0 To ds.Tables(0).Rows.Count - 1
idCustomer = ds.Tables(0).Rows(i)("House").ToString()
amt = ds.Tables(0).Rows(i)("OPR_BALANCE").ToString()
lang = "0"
aid = "000000"
Dim result As String = "http://soap.Services.com:2121/WS.aspx/?c=1&id=" + idCustomer + "&lang=" + lang + ""
Response.Redirect(result)
Next
but right now, based on my code, redirect to the url and , the progress is automaticly stop because its redirected.
is it possible to run process by redirectt to URL on for loop?
Redirecting inside a loop wont work. You need to call the service in other way.
Try using DownloadString method of WebClient. Extract result by this:
Dim client As New WebClient()
Dim result As String = client.DownloadString("http://soap.Services.com:2121/WS.aspx/?c=1&id=" + idCustomer + "&lang=" + lang )
you cannot do it with using response.redirect(). instead, you can use clientside code(JS) to do this logic. do your logic in JS and open up new pages with JS.
you can use jquery to call a webmethod. that webmethod can do the database stuff for you and return the data as json object. then you can do your logic in jquery to open new pages
I hope this helps
As soon as you call the Redirect you are done.... you can't redirect to mutiple pages....its illogical.....
Look this discussion : Redirect loop

Save Base64 to an image using Classic ASP

I have been trying to save a base64 file as an image from server side using classic ASP. What I want is it to autosave the file to a specific location and give it a filename, Now I am fine coding that aspect of it. However I can't get the code to save the image without first rendering on a browser. This isn't going to work for me as the script I am using will be an automatic export and have no user input.
Code follows as yet that renders in the webpage and asks the user where to save the image. Just to reiterate I need it to auto save (no user input)
base64String ="base64 code goes here - Wont add it as its huge amount of text"
Set tmpDoc = Server.CreateObject("MSXML2.DomDocument")
Set nodeB64 = tmpDoc.CreateElement("b64")
nodeB64.DataType = "bin.base64" ' stores binary as base64 string
nodeB64.Text = Mid(base64String, InStr(base64String, ",") + 1) ' append data text (all data after the comma)
vehicleAuditName= "Audit1"
With Response
.Clear
.ContentType = "image/png"
.AddHeader "Content-Disposition", "attachment; filename=" & vehicleAuditName & ".png"
.BinaryWrite nodeB64.NodeTypedValue 'get bytes and write
.end
End With
use an adodb.stream object to store the image on the server side like so:
dim bStream : set bStream = server.CreateObject("ADODB.stream")
bStream.type = adTypeBinary
call bStream.Open()
call bStream.Write( binData )
call bStream.SaveToFile( FullName, adSaveCreateOverWrite)
call bStream.close()
set bStream = nothing
The server side code that receives the base64 string is below, please note that this is code that is taken from a working system so there are variables such as carreg / auditdate that are used as unique identifiers for giving the created file a name:
function convBase64 (convVal, getCarReg, convType, AuditDate, AuditReference)
base64String = convVal
carReg = (UCase(getCarReg))
carReg = (Replace(getCarReg," ",""))
AuditDate= CDate(AuditDate)
ConvAuditDate = ((DatePart("d",AuditDate))& "_" & (DatePart("m",AuditDate)) & "_" & (DatePart("YYYY",AuditDate)))
select case convType
Case "Sig1"
FileNameSuffix = "AuditorsSignature"
Case "Sig2"
FileNameSuffix = "BodyShopSignature"
Case "Car"
FileNameSuffix = "DamageCanvas"
end select
ImageFileName = FileNameSuffix & "-" & carReg & "-" & ConvAuditDate & ".jpg"
Set tmpDoc = Server.CreateObject("MSXML2.DomDocument")
Set nodeB64 = tmpDoc.CreateElement("b64")
nodeB64.DataType = "bin.base64" ' stores binary as base64 string
nodeB64.Text = Mid(base64String, InStr(base64String, ",") + 1) ' append data text (all data after the comma)
dim bStream : set bStream = server.CreateObject("ADODB.stream")
bStream.type = 1
call bStream.Open()
call bStream.Write( nodeB64.NodeTypedValue )
call bStream.SaveToFile(Server.Mappath("NoneVehicleImages/" & AuditReference & "/" & ImageFileName), 2 )
call bStream.close()
set bStream = nothing
convBase64 = "\\iis_fdg$\AuditExport\NoneVehicleImages\" & AuditReference & "\" & ImageFileName
end function
You cannot do this due to security reasons. If web pages could randomly choose where to store files on our local systems without any user interaction, there would chaos.

