ASP.NET Client Side State Management – Query Strings

May 17, 2008

6 comments

ASP.NET Client Side State Management – Query Strings


Continuing the tour in the ASP.NET client side state management our
current stop is the query string technique.
You can read my previous posts in the state management subject in
the following links:



What are Query Strings?
Query strings are data that is appended to the end of a page URL.
They are commonly used to hold data like page numbers or search terms
or other data that isn’t confidential. Unlike ViewState and hidden fields, the
user can see the values which the query string holds without using special
operations like View Source.
An example of a query string can look like http://www.srl.co.il?a=1;b=2.
Query strings are included in bookmarks and in URLs that you pass in
an e-mail. They are the only way to save a page state when copying
and pasting a URL.


The Query String Structure
As written earlier, query strings are appended to the end of a URL.
First a question mark is appended to the URL’s end and then every
parameter that we want to hold in the query string. The parameters
declare the parameter name followed by = symbol which followed by the
data to hold. Every parameter is separated with the ampersand symbol.
You should always use the HttpUtility.UrlEncode method on the data
itself before appending it.


Query String Limitations
You can use query string technique when passing from one page to
another but that is all. If the first page need to pass non secure data to
the other page it can build a URL with a query string and then redirect.
You should always keep in mind that a query string isn’t secure and
therefore always validate the data you received.
There are a few browser limitation when using query strings.
For example, there are browsers that impose a length limitation
on the query string. Another limitation is that query strings are passed
only in HTTP GET command.


How To Use Query Strings
When you need to use a query string data you do it in the following way:   



   string queryStringData = Request.QueryString[“data”];


In the example I extract a data query string. The structure of the
URL can look like url?data=somthing. After getting to data parameter
value you should validate it in order not to enable security breaches.
The next example is a code to help inject a query string into a URL:



   public string BuildQueryString(string url, NameValueCollection parameters)


   {


      StringBuilder sb = new StringBuilder(url);


      sb.Append(“?”);


      IEnumerator enumerator = parameters.GetEnumerator();


      while (enumerator.MoveNext())


      {


         // get the current query parameter


         string key = enumerator.Current.ToString();


 


         // insert the parameter into the url


         sb.Append(string.Format(“{0}={1}&”, key,


            HttpUtility.UrlEncode(parameters[key])));


      }


 


      // remove the last ampersand


      sb.Remove(sb.Length – 1, 1);


      return sb.ToString();


   }


Summary
To sum up the post, query string is another ASP.NET client side state
management
technique. It is most helpful for page number state or
search terms. The technique isn’t secured so avoid using it with confidential
data. In the next post in this series I’ll explain the how to use cookies.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*

6 comments

  1. Wow and OuchSeptember 15, 2008 ב 8:58

    Hi, Gil. thanks for sharing your knowledge and guys like us really appreciate your insight. I’m a junior web developer working on becoming an asp.net expert. I am currently working on an application. A web application to be precise and it’s an intranet portal.

    It’s not sharepoint but it works similar to Sharepoint. Users can create their own pages and sub-sites based on their logins obviously and the pages they create are saved in Sql 2005 database. My problem is, i actually have to fix a few things on the app and it was written with Codecharge. It has visual entities or controls which i can use to locate how the app works, I need a way to find how the whole app works so i can make changes to hyperlinks which are all generated dynamically. Locating which classes work with which ones is a mission.

    I am using Visual Studio 2008 to write a .Net 2.0 application. is this okay and do you know of any solutions to my problem. Your assistance will be greatly appreciated.

    Kind Regards,
    Kabelo Selebalo

    Reply
  2. Gil FinkSeptember 17, 2008 ב 15:04

    Hi Kabelo Selebalo,
    Thanks for the things you wrote. Eventhough your question doesn’t regard the post’s information I’ll try to answer it. I think that you should download the reflector tool in order to disassemble the dll’s of your written application. If it’ll succeed you’ll able to see the code behind the Codecharge visual entities or controls which will help you to get insight on your application.
    You can download the tool in the following link: http://www.red-gate.com/products/reflector/
    I hope it will help you.

    Reply
  3. FiresideOctober 15, 2008 ב 9:53

    Is there a convenient way to modify a single QueryString in the url of a page if it exists, and add it if it doesn’t?

    Right now I have an unwieldy set of nested if statements covering each possible case.

    I am intending to redirect to the modified url. I could use your method to completely rebuild the QueryString collection, which would be cleaner than what I have now, but I’d really like a way to change one value at a time (and add a new one if it doesn’t exist).

    Thanks.
    webmaster ^at$ fireside21 ^\.$ com

    Reply
  4. Gil FinkOctober 16, 2008 ב 2:35

    Hi Fireside,
    Because HttpRequest.QueryString is a NameValueCollection then you can manipulate that collection to your needs and then pass it to my method or use it with out my method.
    Use the Set method of NameValueCollection instead of Add in order to update a record that exists or add a new record if it doesn’t exists(you can read about it here http://msdn.microsoft.com/en-us/library/system.collections.specialized.namevaluecollection.set.aspx).
    I hope that helps.

    Reply
  5. Amit PrajapatiOctober 18, 2008 ב 1:39

    Fine!!! It’s wonderfull !!! By reading this article I have gained complete knowledge about the query string in the state management.

    Thanks Again!!!
    Amit Prajapati

    Reply