Get and Post vs Query String - asp.net

Whenever we redirect from one page to another page, Query string can be used. Now when i used the "GET" and "POST" methods in the form tag.
I have got the following findings.
Get - Exposes is the data of password fields in the URL. SO it should not be used. Right?
POST - Some unnecessary data can be accessed from Request .Form of the textbox fields which is not required.
I think, while navigating to another page, I can use Query String on clikcing the button like below.
Response.Redirect("abc.aspx?id=10") //This will be at the code behind level.
and similarly we can use in Java Script like below.
function RedirecToAnotherPage(){
window.open('abc.aspx?id=10');}
Right?
Here, my query is in which case, I can use the "GET" and "Post" method in real life/dynamic website

POST removes constraints that GET has, like maximum query string size. You can control what data is sent by controlling which fields are inside the form tag. You can have multiple form tags and post the relevant one.

If you are creating a secure website you should use POST method
If you are sending a big and bulky datum to a server you have to use post because GET has some limitation.
In case of URL rewriting or you are developing website where you have to use SEO in that case your URL plays an important role; in that situation you should use GET.
GET is faster than POST

You have to choose GET method especially when you want to read and choose POST when you want to write/update (database or file etc). Take a look at article - Methods GET and POST in HTML forms - what's the difference?
To learn more on ASP.NET web-app Forms.
How to: Post ASP.NET Web Pages to a Different Page.
ASP.NET Forms.

Related

How to hide the actual url which include query string?

I want to replace the url which include query string so end user only not able to see the original path of web page. what can I do?
Either:
Use HTML forms with POST instead of regular links or GET forms.
Alter the address bar on client side with javascript, but users can bypass this if they know how to and it's kind of sketchy.
Save the state and redirect from the backend if possible in your environment, though this is an ugly method as well imo unless it's a one-time thing because of people landing on your page from some external link.

Webscraping a tricky asp.net page

The overall goal is to perform a search on the following webpage http://www.cma-cgm.com/eBusiness/Tracking/Default.aspx with a container value of CMAU1173561. I have tried two approaches, the php extension cURL and python's mechanized. The php approached involves a performing a POST submit using the input fields found on the page (NOTE: These are really ugly on the asp.net page). The returned page does not contain any of the search results. The second approaches involves using python's mechanize module. In this approach I load the page, select the form, then change the text field ctl00$ContentPlaceBody$TextSearch to the container value. When I load the response again no search results.
I am at a really dead end. Any help would be appreciate because as it stands my next step is to become a asp.net expertm which i perfer not to.
The source of that page is pretty scary (giant viewstate, tables all over the place, inline CSS, styles that look like they were copied from Word).
Regardless...an ASP.Net form still passes the same raw data to the server as any other form (though it is abstracted to the developer).
It's very possible that you are missing the cookies which go along with the request. If the search page (or any piece of the site) uses session state, the ASP.Net session cookie must be included in the request. You will be able to tell it from its name (contains "asp.net" and "session").
I assume that you have used a tool like Firebug or Chrome to view the complete outgoing request when the page is submitted. From my quick test, it looks like the request may be performed with a GET, not a POST. I submitted a form, looked at the request, and pasted the URL into a new browser window.
Example: http://www.cma-cgm.com/eBusiness/Tracking/Default.aspx?ContNum=CMAU1173561&T=57201202648
This may be all you need to do.

Bookmarking ASP.NET search results using POST or GET?

I need a little help understanding how HTML forms work. It is my understanding that forms that use GET as their method submit name/value pairs for all fields within the form tags of said submission. However, if you take a look at the follow example from Google (and I've seen this in many other places too) and only use one of the fields on the form:
http://books.google.co.uk/advanced_book_search
Rather than being sent to a page with a name/value pair for each field of the advanced search page you are taken to a much cleaner looking URL:
http://www.google.co.uk/search?tbo=p&tbm=bks&q=hitchiker&num=10
Despite all of the input fields on the advanced search page.
Onto my problem... My own advanced search page is quite large and at the moment is being POSTed to my search results page which is taking in the values and searching accordingly, no problems! However, I want my users to be able to bookmark/share their searches and in order to do this I need to have items being passed into the querystring but I don't want massive querystrings if I don't need them. If my user has only searched by a color for example then I want the URL to be something like search.aspx?color=red; If they're searching by color and size then search.aspx?color=red&size=large and so on. Is this possible?
To complicate things even further I'm using ASP.NET so it's not the easiest of things to create a form that uses GET though I do believe I have already found away around this.
If you can give any advice or a nudge in the right direction, then thank-you! :)
What you're suggesting should be easily possible if you conditionally check the querystring on the results page to ensure the key/value is there.
if(Request.QueryString["color"] != "")
{
// Add color to the seach parameters
}
To create the GET request I would think you would need to POST back to your search form and redirect to the results form from there, dynamically adding key/values to the querystring as and when they are required. This Post/Redirect/Get design pattern is typically used with web forms to help with book marking.
If you want to share bookmarked searches between users, then you'll have to share the name/value querystring options in the posted URL. It sounds like you don't want to include the pair if one wasn't specified. That's easy, just dynamically build a querystring for pairs that the user HAS provided input for. So, when processing, loop through all input controls, and if a value was provided, append it to the querystring, or not.

