Querystring related

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • abcd
    #1

    Querystring related

    I am making request to my asp page as

    http://localhost/test/test.asp?id=mike


    this works great query string value is retrived as "mike"

    whereas when I give the URL like this

    http://localhost/test/test.asp?id=%aaa


    I dont get id value = %aaa

    instead I get some garbage value...

    is there some kind of encoding required when % is involved in querystring...


    Tags: None
    • CB
      #2
      RE: Querystring related

      Yes, non-alphanumeric characters need to be encoded to travel in a URL. If
      the link is generated by script, you can use the command:
      server.URLEncod e("%aaa")

      P.S. it looks like you might be passing query string variables directly to
      SQL queries, which is very hackable and insecure. Rule 1 of web programming
      is to validate all variables from the client You might try:
      ?searchtype=end swith&searchfor =aaa
      and after checking the searchfor string for unexpected junk, construct the
      "%aaa" on the server side.

        Comment

        Previous template Next
        Working...