ASP.NET Client Side State Management – Query Strings

May 17, 2008


ASP.NET Client Side State Management – Query Strings

Continuing the tour in the ASP.NET client side state management our
current stop is the query string technique.
You can read my previous posts in the state management subject in
the following links:

What are Query Strings?
Query strings are data that is appended to the end of a page URL.
They are commonly used to hold data like page numbers or search terms
or other data that isn’t confidential. Unlike ViewState and hidden fields, the
user can see the values which the query string holds without using special
operations like View Source.
An example of a query string can look like;b=2.
Query strings are included in bookmarks and in URLs that you pass in
an e-mail. They are the only way to save a page state when copying
and pasting a URL.

The Query String Structure
As written earlier, query strings are appended to the end of a URL.
First a question mark is appended to the URL’s end and then every
parameter that we want to hold in the query string. The parameters
declare the parameter name followed by = symbol which followed by the
data to hold. Every parameter is separated with the ampersand symbol.
You should always use the HttpUtility.UrlEncode method on the data
itself before appending it.

Query String Limitations
You can use query string technique when passing from one page to
another but that is all. If the first page need to pass non secure data to
the other page it can build a URL with a query string and then redirect.
You should always keep in mind that a query string isn’t secure and
therefore always validate the data you received.
There are a few browser limitation when using query strings.
For example, there are browsers that impose a length limitation
on the query string. Another limitation is that query strings are passed
only in HTTP GET command.

How To Use Query Strings
When you need to use a query string data you do it in the following way:   

   string queryStringData = Request.QueryString[“data”];

In the example I extract a data query string. The structure of the
URL can look like url?data=somthing. After getting to data parameter
value you should validate it in order not to enable security breaches.
The next example is a code to help inject a query string into a URL:

   public string BuildQueryString(string url, NameValueCollection parameters)


      StringBuilder sb = new StringBuilder(url);


      IEnumerator enumerator = parameters.GetEnumerator();

      while (enumerator.MoveNext())


         // get the current query parameter

         string key = enumerator.Current.ToString();


         // insert the parameter into the url

         sb.Append(string.Format(“{0}={1}&”, key,




      // remove the last ampersand

      sb.Remove(sb.Length – 1, 1);

      return sb.ToString();


To sum up the post, query string is another ASP.NET client side state
technique. It is most helpful for page number state or
search terms. The technique isn’t secured so avoid using it with confidential
data. In the next post in this series I’ll explain the how to use cookies.

Add comment
facebook linkedin twitter email

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



  1. Wow and OuchSeptember 15, 2008 ב 8:58

    Hi, Gil. thanks for sharing your knowledge and guys like us really appreciate your insight. I’m a junior web developer working on becoming an expert. I am currently working on an application. A web application to be precise and it’s an intranet portal.

    It’s not sharepoint but it works similar to Sharepoint. Users can create their own pages and sub-sites based on their logins obviously and the pages they create are saved in Sql 2005 database. My problem is, i actually have to fix a few things on the app and it was written with Codecharge. It has visual entities or controls which i can use to locate how the app works, I need a way to find how the whole app works so i can make changes to hyperlinks which are all generated dynamically. Locating which classes work with which ones is a mission.

    I am using Visual Studio 2008 to write a .Net 2.0 application. is this okay and do you know of any solutions to my problem. Your assistance will be greatly appreciated.

    Kind Regards,
    Kabelo Selebalo

  2. Gil FinkSeptember 17, 2008 ב 15:04

    Hi Kabelo Selebalo,
    Thanks for the things you wrote. Eventhough your question doesn’t regard the post’s information I’ll try to answer it. I think that you should download the reflector tool in order to disassemble the dll’s of your written application. If it’ll succeed you’ll able to see the code behind the Codecharge visual entities or controls which will help you to get insight on your application.
    You can download the tool in the following link:
    I hope it will help you.

  3. FiresideOctober 15, 2008 ב 9:53

    Is there a convenient way to modify a single QueryString in the url of a page if it exists, and add it if it doesn’t?

    Right now I have an unwieldy set of nested if statements covering each possible case.

    I am intending to redirect to the modified url. I could use your method to completely rebuild the QueryString collection, which would be cleaner than what I have now, but I’d really like a way to change one value at a time (and add a new one if it doesn’t exist).

    webmaster ^at$ fireside21 ^\.$ com

  4. Gil FinkOctober 16, 2008 ב 2:35

    Hi Fireside,
    Because HttpRequest.QueryString is a NameValueCollection then you can manipulate that collection to your needs and then pass it to my method or use it with out my method.
    Use the Set method of NameValueCollection instead of Add in order to update a record that exists or add a new record if it doesn’t exists(you can read about it here
    I hope that helps.

  5. Amit PrajapatiOctober 18, 2008 ב 1:39

    Fine!!! It’s wonderfull !!! By reading this article I have gained complete knowledge about the query string in the state management.

    Thanks Again!!!
    Amit Prajapati