ASP Primer: Making a Request
Application Security Testing: An Integral Part of DevOps
Request.QueryString: Passing Information Along
Now that you know how to pass information from one page to another using a Session Variable, let's talk about a different way to pass information along.
Request.QueryString is used to retrieve information directly from the URL. Let's take a real-life situation and see how Request.QueryString works:
Let's say you have a website that has several different game reviews on it. On your home page you have 6 different links to different reviews. Instead of creating 6 separate pages, 1 for each review, you decide that you are going to use a single ASP page to display the reviews. The only problem is knowing which review to display.
You first create your 6 different review links on your home page that look something like this:
<A href="reviews.asp?reviewid=game1">Review 1</A>
There is really nothing special about how the link is created, it's just standard HTML. The special part is how you construct the URL. As you can see, the first part of the link is quite normal, just the name of the page that we want to go to. Then there is the question mark. The question mark is used to differentiate between the page path and the information that we are passing along. Next is the identifier for our information, "gameid". Each item that you pass through a URL must have it's own unique identifier within the URL in order for Request.QueryString to do its job. Finally, we set our unique identifier equal to whatever information we want to pass along, which is "game1" in this case.
So, what if I want to send more than one piece of information via a URL?
You can send as much information as you like by using the ampersand to connect the pieces. Here's an example:
Now that you understand how to send the information in a URL, let's take a look out getting the information out using Request.QueryString. In order to best demonstrate how Request.QueryString works I'll give you the code for the game review example we started above:
<% Option Explicit %>
<% Select Case Request.QueryString("gameid") %>
<% Case "game1" %>
<% Response.Write "This is the game 1 review ..." %>
<% Case "game2" %>
<% Response.Write "This is the game 2 review ..." %>
<% Case "game3" %>
<% Response.Write "This is the game 3 review ..." %>
<% Case "game4" %>
<% Response.Write "This is the game 4 review ..." %>
<% Case "game5" %>
<% Response.Write "This is the game 5 review ..." %>
<% Case "game6" %>
<% Response.Write "This is the game 6 review ..." %>
<% End Select %>
We use a Case statement to determine which review needs to be displayed. You'll notice the Request.QueryString in the beginning of the Case statement. To retrieve a value from a URL, all you need to know is the unique identifier that is being used. In our case, the only unique identifier that we are using is "gameid".
What happens if I misspell my unique identifier or forget to add it to the URL?
If Request.QueryString doesn't find the unique identifier that you are looking for it will simply return an empty string value, i.e. "".
Though it is a very simple process to send information from page to page via the URL, there are a few things you need to be aware of:
Any information sent via a URL is not secure. Whatever you do, don't ever pass credit card numbers or any other sensitive information along in a URL.
It's not like a Session Variable. Session Variables keep their value from page to page no matter how many pages the user jumps around to. With Request.QueryString, the value must be passed in the URL each time you move from one page to another.
URL's are very temper mental about the way they are structured. If you are unsure whether the URL that you are using is compliant, you can use a spiffy little function called Server.URLencode. (See Tip)
There is a great built-in ASP feature called Server.URLencode. It takes any string you give it and replaces all of the illegal characters with URL compliant translations. You use Server.URLencode like this:
The function then translates the information that you give it and spits out the appropriately translated string for a URL:
It is intended to only translate strings within a URL and not the entire URL. Whatever you do, don't give Server.URLencode an entire URL like this:
Or you will get a messed up result like this:
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...