Solved

Special characters didn't get passed through an querystring

Posted on 2001-07-05
21
336 Views
Last Modified: 2012-06-22
Hi all the experts, I've had an ASP page where it sends a variables to another ASP page through a QueryString, for example, from a click button, I've run this code:
function load(form) {
        var myindex=form.App.selectedIndex;
        var strApp = form.App.options[myindex].text;
        var strURL = "MyPage.asp?App='" + strApp + "'";
        window.alert(strURL);
        parent.view_frame.location.href = strURL;
}
This works fine, I could run MyPage.asp with the QueryString("App") passed over correctly.  However, if the strApp I am passing from above function contains special characters such as: +,# etc., then those special characters are droped off.  And the window.alert showed me that the URL does contains the correct info such as:
MyPage.asp?App=C++ Application
But, if I put a Response.Write on the MyPage.asp, and write out the Request.Query("App")
and it will show me ONLY the "C Application" and two + are dropped.  

Does anyone know what's wrong? Thanks in advance.
0
Comment
Question by:ejiang
  • 7
  • 5
  • 3
  • +4
21 Comments
 
LVL 5

Expert Comment

by:mattyk
ID: 6256789
You''ll need to make use of Javascript's escape function to encode the URL

so

parent.view_frame.location.href = strURL;


would be

parent.view_frame.location.href = escape(strURL);

-mattyk
0
 
LVL 20

Expert Comment

by:jitganguly
ID: 6256791
Use Server.URLEncode like

MyPage.asp?App=Server.URLEncode("C++ Application")

or

abc = "C++ Application"
MyPage.asp?App=Server.URLEncode(abc)




0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6256851
URLEncode or HTMLEncode?

If you are trying to encode a string, do it before you pass it to the redirect;

var strURL = "MyPage.asp?App='" + "'<%=Server.HTMLEncode(strApp)%>'" + "'";
       

0
 
LVL 3

Author Comment

by:ejiang
ID: 6256884
Thanks mattyk, I tried that and it didn't work and I've got an error at line:
parent.view_frame.location.href = escape(strURL);
the error message is "Expected ;"
Remind you that the strURL show me correct result as the C++ does show up there, just when it gets to the MyPage.asp the QueryString("App") doesn't pick up that two pluses.

Thanks jit, that didn't work for me either, after I made it to encode my URL includes the two plus, and when it gets to the MyPage.asp, the QueryString I am getting is still:
'C Application' and the two plus are still dropped, also, if this work, how do I get it Uncoded? Is there a URLUncode function?

Thanks for your quick response.
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 100 total points
ID: 6256915
HTTPEncode and URLEncode only convert special characters to ASCII values;

The HTMLEncode method applies HTML encoding syntax to a specified string of ASCII characters. For example, this allows you to display a HTML tag on a web page and not have it treated as an actual tag.

There is one mandatory argument.

String

The String argument is the string to be encoded.

Code:
<% Response.Write Server.HTMLEncode("The tag for a table is: <Table>") %>

Output:
The tag for a table is: &lt;Table&gt;

Browser Output:
The tag for a table is: <Table>

The URLEncode method takes a string and converts it into a URL-encoded format. For example, you can use URLEncode to ensure that hyperlinks in your Active Server Pages are in the correct format.

There is one mandatory argument.

String

The String argument is the string to be encoded.

Code:
<% Response.Write Server.URLEncode("http://www.issi.net") %>

Output:
http%3A%2F%2Fwww%2Eissi%2Enet

I think there is a URLDecode() function, but it's undocumented...
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256923
Thanks mattyk, I tried that and it didn't work and I've got an error at line:
parent.view_frame.location.href = escape(strURL);
the error message is "Expected ;"
Remind you that the strURL show me correct result as the C++ does show up there, just when it gets to the MyPage.asp the QueryString("App") doesn't pick up that two pluses.

Thanks jit, that didn't work for me either, after I made it to encode my URL includes the two plus, and when it gets to the MyPage.asp, the QueryString I am getting is still:
'C Application' and the two plus are still dropped, also, if this work, how do I get it Uncoded? Is there a URLUncode function?

Thanks for your quick response.
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256945
Thanks mgfranz, one problem with your solution, I've got this strApp as a client side variable, and you want me to make a conversion using server side script, how that gonna work? If I use
<%= server.HTLMEncode(strApp) %>
it will tell me that Object request, because strApp isn't specified on the server side.  How to get around with this error? Thanks.
0
 
LVL 20

Expert Comment

by:jitganguly
ID: 6256957
Mark took it, I have to retire :-)
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6256961
Yeah... I thought about this as soon as I posted my comments...  I don't think there is a client-side encoding method in javascript.  Can you run the form objects through a server-side script?
0
 
LVL 3

Author Comment

by:ejiang
ID: 6256974
I don't think I would be able to do that, because the selection was made on the client side.  This is a bit strange because it will work perfectly except if the strApp contains a + or # (in my case), it will drop those, and for the case of #, it will cut off anything after that, and for the case of +, it will only drop it and rest of the string still appear.  The most strange thing is that the URL does show up the correct string, ONLY if the ASP is trying to get that passed value such as:
the URL will look like:
MyPage.asp?App=C++ Application
And inside the mypage.asp, if I've got this:
myApp = Request.QueryString("App")
and then myApp will ONLY show "C Application" with two + are being dropped.

I hope this will help to understand exactly what's going on.  Thanks a lot for your help so far.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Expert Comment

by:mgfranz
ID: 6256993
Are these form values being passed to the same page?  Can you pass them to the MyPage.asp directly instead of going through the JS?
0
 
LVL 3

Author Comment

by:ejiang
ID: 6257004
they are different forms, the page where I populate this values is called select_application.asp, and from this page, I then call MyPage.asp and passing in this value.  Any suggestions? I am using W2K as my web server, does that make a difference? Thanks.
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257020
<form action=MyPage.asp method=post>
...
<submit>

In Mypage.asp;

myApp = Server.URLEncode(Request.QueryString("App"))




0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257048
Try using the "\" before the + or the # in your script

So strApp = 'C\+\+ Application'
Might work but not sure !

I have used it for other reasons and it has worked with me.

0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257079
I don't think that will work enkay, JS or ASP will not escape the characters passed in a URL string.
0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257096
oops sorry ...  dunno what I was thinking

try this pls

try replacing the # with %23 and the + with %2

That right mgfranz ?

so strApp = 'C%2%2%23Application'
0
 
LVL 5

Expert Comment

by:mattyk
ID: 6257097
I've noticed that this will be correctly encoded when a form which contains ++ and # is contained as values.  So why not alter your code slightly so that the form that contains your select box is something like

<form action=MyPage.asp target=parent.view_frame>

and then modify your function to be

function load(form) {
   form.submit();
}

-matty
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 6257117
enkay, yes, but we are trying to encode the characters dynamically... I guess you could do a replace() in the JS function to trap all the special chars.
0
 
LVL 2

Expert Comment

by:enkay022798
ID: 6257252
Yuppp... and there are only finite number of characters I hope :)
0
 
LVL 33

Expert Comment

by:hongjun
ID: 8622500
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
[points to mgfranz]

Please leave any comments here within the next seven days.

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

hongjun
EE Cleanup Volunteer
0
 

Expert Comment

by:SpideyMod
ID: 8674255
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
pass url parameter as session 9 48
Update Stored Procedure question 8 48
Classic ASP + JS 4 81
Auto Submit on dropdown box 3 56
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now