QueryString Parameter Doubling

Posted on 2002-07-04
Last Modified: 2006-11-17

Our (internally developed) Client Management System(CMS) utilises a number of state maintenance techniques.  The main techniques used are:- storing information in a database; Hidden form variables; and QueryString variables.  Session variables are also used on a smaller scale for our shopping cart. In most cases, the information in these QueryStrings, Hidden form variables and Session variables are retrieved in the ASP page and used in SQL queries.


In recent weeks we have been experiencing problems with CMS

Upon investigation of the Web Server logs, we noticed that the Querystrings attached to the URL's of  various ASP pages in CMS have been repeated eg.

1. cms/ClientModfy.asp?hidClientID=223 hidClientID=223


2. cms/OrderEntry.asp?hidClientID=223&hidProductID=15 hidClientID=223&hidProductID=15

When this doubling up occurs there always seems to be a space placed after the QueryString parameters and then a repeat of the QueryString.

When these QueryString values are requested in the ASP page, the values that are retrieved is not what is expected:

Eg. Example 1 above -

Request.QueryString("hidClientID") will return  223 hidClientID=223

Example 2 above -

Request.QueryString("hidClientID") will return  223
Request.QueryString("hidProductID") will return  15 hidClientID=223, 15

Needless to say, this results in incorrect datatypes being used in the SQL Query which then results in the Web Server CPU maxing out.  

Once we became aware of what was happening, we automatically assumed we had made errors in the construction of the URL and QueryString in some of our ASP pages.  However, after going through all the pages with a fine tooth comb, we have not been able to find any errors in the construction of URL QueryStrings.

After a number of weeks investigation, this QueryString doubling occurs a number of times a day and seems to be completely random with no discernible pattern to the occurrences. An  ASP page will be accessed without a problem ie no doubling, then a minute later the same page will be accessed and the QueryString doubling will occur which causes the CPU to max out on the Web Server.  Once the CPU comes back to normal and the same page is then accessed, it is processed without any problems.

We have now resorted to band-aid measures and incorporated code to exit the user to the home page when this QueryString doubling occurs.  This however does not solve our problem in the long term.

Any advice or direction would be appreciated.
Question by:tonyski
LVL 23

Expert Comment

ID: 7130970
are these QS being constructed dynamically or they are static in HREF tags.
if its maxing out your CPU then its pretty bad.
IS there any way that a client can enter URL with doubled QS values?

Author Comment

ID: 7131019
In answer to your questions:
1. There are very few static/hardcoded QueryStrings.  Nearly all querystrings are created dynamically (database driven)

2. There is no way that a client can enter URLs.  All URL's are set by the script in the ASP pages and are associated with buttons or links.


Expert Comment

ID: 7131041
The first time u access the ASP page there is no problem and the processing is done.
The second time u try to access this ASP page the query string doubling problem starts.
during the first request may b ur storing some values in a session variable and/or hidden form fields and may be those values u r using to create your URL for the querystring.

do u think the values that ur storing in of these session variables and/or hidden form fields are causing this problem???

find out and post ur comments here.

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

LVL 20

Expert Comment

ID: 7131095
check if you are not doubling the values as said especially in session variables... also try to set a value check on the queries..
like if you expect an integer then check:
if IsNumeric(request.querystring("ClientID")) then
'invalid string
end if

is it random or cyclitic? did you manage to reproduce the problem..?
can you post some code?
I'm sure it's related to a code issue..

Author Comment

ID: 7131098
No, we've gone through that process already. I have double and triple checked all hidden form fields and made sure that they have all been named differently.

Session variables are only used on a couple of pages and these have been carefully named.  In any case, session variables are not used to construct URL QueryStrings in any of our ASP pages.  

Most of the QueryStrings are created by dynamically looping through resultsets from SQL database queries.  I have also triple checked that these have been coded correctly so that the URL and associated QueryString is constructed correctly.
LVL 20

Expert Comment

ID: 7131108
maybe you're having duplicate records entered in the dataabse.. without a code we can't help.. it's like examinig a patient thru the phone..

