I have a problem when passing parameters in querystring. I found that its values are null.
Below my code snippet:
page1 - here I am passing some parameters:
Response.Redirect(string.Format("RequestReservationPage.aspx?plcName={0}&PLCIndex={1}&Email={2}&form={3}&to={4}&SR={5}&Comment={6}", lblPLCNameVal.Text, index, lblEmailVal.Text, DateTime.Parse(lblReqFromVal.Text).ToShortDateString(),DateTime.Parse(lblReqToVal.Text).ToShortDateString(), lblServReqNum.Text, lblYourCommentVal.Text));
page2 - here I am requesting its values:
cmbPLCRequest.SelectedIndex = Convert.ToInt32(Request.QueryString["PLCIndex"]);
txtEmail.Text = Convert.ToString(Request.QueryString["Email"]);
txtSR.Text = Convert.ToString(Request.QueryString["SR"]);
txtComment.Text = Convert.ToString(Request.QueryString["Comment"]);
txtReqFromDate.Text =Request.QueryString["from"];
txtReqToDate.Text = Request.QueryString["to"];
but I found that both of Request.QueryString["from"] and Request.QueryString["to"] return null
any idea?
see this
The amount of data you can transfer on
the QueryString is limited by a number
of factors, but the one that seems to
be the most restrictive is the space
in your browser's address bar. The
Internet Explorer versions 5 and 6
that I tested only allowed up to 2,047
characters while Netscape Navigator
version 4 seemed to be able to handle
up to 30,000 and I couldn't get
version 6 much past 9,000.
See this MSDN article for other options instead of passing variables by using the querystring
EDIT: try storing your values in the POST parameters if you need large strings
Two problems: typo in the from - in the Redirect code you got it as form.
Also, you better encode all the values to be fit for URL.. so the code will be:
Response.Redirect(string.Format("RequestReservationPage.aspx?plcName={0}&PLCIndex={1}&Email={2}&from={3}&to={4}&SR={5}&Comment={6}",
Server.UrlEncode(lblPLCNameVal.Text),
index,
Server.UrlEncode(lblEmailVal.Text),
Server.UrlEncode(DateTime.Parse(lblReqFromVal.Text).ToShortDateString()),
Server.UrlEncode(DateTime.Parse(lblReqToVal.Text).ToShortDateString()),
Server.UrlEncode(lblServReqNum.Text), Server.UrlEncode(lblYourCommentVal.Text)));
Related
I have an ASP.NET Core web API and an issue with encoded URL's in query parameters.
I have an URL parameter like 'path/to/'. The IDENTIFIER part is something like 'HÄÄ/20/19'. This is urlEncoded in frontend to a link URL. The result is a link like
domain.com/new/stuff/path/to/H%C3%84%C3%84%2F20%2F19
Now, at some point, user gets redirected to a controller where this URL is used in a query parameter like:
param=%2Fpath%2Fto%2FH%C3%84%C3%84%2F20%2F19
I'm using request query to get the param
var param = HttpContext.Request.Query["param"].ToString();
After this the value of param is
%2Fpath%2Fto%2FHÄÄ%2F20%2F19
So the LATIN CAPITAL LETTER A WITH DIAERESIS are automatically decoded as the other encoded characters are not.
The actual problem comes when I'm redirecting the user to this URL. It ends up with a referer header where it causes havoc with an error message
System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x00C4
I tried to just replace all the 'Ä' characters with 'A' and the problem is fixed. This is not a real fix though. I cannot encode the whole variable (see above) as it would result in double encoding for other encoded characters.
This problem only occurs with IE11 and Edge (AFAIK) and works fine with at least Chrome.
I'm not 100% sure where the actual problem is and why this is happening so does anyone have any ideas where to start looking and how to fix this without hacking with the string.replace?
EDIT
I could fix it with something like this, but I'm not seriously doing this. Seems way too hacky.
var problemPart = param.Substring(param.LastIndexOf('/') + 1, param.Length - param.LastIndexOf('/') - 1);
var fixedPart = WebUtility.UrlDecode(problemPart);
fixedPart = WebUtility.UrlEncode(fixedPart);
param = param.Replace(problemPart, fixedPart);
EDIT 2
I think the problem is that IE11 and Edge change the encoding by adding control characters to it when the URL ends up to the referer header. The fix I added to the original post doesn't actually fix the problem but just work around it. The control character that gets added to the URL is %C2%84 (so Ä becomes %C3%84%C2%84 instead of just %C3%84)
TEMPORARY WORKAROUND
I basically used the code above to workaround the issue. I iterated the parameter value and re-encoded all the invalid characters in it. This doesn't fix the root cause but works around the issue and user doesn't get any errors to the screen.
It is clearly to me that when I submit a simple form with :
a # w+aaa
Actually what is being posted is :
html=a+%40+w%2Baaa (ignore the "html" word)
But when I post it via fiddler :
What is being submitted is a # w+aaa ( the original raw string , obviously).
Question:
Can fiddler auto "encode" the variables so they will be sent as a+%40+w%2Baaa ?
Nb I know I can use the textwizard for this , but again , it is pretty annoying every time to open and paste values .
Fiddler's Composer doesn't automatically encode variables for you, and no, there's no way that it could reliably do so, since there's no way to tell whether a given = or & is a part of the value, or a delimiter between values.
If you wanted, you could use the WebForms Inspector to compose the POST body; simply SHIFT+Click the Execute button and then use the WebForms Inspector to edit the body fields.
I am integrating with a system that creates part of a URL and I supply part of the URL.
