Solved

Special characters didn't get passed through an querystring

Posted on 2001-07-05
21
335 Views
Last Modified: 2012-06-22
Hi all the experts, I've had an ASP page where it sends a variables to another ASP page through a QueryString, for example, from a click button, I've run this code:
function load(form) {
        var myindex=form.App.selectedIndex;
        var strApp = form.App.options[myindex].text;
        var strURL = "MyPage.asp?App='" + strApp + "'";
        window.alert(strURL);
        parent.view_frame.location.href = strURL;
}
This works fine, I could run MyPage.asp with the QueryString("App") passed over correctly.  However, if the strApp I am passing from above function contains special characters such as: +,# etc., then those special characters are droped off.  And the window.alert showed me that the URL does contains the correct info such as:
MyPage.asp?App=C++ Application
But, if I put a Response.Write on the MyPage.asp, and write out the Request.Query("App")
and it will show me ONLY the "C Application" and two + are dropped.  

Does anyone know what's wrong? Thanks in advance.
0
Comment
Question by:ejiang
  • 7
  • 5
  • 3
  • +4
21 Comments
 
LVL 5

Expert Comment

by:mattyk
ID: 6256789
You''ll need to make use of Javascript's escape function to encode the URL

so

parent.view_frame.location.href = strURL;


would be

parent.view_frame.location.href = escape(strURL);

-mattyk
0
 
LVL 20

Expert Comment

by:jitganguly
ID: 6256791
Use Server.URLEncode like

MyPage.asp?App=Server.URLEncode("C++ Application")

or

abc = "C++ Application"
MyPage.asp?App=Server.URLEncode(abc)




0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6256851
URLEncode or HTMLEncode?

If you are trying to encode a string, do it before you pass it to the redirect;

var strURL = "MyPage.asp?App='" + "'<%=Server.HTMLEncode(strApp)%>'" + "'";
       

0
 
LVL 3

Author Comment

by:ejiang
ID: 6256884
Thanks mattyk, I tried that and it didn't work and I've got an error at line:
parent.view_frame.location.href = escape(strURL);
the error message is "Expected ;"
Remind you that the strURL show me correct result as the C++ does show up there, just when it gets to the MyPage.asp the QueryString("App") doesn't pick up that two pluses.

Thanks jit, that didn't work for me either, after I made it to encode my URL includes the two plus, and when it gets to the MyPage.asp, the QueryString I am getting is still:
'C Application' and the two plus are still dropped, also, if this work, how do I get it Uncoded? Is there a URLUncode function?

Thanks for your quick response.
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 100 total points
ID: 6256915
HTTPEncode and URLEncode only convert special characters to ASCII values;

The HTMLEncode method applies HTML encoding syntax to a specified string of ASCII characters. For example, this allows you to display a HTML tag on a web page and not have it treated as an actual tag.

There is one mandatory argument.

String

The String argument is the string to be encoded.

Code:
<% Response.Write Server.HTMLEncode("The tag for a table is: <Table>") %>

Output:
The tag for a table is: &lt;Table&gt;

Browser Output:
The tag for a table is: <Table>

The URLEncode method takes a string and converts it into a URL-encoded format. For example, you can use URLEncode to ensure that hyperlinks in your Active Server Pages are in the correct format.

There is one mandatory argument.

String

The String argument is the string to be encoded.

Code:
<% Response.Write Server.URLEncode("http://www.issi.net") %>

Output:
http%3A%2F%2Fwww%2Eissi%2Enet

I think there is a URLDecode() function, but it's undocumented...
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256923
Thanks mattyk, I tried that and it didn't work and I've got an error at line:
parent.view_frame.location.href = escape(strURL);
the error message is "Expected ;"
Remind you that the strURL show me correct result as the C++ does show up there, just when it gets to the MyPage.asp the QueryString("App") doesn't pick up that two pluses.

Thanks jit, that didn't work for me either, after I made it to encode my URL includes the two plus, and when it gets to the MyPage.asp, the QueryString I am getting is still:
'C Application' and the two plus are still dropped, also, if this work, how do I get it Uncoded? Is there a URLUncode function?

Thanks for your quick response.
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256945
Thanks mgfranz, one problem with your solution, I've got this strApp as a client side variable, and you want me to make a conversion using server side script, how that gonna work? If I use
<%= server.HTLMEncode(strApp) %>
it will tell me that Object request, because strApp isn't specified on the server side.  How to get around with this error? Thanks.
0
 
LVL 20

Expert Comment

by:jitganguly
ID: 6256957
Mark took it, I have to retire :-)
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6256961
Yeah... I thought about this as soon as I posted my comments...  I don't think there is a client-side encoding method in javascript.  Can you run the form objects through a server-side script?
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256974
I don't think I would be able to do that, because the selection was made on the client side.  This is a bit strange because it will work perfectly except if the strApp contains a + or # (in my case), it will drop those, and for the case of #, it will cut off anything after that, and for the case of +, it will only drop it and rest of the string still appear.  The most strange thing is that the URL does show up the correct string, ONLY if the ASP is trying to get that passed value such as:
the URL will look like:
MyPage.asp?App=C++ Application
And inside the mypage.asp, if I've got this:
myApp = Request.QueryString("App")
and then myApp will ONLY show "C Application" with two + are being dropped.

I hope this will help to understand exactly what's going on.  Thanks a lot for your help so far.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 18

Expert Comment

by:mgfranz
ID: 6256993
Are these form values being passed to the same page?  Can you pass them to the MyPage.asp directly instead of going through the JS?
0
 
LVL 3

Author Comment

by:ejiang
ID: 6257004
they are different forms, the page where I populate this values is called select_application.asp, and from this page, I then call MyPage.asp and passing in this value.  Any suggestions? I am using W2K as my web server, does that make a difference? Thanks.
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257020
<form action=MyPage.asp method=post>
...
<submit>

In Mypage.asp;

myApp = Server.URLEncode(Request.QueryString("App"))




0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257048
Try using the "\" before the + or the # in your script

So strApp = 'C\+\+ Application'
Might work but not sure !

I have used it for other reasons and it has worked with me.

0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257079
I don't think that will work enkay, JS or ASP will not escape the characters passed in a URL string.
0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257096
oops sorry ...  dunno what I was thinking

try this pls

try replacing the # with %23 and the + with %2

That right mgfranz ?

so strApp = 'C%2%2%23Application'
0
 
LVL 5

Expert Comment

by:mattyk
ID: 6257097
I've noticed that this will be correctly encoded when a form which contains ++ and # is contained as values.  So why not alter your code slightly so that the form that contains your select box is something like

<form action=MyPage.asp target=parent.view_frame>

and then modify your function to be

function load(form) {
   form.submit();
}

-matty
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257117
enkay, yes, but we are trying to encode the characters dynamically... I guess you could do a replace() in the JS function to trap all the special chars.
0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257252
Yuppp... and there are only finite number of characters I hope :)
0
 
LVL 33

Expert Comment

by:hongjun
ID: 8622500
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
[points to mgfranz]

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

hongjun
EE Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
ID: 8674255
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now