how to get search engines to understand a DB driven asp.net site

All,
This would seem like a fairly basic asp.net question - but in all my years of coding, I've never really thought about it.
Say you have a asp.net 2.0 site with only a masterpage and a default.aspx and its a blog that saves all the data into the database. Links on the side are generated automatically. So ... the URL is always just http://www.XXXXX.com/default.aspx.
So, with that being the case, what do you need to do so that ... say google ... knows about all the different blog entries and links directly to the entries instead of just the base URL?
Is it as simple as changing the forms method to: method="get"?
Thanks, L. Lee Saunders
There are at least two solutions:
Search engines understand query strings, so just add the article IDs to the URLs in your anchor tags -- no need to even use a form control.
Use URL rewriting to expose one set of URLs to the outside world (like /article-title/1234/) in your anchor tags, and then modify the URL to be default.aspx when it arrives at your site; the page could then pull the article to be displayed from any number of places, including but not limited to a query string.
You could have a REST webservice so that you can just use urls to navigate the site, and perhaps have a front page with some new posts, so that the spider can navigate the site..
As an example, look at the urls for SO, it is easy for a spider to navigate this database-driven website.
Create a page that just serves up XML Sitemap (the data obviously being pulled from your database) and submit the sitemap to Google.
Google will then index any links in your sitemap.
(This assumes that these is some difference between each article - e.g. a Querystring key/value).
Useful Link(s):
Web Sitemap Generators
Google Sitemap Validator
Google Sitemaps for ASP.NET 2.0 (there are about a gazillion interesting links off the back of this as well).
some sort of URL rewriting may be an answer
I wouldn't recommend a postback for your situation, it can get ugly for refreshes etc. So, yes, change the method to "get"
Then, say your page of, default.aspx?postid=12345 will get translated into /mm/dd/yy/this-is-my-post.aspx

Best way to create complex html email message with asp.net, how?

After user places an order I have to send detailed email message containing order details, instructions for payment, some additional text etc.
I want to create nicely formatted HTML email message.
By now I found two options:
manually creating piece by piece, string by string, which is too cumbersome,
creating actual aspx page and binding data, then rendering that page as html and sending as body of email.
This second option is more visual and easier to implement except:
I do not know how to actually load and render page, I know how to do it with ascx
This seems to much of overhead to instantiate page and render it
How to load page and render it? Do you have any other ideas or suggestions for this task?
Well, IMO, your basic problem amounts to "How do I convert an ASPX resource into an HTML string to pass to the MailMessage Body property ?"
You could do that simply by using a WebRequest to the ASPX URL in question and read that response into a Stream. Then simply read the stream into a string and your primary problem is solved.
Edit: Here's an article that illustrates this concept.
Personally, I'd want to use a template, either in a database, or as a file that gets loaded. This template would have most of the content for the email in HTML, with tokens that I can replace with the content.
ex.
<b>Receipt for order # [[ordernum]]</b>
That way I could use simple string replacement to place the dymanic content into the email, without having to build the whole email every time it needs to be sent.
In a similar situation I store a template email message in my database so that the people who use our software can modify the message. It is created (by the user) using the online HTML editor control from Telerik. Within this message, I support several "mailmerge" type fields that all have the pattern {FirstName}, {LastName}, etc.
When it is time to send the message, I pull the formatted text from the database, use string replace to fill in any slots in the template, and then send it. I guess the key is that I know the message is HTML formatted because the Telerik control helps ensure that it is so. However, there is no reason why you couldn't create your HTML and then just save it for later use.
The .aspx page route? I just wouldn't do it. It is way overkill and doesn't offer you any advantages.
I'll use a template like Jay mentioned.
Below resource might turn out useful for you.
http://dotnettricks.com/blogs/roberhinojosablog/archive/2006/05/12/57.aspx
Try using a template stored in a .NET string resource file. Down the line this will make localization a lot easier too.

Resources