I supply this:
http://myServer/gis/default.aspx?MAP_NAME=myMap
The system supplies this:
?type=mrolls&rolls='123','456'
(the "rolls" change depending on what the user chooses in the system)
so, my URL ends up looking like this:
http://myServer/gis/default.aspx?MAP_NAME=myMap?type=mrolls&rolls='123','456'
I need to get the rolls but when I try this in VB.Net:
Dim URL_ROLL As String = Request.QueryString("rolls")
I get an incorrect syntax error.
I think it's a combination of the 2nd question mark and the single quotes.
When the system is only passing one roll, it works, I can get the rolls from the URL
which looks like this:
http://myServer/gis/default.aspx?MAP_NAME=myMap?type=roll&roll=123
I asked them to change the format of the system's URL but they can't change it without affecting the rest of their users.
Can anyone give me some ideas on how to get the rolls from the URL with single quotes?
OK, I believe I've fixed my problem.
I used a regular expression to remove anything in the querystring that wasn't a number or a comma.
Thanks again for taking time to make your comments, it made me look at the problem from a different angle.
This is all internal servers and software, so I'm very limited on my options, but this is where I'm at. This is already a band-aid to a workaround but I have no choice, so I'm just trying to make it work.
I have a simple .asp file on my server that is protected by a service that will handle the user authentication (I have no control over this service). When a user goes to this .asp file, it requires them to authenticate via the service, and the service then redirects them to the .asp.
The service is inserting custom values in to the http header that allow me to identify who has logged in (I need it further down the line). When I use the asp to view the ALL_RAW and ALL_HTTP values from the header, I can see all the custom values. But when I try to call these values specifically I get nothing.
I ran this simple loop:
<%
for each x in Request.ServerVariables
response.write("<B>" & x & ":</b> " & Request.ServerVariables(x) & "<p />")
next
%>
and all the keys display including the custom ones. But none of the custom values will. The values are the part I need.
the only thing I can find unique about the custom values is that they look slightly different in the ALL_RAW value, but they all look correct in the ALL_HTTP. As best I can tell, they are formatted correctly. the only formatting differences between the standard and custom values are case and underscores instead of hyphens.
Why can I not read these custom values?
I found my answer.
When I ran this loop
<%
for each x in Request.ServerVariables
response.write("<B>" & x & ":</b> " & Request.ServerVariables(x) & "<p />")
next
%>
it would return a list of all the names that were in the header and their values. The custom value I was looking for would show as name "HTTP_CUSTOM_ID" and I could see it, with it's value in the ALL_HTTP and ALL_RAW, but when I tried to pull that specific value, it would return an empty string. The solution I stumbled on (by talking to someone else here at work who had gone through a similar situation with the same service I was trying to accommodate is to use:
<%=Request.ServerVariables("HEADER_CUSTOM_ID")%>
When viewing the full header, nothing led me to use the HEADER prefix instead of the HTTP, in fact, it led me opposite. And I never found any mention of this anywhere searching online either. So I'm posting my own answer to my question here so it is on the web.
For the sake of expedience, why not just parse Request.ServerVariables("ALL_RAW") yourself?
There is a better way than parsing each item yourself. Look at the values in Request.ServerVariables("ALL_HTTP") and find the header you need but named a bit different.
All HTTP headers start with HTTP_. I was looking for If-None-Match and it was in the collection as HTTP_IF_NONE_MATCH. To get the value I used Request.ServerVariables("HTTP_IF_NONE_MATCH").
I have a query string parameter value that contains an ampersand. For example, a valid value for the parameter may be:
a & b
When I generate the URL that contains the parameter, I'm using System.Web.HTTPUtility.UrlEncode() to make each element URL-friendly. It's (correctly) giving me a URL like:
http://example.com/foo?bar=a+%26b
The problem is that ASP.NET's Request object is interpreting the (encoded) ampersand as a Query String parameter delimiter, and is thus splitting my value into 2 parts (the first has "bar" as the parameter name; the second has a null name).
It appears that ASP.NET is URL-decoding the URL first and then using that when parsing the query string.
What's the best way to work around this?
UPDATE: The problem hinges on URLRewriter (a third-party plugin) and not ASP.NET itself. I've changed the title to reflect this, but I'll leave the rest of the question text as-is until I find out more about the problem.
man,
i am with you in the same boat, i have spent like hours and hours trying to figure out what is the problem, and as you said it is a bug in both, as normal links that contain weird characters or UTF-8 code characters are parsed fine by asp.net.
i think we have to switch to MVC.routing
Update: man you wont believe it, i have found the problem it is so strange, it is with IIS,
try to launch your page from visual studio Dev server and Unicode characters will be parsed just fine, but if you launch the page from IIS 7 it will give you the ???? characters.
hope some body will shade some light here
I would have thought that %26 and '&' mean exactly the same thing to the web server, so its the expected behavior. Urlencode is for encoding URLs, not encoding query strings.
... hang on ...
Try searching for abc&def in google, you'll get:
http://www.google.com.au/search?q=abc%26def
So your query string is correct, %26 is a literal ampersand. Hmm you're right, sounds like a bug. How do you go with an & instead of the %26 ?
Interesting reading:
http://www.stylusstudio.com/xsllist/200104/post11060.html
Switching to UrlRewritingNet.UrlRewrite did not help, as it apparently has the same bug. I'm thinking it might have something to do with ASP.NET after all.
I think URLRewriter has a problem with nameless parameters (null name).
I had a similar problem. When I gave my nameless parameter a (dummy) name, everything worked as expected.