ASP.NET - Query Strings - Client Side State Management
Continuing the tour in the ASP.NET client side state management our current stop is the query string technique. You can read my previous posts in the state management subject in the following links:
What are Query Strings?
Query strings are data that is appended to the end of a page URL. They are commonly used to hold data like page numbers or search terms or other data that isn't confidential. Unlike ViewState and hidden fields, the
user can see the values which the query string holds without using special operations like View Source.
An example of a query string can look like http://www.srl.co.il?a=1;b=2. Query strings are included in bookmarks and in URLs that you pass in an e-mail. They are the only way to save a page state when copying and pasting a URL.
The Query String Structure
As written earlier, query strings are appended to the end of a URL. First a question mark is appended to the URL's end and then every parameter that we want to hold in the query string. The parameters declare the parameter name followed by = symbol which followed by the data to hold. Every parameter is separated with the ampersand symbol.
You should always use the HttpUtility.UrlEncode method on the data itself before appending it.
Query String Limitations
You can use query string technique when passing from one page to another but that is all. If the first page need to pass non secure data to the other page it can build a URL with a query string and then redirect. You should always keep in mind that a query string isn't secure and therefore always validate the data you received. There are a few browser limitation when using query strings. For example, there are browsers that impose a length limitation
on the query string. Another limitation is that query strings are passed only in HTTP GET command.
How To Use Query Strings
When you need to use a query string data you do it in the following way:
string queryStringData = Request.QueryString["data"];
In the example I extract a data query string. The structure of the URL can look like url?data=somthing. After getting to data parameter value you should validate it in order not to enable security breaches. The next example is a code to help inject a query string into a URL:
public string BuildQueryString(string url, NameValueCollection parameters)
{
StringBuilder sb = new StringBuilder(url);
sb.Append("?");
IEnumerator enumerator = parameters.GetEnumerator();
while (enumerator.MoveNext())
{
// get the current query parameter
string key = enumerator.Current.ToString();
// insert the parameter into the url
sb.Append(string.Format("{0}={1}&", key, HttpUtility.UrlEncode(parameters[key])));
}
// remove the last ampersand
sb.Remove(sb.Length - 1, 1);
return sb.ToString();
}
Summary
To sum up the post, query string is another ASP.NET client side state management technique. It is most helpful for page number state or search terms. The technique isn't secured so avoid using it with confidential data. In the next post in this series I'll explain the how to use cookies.
(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)
Comments
Ajya Chang replied on Mon, 2012/02/20 - 6:28am
Hello,
Thanks for providing such valuable information on query stirngs. It will help a lo to the beginners. As lot of basics are covered here. Here can you give more information on how to secure our querystring parameters. Some thing like encrypting the URL.
I will look forward to listen from you on this. Once againg thanks.
Carla Brian replied on Fri, 2012/03/30 - 5:48pm
Gym Prathap replied on Wed, 2013/07/17 - 6:16am
To get all the query string key value pairs, you can use the below method
public NameValueCollection QueryString { get; }
ASP.NET Training in Chennai