Author Comment

ID: 7131120
To Silvers5:-

I have now incorporated bandaid value checks, however there is still an underlying problem.  As stated previously, Session variables are not set as QueryString values. The problem is random and we have not been able to reproduce the problem.  Some code follows for your perusal.  The ASP file is an include file for a larger ASP page.  The code demonstrates how URL and QueryStrings are constructed. (for your info, the variable 'clientId' in the code snippet is set in the larger asp page that this file is contained in)

     Dim objJobInfo
     Dim strJobSQL
     strLCS = "TD2"
     Response.Write "<TABLE BORDER=""0"" CELLPADDING=""3"" CELLSPACING=""1"" WIDTH=""100%"">" & vbCrLf
     Response.Write "<TR>" & vbCrlf
     Response.Write "<TH CLASS=TDH COLSPAN=8>Current Jobs</TH>" & vbCrLf
     Response.Write "</TR>" & vbCrlf
     Response.Write "<TR>" & vbCrlf
     Response.write "<TH CLASS=TDH>Date Created</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Job ID</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Product Name</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Problem Type</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Sub Type</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Status</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Assigned To</TH>" & vbCrLf
     Response.Write "<TH ALIGN=RIGHT CLASS=TDH><INPUT TYPE=BUTTON CLASS=TableButtons VALUE=""Add Job"" onClick=""'../Jobs/JobAdd.asp?hidClientId=" & clientID & "','_self');""></TH>" & vbCrLf
     Response.Write "</TR>" & vbCrLf
     Set objJobInfo = Server.CreateObject("ADODB.Recordset")
     strJobSQL = "{CALL sp_JobDetails(" & clientID & ")}"
     objJobInfo.Open strJobSQL, dbConn, 1, 3
     Do While Not objJobInfo.EOF
          Response.Write "<TR>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("DateCreated") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("JobID") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProductName") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProblemType") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProblemSubType") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("Status") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("FullName") & "</TD>" & vbCrLf
          Response.Write "<TD ALIGN=RIGHT CLASS=" & strLCS & "><INPUT TYPE=BUTTON CLASS=TableButtons VALUE=Revise onClick=""'../Jobs/JobModify.asp?hidClientId=" & clientID & "&hidJobId=" & objJobInfo("JobID") & "','_self');""</TD>" & vbCrLf
          Response.Write "</TR>" & vbCrLf
          If strLCS = "TD1" Then strLCS = "TD2" Else strLCS = "TD1"
     Response.Write "</TABLE>" & vbCrLf
LVL 20

Expert Comment

ID: 7131141
what is the web server you are using?
are the erronous links coming from different client browser types?

Author Comment

ID: 7131206
To Silvers5 -

The Web Server we are using is IIS4.

All system users are using either IE5.5 or IE6.0

Expert Comment

ID: 7131455
Have you tried the most basic of fixes, shutting everything down and starting it all up again???
LVL 22

Expert Comment

ID: 7131504
No javascript code that loops through the links and changes / adds something?

No request.QueryString items you use and then re-add a certain value?

Are the log files set up to
1) store the full url
2) store the querystring

if so these items will show right after each other in the log file which you found above. I suggest you check that and eliminate that option instead of returning to code right away.

LVL 11

Expert Comment

ID: 7132797
Put double quotes around ALL HTML Tag attributes eg VALUE="Revise" rather than revise.

Although the standards say these are optional it has long been a source of rather wacky problems because the browsers do not always get it right.

Secondly do all of your forms specify the POST method. Just that a while back I discovered that if GET was used (or the method omitted) and the volume of data within the form was too great it overwrote parts of the data in the request object. The effects of this appeared quite bizarre in that if you access a data item in one way (for example a response.write) you would see one thing but access it another way (eg within a calculation) and the results were different.


Author Comment

ID: 7139079
CJ S - The log files are set up to store the full URL and QueryString.  As outlined previously, we can see when the problem occurs in the log files. We have tried to recreate the QueryString doubling but we have never been successful.  The problem occurs randomly and without pattern.

Mouatts - All our forms specify the POST method.

I will try the putting double quotes around all HTML tag attributes and let you know how it goes.


Accepted Solution

SpideyMod earned 0 total points
ID: 8492226
PAQ'd and points refunded.  I have also removed the erroneous deletion ping.

Community Support Moderator @Experts Exchange

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
UTC (timezone) without using an API 16 50
JSON error 4 71
Downside of adding characters set in ASP pages 6 29
Connection to multiple databases 13 25
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests." I got to thinking, hey, I use more than one…
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update. The Original Issue This was written…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question