QueryString Parameter Doubling


Our (internally developed) Client Management System(CMS) utilises a number of state maintenance techniques.  The main techniques used are:- storing information in a database; Hidden form variables; and QueryString variables.  Session variables are also used on a smaller scale for our shopping cart. In most cases, the information in these QueryStrings, Hidden form variables and Session variables are retrieved in the ASP page and used in SQL queries.


In recent weeks we have been experiencing problems with CMS

Upon investigation of the Web Server logs, we noticed that the Querystrings attached to the URL's of  various ASP pages in CMS have been repeated eg.

1. cms/ClientModfy.asp?hidClientID=223 hidClientID=223


2. cms/OrderEntry.asp?hidClientID=223&hidProductID=15 hidClientID=223&hidProductID=15

When this doubling up occurs there always seems to be a space placed after the QueryString parameters and then a repeat of the QueryString.

When these QueryString values are requested in the ASP page, the values that are retrieved is not what is expected:

Eg. Example 1 above -

Request.QueryString("hidClientID") will return  223 hidClientID=223

Example 2 above -

Request.QueryString("hidClientID") will return  223
Request.QueryString("hidProductID") will return  15 hidClientID=223, 15

Needless to say, this results in incorrect datatypes being used in the SQL Query which then results in the Web Server CPU maxing out.  

Once we became aware of what was happening, we automatically assumed we had made errors in the construction of the URL and QueryString in some of our ASP pages.  However, after going through all the pages with a fine tooth comb, we have not been able to find any errors in the construction of URL QueryStrings.

After a number of weeks investigation, this QueryString doubling occurs a number of times a day and seems to be completely random with no discernible pattern to the occurrences. An  ASP page will be accessed without a problem ie no doubling, then a minute later the same page will be accessed and the QueryString doubling will occur which causes the CPU to max out on the Web Server.  Once the CPU comes back to normal and the same page is then accessed, it is processed without any problems.

We have now resorted to band-aid measures and incorporated code to exit the user to the home page when this QueryString doubling occurs.  This however does not solve our problem in the long term.

Any advice or direction would be appreciated.
Who is Participating?
PAQ'd and points refunded.  I have also removed the erroneous deletion ping.

Community Support Moderator @Experts Exchange
are these QS being constructed dynamically or they are static in HREF tags.
if its maxing out your CPU then its pretty bad.
IS there any way that a client can enter URL with doubled QS values?
tonyskiAuthor Commented:
In answer to your questions:
1. There are very few static/hardcoded QueryStrings.  Nearly all querystrings are created dynamically (database driven)

2. There is no way that a client can enter URLs.  All URL's are set by the script in the ASP pages and are associated with buttons or links.

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

The first time u access the ASP page there is no problem and the processing is done.
The second time u try to access this ASP page the query string doubling problem starts.
during the first request may b ur storing some values in a session variable and/or hidden form fields and may be those values u r using to create your URL for the querystring.

do u think the values that ur storing in of these session variables and/or hidden form fields are causing this problem???

find out and post ur comments here.

Michel SakrCommented:
check if you are not doubling the values as said especially in session variables... also try to set a value check on the queries..
like if you expect an integer then check:
if IsNumeric(request.querystring("ClientID")) then
'invalid string
end if

is it random or cyclitic? did you manage to reproduce the problem..?
can you post some code?
I'm sure it's related to a code issue..
tonyskiAuthor Commented:
No, we've gone through that process already. I have double and triple checked all hidden form fields and made sure that they have all been named differently.

Session variables are only used on a couple of pages and these have been carefully named.  In any case, session variables are not used to construct URL QueryStrings in any of our ASP pages.  