Classic ASP: querystring handler

I've done this a long time ago, now I can't find the function. It shouldn't be too complicated, but I wonder if there's any news on this before I go and do it again...
Take this:
www.example.com?query=whatever&page=1
Now imagine I press button to page 2, it will become:
www.example.com?query=whatever&page=2
Always keeping the rest of the querystring intact. Now picture on page 2 I press the button to order by date, it should turn into:
www.example.com?query=whatever&page=1&order=date
Problem is, on the ASP code for ordering, I don't want to handle every other querystring. So I need a function to handle it for me and be able to do something like the following examples:
date
next page
all pages
This is just an initial idea of what I am going to do if I still can't find a ready solution... Again, just wondering if there's anything new out there to handle all this in ways I haven't even imagined yet.
If it's of anyone's interest, here's the quite confusing code I rolled on yesterday:
'Build a string QueryString from the array Request
function bdl_qs (req_qs)
dim result, qa, item
result = empty
qa = "?"
if isnull(req_qs) or isempty(req_qs) then req_qs = Request.QueryString
for each item in req_qs
result = result & qa & item
result = result & "=" & req_qs(item)
qa = "&"
next
bdl_qs = result
end function
'Build a string QueryString ontop of the supplied one, adding the query and / or value(s) to it
function add_qs (qs, q, s)
dim result
result = qs
if left(result, 1) = "?" then
result = result & "&" & q
else
result = "?" & q
end if
if not isnull(s) and not isempty(s) then
result = result & "=" & s
end if
add_qs = result
end function
'Build a string QueryString ontop of the supplied one, removing the selected query and / or values
function del_qs (qs, q)
dim result, item
result = qs
if left(qs, 1) = "?" then
dim rqs, qa
rqs = result
result = "?"
rqs = right(rqs, len(rqs)-1) 'remove the "?"
rqs = Split(rqs, "&") 'separate the queries
qa = ""
for each item in rqs
dim rq
rq = Split(item, "=") 'separate the query to analyze the name only
if rq(0) <> q then 'good for rebuilding
result = result & qa & item
qa = "&"
end if
next
end if
del_qs = result
end function
'Build a string QueryString ontop of the supplied one, setting the query to the value
function set_qs (qs, q, s)
set_qs = add_qs(del_qs(qs, q), q, s)
end function

Getting the Request Variables from an ASP.NET page

I wrote the following function that works about 95% of the time, but I need it to work 100% (obviously):
Public Shared Function getPassedVars() As String
Const keyCount As Integer = 54 ' 54 seems to be the number of parameter keys passed by default (for this web_app).
' there are more if there is a form involved (ie. from search page)
Dim oParams As String = ""
Try
With HttpContext.Current
If .Request.Params.AllKeys.Count > keyCount Then
For i As Integer = 0 To (.Request.Params.AllKeys.Count - (keyCount + 1))
oParams &= String.Format("{0}={1}{2}", .Request.Params.Keys.Item(i), .Request.Params(i), IIf(i < .Request.Params.AllKeys.Count - (keyCount + 1), ";", ""))
Next
End If
End With
Return oParams
Catch ex As Exception
Return Nothing
End Try
End Function
It scrubs the Request.Params object for passed variables, which are in the beginning of the array (the remaining ones are ASP parameters). I am pretty sure I've seen a different way to get these parameters, but I haven't been able to figure it out. Any suggestions?
EDIT
So it looks like I can use the Request.URL.Query to achieve this, I will investigate this and post back.
Here is what I came up with:
Public Shared Function getPassedVars() As String
Dim oParams As String = ""
Dim qString As String = ""
Dim oSplit As New List(Of String)
Try
With HttpContext.Current
qString = .Request.Url.Query
If qString.Length > 0 Then 'do we have any passed variables?
If qString.StartsWith("?") Then qString = qString.Remove(0, 1) 'remove leading ? from querystring if it is there
oSplit.AddRange(qString.Split("&"))
For i As Integer = 0 To oSplit.Count - 1
oParams &= String.Format("{0}{1}", oSplit.Item(i), IIf(i < oSplit.Count - 1, ";", ""))
Next
Return oParams
Else
Return Nothing
End If
End With
Catch ex As Exception
Return Nothing
End Try
End Function
So far so good.
Request.QueryString is a NameValueCollection, so the easiest way to get the "parameters" is to do the following:
foreach (String s in Request.QueryString) {
Response.Write(s + " = " + Request.QueryString[s]);
}
Where is your function located? If it's executing in the page's code behind then you definitely do not need to use the HttpContext variable.
It looks like you are trying to get values from the query string.
For example, for this URL:-
http://www.tempuri.org/mypage.aspx?param1=x&param2=y
I assume you want retreive the values of the query string parameters param1 and param2?
If so, just use:-
Dim param1 as String = Request.QueryString("param1")
Otherwise, if these parameters are contained in a form (an HTTP POST request) then use the method which Mitchel Sellers suggests.
If you know the name you can use the following to get it by key value
Dim myParamValue as String = Request.Form("MyKeyName")
Otherwise, you can loop through the form collection, by key etc, to get the values. The key is, do you really need to be parsing all 54 items? Or are you simply looking for a few specific values?
httpcontext.Current.Request.QueryString("KeyName")
Request.Params will contain the query parameters you're after.
There's no need to parse the info from Request.URL since it's already done for you.

Resources