Querystring - DotNet and DataBase

Friday, 10 August 2018

Querystring


The query string is a technique to send the values from one web page to another web page. Using the web page URL  data can be transferred from one page to another. As URL is the main resource here to transfer the data, the end user can easily identify the values that we are sending from one page to another. So, it is not a recommendable technique for the sensitive information like passwords and credit card numbers etc..

Let us create a query string with an example below

I have two text boxes on my  UserDetails page, now I want to send the information which exists in the text boxes(on the button click) to another page  UserDetailsPrint.

ASPX page
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="UserDetails.aspx.cs" Inherits="WebProgramming.UserDetails" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <table>
                <tr>
                    <td>
                        <asp:Label ID="lblUserName" runat="server" Text="UserName"></asp:Label></td>
                    <td>
                        <asp:TextBox ID="txtUserName" runat="server"></asp:TextBox></td>
                </tr>
                <tr>
                    <td><asp:Label ID="lblPhone" runat="server" Text="Phone"></asp:Label></td>
                    <td><asp:TextBox ID="txtPhone" runat="server"></asp:TextBox></td>
                </tr>
                <tr>
                    <td colspan="2" style="text-align:right">
                        <asp:Button ID="btnSend" runat="server" Text="Send" OnClick="btnSend_Click" /></td>
                </tr>
            </table>
        </div>
    </form>
</body>
</html>


Code behind:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebProgramming
{
    public partial class UserDetails : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnSend_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/UserDetailsPrint.aspx?Username=" + txtUserName.Text + "&UserPhone=" + txtPhone.Text + "");
        }
    }
}

Here question mark("?") indicates the starting of the query string and the "&" symbol indicates the separation between the query strings.

Catching the query string elements in another page.

ASPX page
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="UserDetailsPrint.aspx.cs" Inherits="WebProgramming.UserDetailsPrint" %>

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
    <title></title>
</head>
<body>
    <form id="form1" runat="server">
        <div>
            <table>
                <tr>
                    <td>
                       UserName: <asp:Label ID="lblUserName" runat="server" Text="UserName"></asp:Label></td>                   
                </tr>
                <tr>
                    <td>Phone Number: <asp:Label ID="lblPhone" runat="server" Text="Phone"></asp:Label></td>
                </tr>
            </table>
        </div>
    </form>
</body>
</html>


Now, I want to read the query string information into two label controls which are in my UserDetailsPrint.aspx page as above.
So, I will write the code below.

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebProgramming
{
    public partial class UserDetailsPrint : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            lblUserName.Text = Request.QueryString[0];
            lblPhone.Text = Request.QueryString[1];
        }
    }
}



QueryString[0] is the QueryString number in the URL and with the name of the QueryString also we can read the values.


using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

namespace WebProgramming
{
    public partial class UserDetailsPrint : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            lblUserName.Text Request.QueryString["Username"];
            lblPhone.Text = Request.QueryString["UserPhone"];
        }
    }
}


Using Server.UrlEncode sending data
Let us suppose we are sending a string through the QueryString which is having "&" on (like "Naga & P") it to another page.  The output would be as below.



   protected void btnSend_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/UserDetailsPrint.aspx?Username=" + txtUserName.Text + "&UserPhone=" + txtPhone.Text + "");
        }








This is because, "&" symbol tells to the compiler that, its a separate query string. Sometimes while sending the string as a query string, there is a chance to exist special characters on it.  That would give wrong information finally.  To avoid that we need to encode the query string as below.

protected void btnSend_Click(object sender, EventArgs e)
        {
            Response.Redirect("~/UserDetailsPrint.aspx?Username=" + Server.UrlEncode(txtUserName.Text) + "&UserPhone=" + txtPhone.Text + "");

        }



Then we will get the output as expected as below.







No comments:

Post a Comment

x

Get Updates On

Discussion updates

Straight Into Your INBOX!

Enter your email address to subscribe to this website and receive notifications of new posts by email.