Most of the QueryStrings are created by dynamically looping through resultsets from SQL database queries.  I have also triple checked that these have been coded correctly so that the URL and associated QueryString is constructed correctly.
Michel SakrCommented:
maybe you're having duplicate records entered in the dataabse.. without a code we can't help.. it's like examinig a patient thru the phone..
tonyskiAuthor Commented:
To Silvers5:-

I have now incorporated bandaid value checks, however there is still an underlying problem.  As stated previously, Session variables are not set as QueryString values. The problem is random and we have not been able to reproduce the problem.  Some code follows for your perusal.  The ASP file is an include file for a larger ASP page.  The code demonstrates how URL and QueryStrings are constructed. (for your info, the variable 'clientId' in the code snippet is set in the larger asp page that this file is contained in)

     Dim objJobInfo
     Dim strJobSQL
     strLCS = "TD2"
     Response.Write "<TABLE BORDER=""0"" CELLPADDING=""3"" CELLSPACING=""1"" WIDTH=""100%"">" & vbCrLf
     Response.Write "<TR>" & vbCrlf
     Response.Write "<TH CLASS=TDH COLSPAN=8>Current Jobs</TH>" & vbCrLf
     Response.Write "</TR>" & vbCrlf
     Response.Write "<TR>" & vbCrlf
     Response.write "<TH CLASS=TDH>Date Created</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Job ID</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Product Name</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Problem Type</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Sub Type</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Status</TH>" & vbCrLf
     Response.Write "<TH CLASS=TDH>Assigned To</TH>" & vbCrLf
     Response.Write "<TH ALIGN=RIGHT CLASS=TDH><INPUT TYPE=BUTTON CLASS=TableButtons VALUE=""Add Job"" onClick=""javascript:window.open('../Jobs/JobAdd.asp?hidClientId=" & clientID & "','_self');""></TH>" & vbCrLf
     Response.Write "</TR>" & vbCrLf
     Set objJobInfo = Server.CreateObject("ADODB.Recordset")
     strJobSQL = "{CALL sp_JobDetails(" & clientID & ")}"
     objJobInfo.Open strJobSQL, dbConn, 1, 3
     Do While Not objJobInfo.EOF
          Response.Write "<TR>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("DateCreated") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("JobID") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProductName") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProblemType") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("ProblemSubType") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("Status") & "</TD>" & vbCrLf
          Response.Write "<TD CLASS=" & strLCS & ">" & objJobInfo("FullName") & "</TD>" & vbCrLf
          Response.Write "<TD ALIGN=RIGHT CLASS=" & strLCS & "><INPUT TYPE=BUTTON CLASS=TableButtons VALUE=Revise onClick=""javascript:window.open('../Jobs/JobModify.asp?hidClientId=" & clientID & "&hidJobId=" & objJobInfo("JobID") & "','_self');""</TD>" & vbCrLf
          Response.Write "</TR>" & vbCrLf
          If strLCS = "TD1" Then strLCS = "TD2" Else strLCS = "TD1"
     Response.Write "</TABLE>" & vbCrLf
Michel SakrCommented:
what is the web server you are using?
are the erronous links coming from different client browser types?
tonyskiAuthor Commented:
To Silvers5 -

The Web Server we are using is IIS4.

All system users are using either IE5.5 or IE6.0
Have you tried the most basic of fixes, shutting everything down and starting it all up again???
No javascript code that loops through the links and changes / adds something?

No request.QueryString items you use and then re-add a certain value?

Are the log files set up to
1) store the full url
2) store the querystring

if so these items will show right after each other in the log file which you found above. I suggest you check that and eliminate that option instead of returning to code right away.

Put double quotes around ALL HTML Tag attributes eg VALUE="Revise" rather than revise.

Although the standards say these are optional it has long been a source of rather wacky problems because the browsers do not always get it right.

Secondly do all of your forms specify the POST method. Just that a while back I discovered that if GET was used (or the method omitted) and the volume of data within the form was too great it overwrote parts of the data in the request object. The effects of this appeared quite bizarre in that if you access a data item in one way (for example a response.write) you would see one thing but access it another way (eg within a calculation) and the results were different.

tonyskiAuthor Commented:
CJ S - The log files are set up to store the full URL and QueryString.  As outlined previously, we can see when the problem occurs in the log files. We have tried to recreate the QueryString doubling but we have never been successful.  The problem occurs randomly and without pattern.

Mouatts - All our forms specify the POST method.

I will try the putting double quotes around all HTML tag attributes and let you know how it goes.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.