Hiding/encrypting a querystring variable

i have a templatefield and  will like to hide the value of the student variable
when passing this to the next page. I decided to use the httputility.urlencode
to make this value non meaningful but this is not working for me. I am still
getting the same value. How can i do this?

asp:TemplateField HeaderText="picture">            
                <ItemTemplate>  
                  <asp:HyperLink ID="Label1" runat="server" Text='<%# Bind("picture") %>' NavigateUrl=<%#"javascript:my_window=window.open('displayImage.aspx?student=" + UrlFullEncode(DataBinder.Eval(Container.DataItem,"student").ToString()) + "','my_window','width=300,height=300');my_window.focus()" %>/>
                </ItemTemplate>
            </asp:TemplateField>


private const string _strApostropheEncoding = "%27";
    public static string UrlFullEncode(string strUrl)
    {
        if (strUrl == null)
            return "";
        strUrl = HttpUtility.UrlEncode(strUrl);
        return strUrl.Replace("'", _strApostropheEncoding);
    }




SirdotsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

molkuCommented:
httputility.urlencode just makes the string suitable for passing in a URL, it doesn't encrypt it.
I suppose the value of student would have to be encrypted in your data source, then when the next page would have to unencrypt it.
You could use SSL and https to send the entire request encrypted.
SirdotsAuthor Commented:
thanks molku. can you show me some code on how to do that?

molkuCommented:
Which option? S(ecure) S(ockets) L(ayer) is installed at the web server. It is a certificate and if you are using a hosting company it is usually an easy option to add to your service. You then somehow configure the pages you need encrypted to use https (I am no expert here...)

If you want to encrypt data in your database there are many options, there is a trade off between speed and encryption strength. Here is someone who knows more than me on that subject as well:
http://www.codeproject.com/KB/security/DotNetCrypto.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.