Camillia
asked on
Encode URL
I have a master page and links like this:
<asp:Hyperlink .... NavigateURL = "default.aspx?PageId=9" />
My coworker says we need to encode the URL. I've found these 2 links but still not sure how to do it.
1. http://forums.asp.net/t/1303095.aspx
This one has Response.Redirect("default .aspx?data =" + HttpUtility.UrlEncode(valu e));
but I need to add "pageId=9" to it
2. http://forums.asp.net/t/1530950.aspx
Scroll down, says to encode and decode and redirect in a separate page.
3. http://www.4guysfromrolla.com/articles/083105-1.aspx
That one has a live demo with code to tamper proof a URL.
How can I do encode a URL?
<asp:Hyperlink .... NavigateURL = "default.aspx?PageId=9" />
My coworker says we need to encode the URL. I've found these 2 links but still not sure how to do it.
1. http://forums.asp.net/t/1303095.aspx
This one has Response.Redirect("default
but I need to add "pageId=9" to it
2. http://forums.asp.net/t/1530950.aspx
Scroll down, says to encode and decode and redirect in a separate page.
3. http://www.4guysfromrolla.com/articles/083105-1.aspx
That one has a live demo with code to tamper proof a URL.
How can I do encode a URL?
ASKER
ah, yeah, i don't want users typing id 8 or id 7 in URL and change the page like that. Yes, having a random sequence of numbers is a better idea. Thanks.
ASKER
so it's ok if i display http://whatever.com?pageId=9
i guess it is. For example, for this question, i see this URL
https://www.experts-exchange.com/questions/27302315/Encode-URL.html
so it displays the question id....
i guess it is. For example, for this question, i see this URL
https://www.experts-exchange.com/questions/27302315/Encode-URL.html
so it displays the question id....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
In your example, you only use the digit '9', which doesn't need encoding - what you have already is fine.
However, you have also posted a link to a page about tamper proof URL's. If you want to mask the fact the number is a page ID, then try using a longer code for the page ID - a GUID would be most secure, but a random sequence of 5 or 6 letters/numbers would make it hard to guess other page id's. However, if users guessing other page id's is ok, but you just want to make sure the id can't be misused, then just some server side validation to make sure the ID is really a number, and then is an actual page id should be enough.