3

this is my first post on stackoverlow and I couldn't find a solution to this in any other posts, so here it goes:

I have a web page that is sending two query strings in the url:

example.aspx?name=<%=name%>&sku=<%=sku%>

I then collect the values using Request.QueryString["name"]; and Request.QueryString["sku"];

When I view the url on the source of the page sending the query strings everything looks fine, but if "name" contains a forward slash (/) it will somehow get tacked on to the end of "sku" when I retrieve the value of the query string. I've tried to replace the / with %2F but that doesn't work. If the "name" query string doesn't have a slash everything looks correct.

Any Ideas?

Edit: I ended up having to double encode (server.urlencode) and double decode for it to work correctly. Thanks for all your help!

Zach
  • 880
  • 3
  • 12
  • 23
  • @Zack - fixing the querystring with Server.UrlEncode as others have mentioned should be used. However, something else is awry. The root of the problem is if the `name` value has a forward slash (/), then the slash is being added to the `sku` value. You'll need to look at how you are setting the `name` and `sku` querystring parameters to see why the slash is being added to the `sku`. – Metro Smurf Mar 03 '11 at 20:03

3 Answers3

4

Actually, your should encode your values for URLs with HttpServerUtility.UrlEncode method:

example.aspx?name=<%=Server.UrlEncode(name)%>&sku=<%=Server.UrlEncode(sku)%>

URL encoding ensures that all browsers will correctly transmit text in URL strings. Characters such as a question mark (?), ampersand (&), slash mark (/), and spaces might be truncated or corrupted by some browsers. As a result, these characters must be encoded in tags or in query strings where the strings can be re-sent by a browser in a request string.

EDIT:

let's check this with the values you provided: name = Bellagio™ 16 1/2" High Downbridge Outdoor Wall Light, sku = 46910: firstly I created a page with 2 properties:

public string Name
{
    get
    {
        return "Bellagio™ 16 1/2\" High Downbridge Outdoor Wall Light";
    }
}

public string Sku
{
    get
    {
        return "46910";
    }
}

and then add link definition to the page:

<a href='1.aspx?name=<%=Server.UrlEncode(Name)%>&sku=<%=Server.UrlEncode(Sku)%>'>
    this is a link
</a>

and then grab these values (click the link firstly):

protected void Page_Load(object sender, EventArgs e)
{
    var name = Request.QueryString["name"];
    var sku = Request.QueryString["sku"];
}

these values are exactly the same as you provided: Bellagio™ 16 1/2\" High Downbridge Outdoor Wall Light and 46910.

Unfortunatelly, I was unable to reproduce an incorrect URL you post in your first comment: LifeSizePDF.aspx?productname=Bellagio&amp;%238482%3b+16+1%2f2&amp;quot%3­b+High+Downbridge+Outdoor+Wall+Light&amp;shortsku=46910%2f

Oleks
  • 31,955
  • 11
  • 77
  • 132
  • +1 for the linky and inline coding for a nice copy & paste solution. :) – Grant Thomas Mar 03 '11 at 19:32
  • I tried this and this is the result (sku still has / in it): action="LifeSizePDF.aspx?productname=Bellagio&%238482%3b+16+1%2f2&quot%3b+High+Downbridge+Outdoor+Wall+Light&shortsku=46910%2f" – Zach Mar 03 '11 at 19:42
  • @Zach: could you provide your original values for `sku` and `productname`? It seems the values got garbled. – Oleks Mar 03 '11 at 20:06
  • name = Bellagio™ 16 1/2" High Downbridge Outdoor Wall Light sku = 46910 – Zach Mar 03 '11 at 21:15
  • Thanks Alex, I'll have to keep playing around with the code to see what's going on. Let me know if anything crosses your mind later. – Zach Mar 03 '11 at 22:19
  • @Zach: with substrings like `&` and `"` it seems your string was HTML encoded several times like `Server.HtmlEncode(Server.HtmlEncode(value))` (not `UrlEncode`). But without code I can't say this for sure. – Oleks Mar 03 '11 at 22:39
  • I just looked at the data and it seems the the tm and quote are already encoded in the database, however the slash is not. – Zach Mar 03 '11 at 22:55
  • @Zach: try to execute `Server.HtmlDecode` method on your data first; slash is not encoded in html. – Oleks Mar 03 '11 at 22:57
2

Use URL encoding to format the values appropriately, assuming the forward slash in the name is intentional and would like to be extracted with the end result.

Note that there are at least two ways to go about this easily, for example using the static class HttpUtility or, when in the context of a Page, using the Server property:

var encodedValue = HttpUtility.UrlEncode(rawValue);

var encodedValue = Server.UrlEncode(rawValue);
Grant Thomas
  • 44,454
  • 10
  • 85
  • 129
0

You could just trim the end value of the sku request:

Request.QueryString["sku"].TrimEnd( '/' );
Metro Smurf
  • 37,266
  • 20
  • 108
  • 140