I'm trying to get parameters received from a form, that were sent with method POST.
I don't know how it's called in asp, M$ loves to change stuff's names to mess with us. They come in HTTP body, while GET/QueryString parameters come in URL after the ? sign.
In PHP, "get patameters" are available in the $_GET array. In asp they are Request.QueryString["parameter1"].
"post patameters" are in $_POST, and I cant find it in asp. I hope I made it clear :p
To read the value from paramater1 contained inside the form data:
string paramater1 = Request.Form["paramater1"];
Note that if the form doesn't contain your variable, paramater1 will be null.
Suppose your querystring is something like this :
http://stackoverflow.com/questions.aspx?id=17844065&title=post-parameters-in-asp-net
if i am right then you are looking for this. Please note this is regarding ASP.Net, I have no idea about classic ASP. And this will not work on classic ASP, I believe.
You can use in cs,
if(Request["id"]!=null )
{
var id= Request["id"]; // gives you id as 17844065 string values
}
if(Request["title"]!=null )
{
var title= Request["title"]; // gives you title as string
}
Update :
NameValueCollection nvc = Request.Form;
string userName, password;
if (!string.IsNullOrEmpty(nvc["txtUserName"]))
{
userName = nvc["txtUserName"];
}
if (!string.IsNullOrEmpty(nvc["txtPassword"]))
{
password = nvc["txtPassword"];
}
Try Request.Params, it should contain all GET and/or POST parameters, Request.Form should contain only form parameters.
Related
I have been trying to find the question to my answer but I'm unable to and finally I'm here. What I want to do is access the value passed to a webpage (GET, POST request) using asp.net. To be more clear, for example:
URL: http://www.foobar.com/SaleVoucher.aspx?sr=34
Using asp.net I want to get the sr value i.e 34.
I'm from the background of C# and new to ASP.NET and don't know much about ASP.NET.
Thanx.
Can you refer to this QueryString
Here he says how to access the query string using:
Request.Url.Query
That is not called a Header, but the Query String.
the object document.location.search will contain that and the javascript to get any query string value based on the key would be something like:
function getParameterByName(name) {
name = name.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]");
var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
results = regex.exec(location.search);
return results == null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
}
code from other question: https://stackoverflow.com/a/901144/28004
function IfModuleSucceded(sender, args) {
var existingCount = existingItems.get_count();
var existEnumerator = existingItems.getEnumerator();
while (existEnumerator.moveNext()) {
var currentmodule = existEnumerator.get_current();
var URL = currentmodule.get_item("Request_URL");
alert(URL);
}
}
In this Code i am trying to Retrieve the url of a Hyperlink column which is in a SharePoint list, using Client object model, but i have received an object. How could i get the Url out of this received object ????
when this code is executed, it gives the alert as "[Object Object]".
would anyone help me to sort this out ??
The answer will be alert(url.url) as it's an object.
It will also have a property called description
The Hyperlink field has two properties: Description and Url.
You can access the properties like this: ObjectName.PropertyName
So for your URL object in your example, you can reach the properties like this: URL.Url and URL.Description
I found that Url and Description are case sensitive, so make sure you capitalize where necessary.
This worked great for me.
Hii,
I have a query string like "http://project/page1.aspx?userID=5". The operation won't be performed, if the 'userID' parameter changed manually. How it is possible?
Hii all, thank you for your assistance... and i got some difference sort of solution from some other sites. i don't know that the best solution. that is to encode the value using an encryption and decryption algorithm... The sample code has been written like this...
<a href='Page1.aspx?UserID=<%= HttpUtility.UrlEncode(TamperProofStringEncode("5","F44fggjj")) %>'>
Click Here</a> <!--Created one anchor tag and call the function for TamperProofStringEncode-->
private string TamperProofStringEncode(string value, string key)
{
System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
return Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(value)) + "-" + Convert.ToBase64String(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(value)));
}
In the page load of 'Page1' call the decode algorithm to decode the query string
try
{
string DataString = TamperProofStringDecode(Request.QueryString["UserID"], "F44fggjj");
Response.Write(DataString);
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
private string TamperProofStringDecode(string value, string key)
{
string dataValue = "";
string calcHash = "";
string storedHash = "";
System.Security.Cryptography.MACTripleDES mac3des = new System.Security.Cryptography.MACTripleDES();
System.Security.Cryptography.MD5CryptoServiceProvider md5 = new System.Security.Cryptography.MD5CryptoServiceProvider();
mac3des.Key = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(key));
try
{
dataValue = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[0]));
storedHash = System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(value.Split('-')[1]));
calcHash = System.Text.Encoding.UTF8.GetString(mac3des.ComputeHash(System.Text.Encoding.UTF8.GetBytes(dataValue)));
if (storedHash != calcHash)
{
//'Data was corrupted
throw new ArgumentException("Hash value does not match");
// 'This error is immediately caught below
}
}
catch (Exception ex)
{
throw new ArgumentException("Invalid TamperProofString");
}
return dataValue;
}
It sounds like a strange requirement. Are you trying to implement some sort of home-grown security? If it's so, you really shouldn't.
Anyway, one way you could do it would be to take the entire url http://project/page1.aspx?userID=5 and calculate its md5 sum. Then you append the md5 sum to the final url, such as http://project/page1.aspx?userID=5&checksum=YOURCALCULATEDMD5SUM. Then in page1.aspx you will have to validate that the checksum parameter is correct.
However, this approach is quite naïve and it would not necesarily take very long for anyone to figure out the algorithm you have used. If they did they could "easily" change the userid and calculate an md5 sum themselves. A more robust approach would be one where the checksum was encrypted by a key that only you had access to. But again I have to question your motive for wanting to do this, because other security solutions exist that are much better.
Here is another option that I found incredibly useful for my requirements:
4 Guys From Rolla - Passing Tamper-Proof QueryString Parameters
You can't.
Anything in the HTTP request (including URL, query string, cookies, ...) is under the control of the client and is easy to fake.
This is why it is important to whitelist valid content, because the client can arbitrarily add anything it likes in addition to what you you prompt to receive.
My favourite is the following. It uses a HTTPmodule to transparently encode and decode the Querystring with the explicit purpose of preventing tamperring of the querystring.
http://www.mvps.org/emorcillo/en/code/aspnet/qse.shtml
It is perfect when Session is not an option!
You can't tell whether it has been changed manually. If you use query strings then you hyave to make sure that it doesn't matter if it is changed. e.g. if you are using it to show a user their account details, you need to check wether the selected user, is the current user and show an error message instead of user data if it is not.
If the user is allowed to change record 5, but not record 7 for example, this has to be enforced server-side. To do this you need to be able to identify the user, by requiring a login, and giving them a unique session key that is stored in their browser cookie, or as another parameter in the url query string.
There are abundant packages/modules/libraries in man languages for dealing with authentication and sessions in a sensible way - roll you own at your own peril :)
Well - it depends :)
One possibility is to put the userID into a session variable. So the user cannot see or edit the value.
If you have other means to detect if the value is invalid (i.e. does not exist or cannot be for that user (who you can identify through some other way) or the like) you might get away with validating the input yourself in code behind.
But as you probably know you cannot prevent the user changing the query string.
I want to dynamically populate a link with the URI of the current request, but set one specific query string parameter. All other querystring paramaters (if there are any) should be left untouched. And I don't know in advance what they might be.
Eg, imagine I want to build a link back to the current page, but with the querystring parameter "valueOfInterest" always set to be "wibble" (I'm doing this from the code-behind of an aspx page, .Net 3.5 in C# FWIW).
Eg, a request for either of these two:
/somepage.aspx
/somepage.aspx?valueOfInterest=sausages
would become:
/somepage.aspx?valueOfInterest=wibble
And most importantly (perhaps) a request for:
/somepage.aspx?boring=something
/somepage.aspx?boring=something&valueOfInterest=sausages
would preserve the boring params to become:
/somepage.aspx?boring=something&valueOfInterest=wibble
Caveats: I'd like to avoid string manipulation if there's something more elegant in asp.net that is more robust. However if there isn't something more elegant, so be it.
I've done (a little) homework:
I found a blog post which suggested copying the request into a local HttpRequest object, but that still has a read-only collection for the querystring params. I've also had a look at using a URI object, but that doesn't seem to have a querystring
This will work as long as [1] you have a valid URL to begin with (which seems reasonable) [2] you make sure that your new value ('sausages') is properly escaped. There's no parsing, the only string manipulation is to concatenate the parameters.
Edit
Here's the C#:
UriBuilder u = new UriBuilder(Request.Url);
NameValueCollection nv = new NameValueCollection(Request.QueryString);
/* A NameValueColllection automatically makes room if this is a new
name. You don't have to check for NULL.
*/
nv["valueOfInterest"] = "sausages";
/* Appending to u.Query doesn't quite work, it
overloaded to add an extra '?' each time. Have to
use StringBuilder instead.
*/
StringBuilder newQuery = new StringBuilder();
foreach (string k in nv.Keys)
newQuery.AppendFormat("&{0}={1}", k, nv[k]);
u.Query = newQuery.ToString();
Response.Redirect(u.Uri.ToString());
UriBuilder u = new UriBuilder(Request.Url);
NameValueCollection nv = new NameValueCollection(Request.QueryString);
nv["valueofinterest"] = "wibble";
string newQuery = "";
foreach (string k in nv.Keys)
{
newQuery += k + "=" + nv[k] + "&";
}
u.Query = newQuery.Substring(0,newQuery.Length-1);
Response.Redirect(u.ToString());
that should do it
If you can't find something that exists to do it, then build a bullet-proof function to do it that is thoroughly tested and can be relied upon. If this uses string manipulation, but is efficient and fully tested, then in reality it will be little different to what you may find any way.
Here's another one for you to help me solve: I have an ASP.NET website that uses AJAX (asynchronous) calls to am .ashx handler, passing a query string parameter to get some information from the database.
Here's an example of how it works:
Client-side (Javascript) code snippet that makes the asynchronous call to the handler:
/* Capture selected value from a DropDownBox */
var dropdown = document.getElementById(DropDownID);
var selectedValue = dropdown.options[dropdown.selectedIndex].value;
/* Make the call to the handler */
var url = "MyHandler.ashx?param=" + selectedValue;
var ajaxObj = new Ajax();
ajaxObj.doRequest(url, MyCallback, args, connectionFailed);
When I load the webform (that contains this AJAX call) for the first time, it sends the right query string to the handler (I checked it using debug in Visual Studio), like param = Street Joseph Blíss. That's the right behavior I want it to have.
The thing is that when I load that webform again (and all subsequent times), that í character from "Blíss" appears in server-side as Ã-. As that's the key from the entity I'm trying to select on server-side database access script, it doesn't work as it worked on 1st webform load.
I tried encoding the query string on client-side and decoding it on server-side, using something like this:
Client-side (Javascript):
var encodedParam = encodeURIComponent(selectedValue);
/* Make the call to the handler */
var url = "MyHandler.ashx?param=" + encodedParam ;
Server-side (ASP.NET, C#):
string encodedParam = context.Request.QueryString["param"];
string value = HttpUtility.UrlDecode(encodedParam, Encoding.ASCII);
...but I had no luck with it and the problem still remains. Any help?
After some more searching, I found out how to solve with server-side code refinement. Here's the deal:
I had to alter my .ashx handler to parse the original parameter grabbed from the query string and convert it into UTF-8. Here's how it's made:
// original parameterized value with invalid characters
string paramQs = context.Request.QueryString["param"];
// correct parsed value from query string parameter
string param = Encoding.UTF8.GetString(Encoding.GetEncoding("iso8859-1").GetBytes(paramQs));
Happy coding, folks! :)