[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Passing an email address in s query string

Posted on 2010-01-07
21
Medium Priority
?
209 Views
Last Modified: 2012-05-08
I have an ASP.NET page that accept a value from a query string and queries a database using that passed parameter.  When we were using ID it worked fine.  However, when I change the code to use email address to as the parameter.  It doesn't run.  I'm starting to think the problem is the passing of the email address in a query string.  Below is a cride example of what my query string looks like.

http://www.domain.com/dir/vcard.aspx?EMAIL=firstname.lastname@domain.com

The code in the aspx page has been adjusted for this change, but the results are not what they should be.  Is there something that must be done to pass an email address in a query string?
0
Comment
Question by:TPBPIT
  • 9
  • 7
  • 4
  • +1
21 Comments
 
LVL 10

Expert Comment

by:ollyatstithians
ID: 26200607
I think that you problem is illegal characters in the query string. You should url encode the string first. I am not sure about asp, but the php function would be urlencode(). This replaces any potentially illegal characters with numbered enitity references.

Olly.
0
 
LVL 10

Expert Comment

by:ollyatstithians
ID: 26200633
Here is more info on the asp method:
http://www.w3schools.com/asp/met_urlencode.asp

Olly.

PS. It is ususally a good idea to do this to any urls anyway if you cannot guarantee the content (eg. it has been generated from user input).
0
 
LVL 40

Expert Comment

by:Gurvinder Pal Singh
ID: 26200656
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:TPBPIT
ID: 26200771
Adding javascript will not work because this is being put in the body of an email.  Likewise, not sure if asp code in it will work either.

Let me add more information.  The query string is passing the parameter to aspx code that generates a vcard.  We are passing the email address because it is as unique as the primary key of the DB, which in this case is a number called ID.  That being said, the software that I am using to add the disclaimer will allow me to use a field in the place of the email address that will query Active Directory and plug in teh correct email address for that sender when the email leaves Exchange.  That being said, I'm not sure how much I can do outside of plan html and keeping it simple is the best thing at this point.  It appears I may have a problem.

Also, I know a little about html and passing the query string, but I'm still new to it.
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26200775
http://www.domain.com/dir/vcard.aspx?EMAIL=firstname.lastname@domain.com  is just fine, your problem is somewhere else... can you please post your code showing how do you get this value and parse it...
0
 

Author Comment

by:TPBPIT
ID: 26200830
Sure, here's the code.  Also, if I change every reference to email back to id and pass the id in the query string it works.
<%@ Page Language="C#" AutoEventWireup="False" EnableSessionState="False" EnableViewState="False" %>

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.Odbc" %>




<%@ Import Namespace="MySql.Data.MySqlClient" %>

<script runat="server">
     private const string ConnStr = "Server=localhost;Database=vcard;uid=root;pwd=**********;";

     protected override void OnInit(EventArgs e)
     {
          base.OnInit(e);

          string strAttorneyEmail = Request["email"];

          MySqlDataReader MySQLReader;

          MySql.Data.MySqlClient.MySqlConnection conn;
          MySql.Data.MySqlClient.MySqlCommand cmd;

          conn = new MySql.Data.MySqlClient.MySqlConnection();
          cmd = new MySql.Data.MySqlClient.MySqlCommand();

          conn.ConnectionString = ConnStr;

          conn.Open();
          cmd.Connection = conn;

          cmd.CommandText = "SELECT * FROM Names WHERE EMAIL = '" + strAttorneyEmail + "'";
          cmd.Prepare();

          MySQLReader = cmd.ExecuteReader();


          if (MySQLReader.HasRows)
          {
               while (MySQLReader.Read())
               {


                    string sFileName = System.IO.Path.GetRandomFileName();
                    string sGenName = MySQLReader["FirstName"].ToString() + " " + MySQLReader["LastName"].ToString() + ".vcf";

                    using (System.IO.StreamWriter SW = new System.IO.StreamWriter(Server.MapPath(sFileName)))
                    {
                         SW.WriteLine("BEGIN:VCARD" + Environment.NewLine);
                         SW.WriteLine("VERSION:3.0" + Environment.NewLine);
                         SW.WriteLine("N:" + MySQLReader["LastName"].ToString() + ";" + MySQLReader["FirstName"].ToString() + Environment.NewLine);
                         SW.WriteLine("FN:" + MySQLReader["FirstName"].ToString() + " " + MySQLReader["LastName"].ToString() + Environment.NewLine);
                         SW.WriteLine("ORG:" + MySQLReader["Company"].ToString() + Environment.NewLine);
                         SW.WriteLine("TEL;WORK;VOICE:" + MySQLReader["Phone"].ToString() + Environment.NewLine);
                         SW.WriteLine("TEL;WORK;FAX:" + MySQLReader["Fax"].ToString() + Environment.NewLine);
                         SW.WriteLine("EMAIL;PREF;INTERNET:" + MySQLReader["Email"].ToString() + Environment.NewLine);
                         SW.WriteLine("ADR;WORK:;;" + MySQLReader["Address"].ToString() + ";" + MySQLReader["Suite"].ToString() + ";;;" + MySQLReader["CityState"].ToString() + " " + MySQLReader["Zip"].ToString() + Environment.NewLine);
                         SW.WriteLine("URL;WORK:" + MySQLReader["Url"].ToString()+ Environment.NewLine);
                         SW.WriteLine("END:VCARD");
                         SW.Close();
                    }

                    System.IO.FileStream fs = null;
                    fs = System.IO.File.Open(Server.MapPath(sFileName), System.IO.FileMode.Open);
                    byte[] btFile = new byte[fs.Length];
                    fs.Read(btFile, 0, Convert.ToInt32(fs.Length));

                    fs.Close();

                    System.IO.File.Delete(Server.MapPath(sFileName));

                    Response.AddHeader("Content-disposition", "attachment; filename=" + sGenName);
                    Response.ContentType = "application/octet-stream";
                    Response.BinaryWrite(btFile);

               }
          }

          conn.Close();
          cmd.Dispose();
          conn.Dispose();

          Response.End();
          
     }
</script>

Open in new window

0
 
LVL 10

Expert Comment

by:ollyatstithians
ID: 26200955
I think I can see a potential problem. Even though you are not encoding the email address, it may be getting encoded automatically elsewhere. This spoils your SQL query because "dave@monkeytennis.com" is not the same as "dave%40monkeytennis.com". Try outputting the "strAttorneyEmail" so you can see if it is what you expect.

Olly.
0
 

Author Comment

by:TPBPIT
ID: 26200998
Olly, I would agree with what your saying and I think that may be happening, but I can't yet prove it.
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26201659
call your page with this

http://www.domain.com/dir/vcard.aspx?EMAIL=firstname.lastname@domain.com 

and post the value of cmd.CommandText
0
 

Author Comment

by:TPBPIT
ID: 26203551
Hain,

Not understand what you me when you say "and post the value of cmd.CommandText"

Please elaborate.
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26206212
after this line (33)

cmd.CommandText = "SELECT * FROM Names WHERE EMAIL = '" + strAttorneyEmail + "'";

what do you get cmd.CommandText? just debug or print out it to page to see what is running...

0
 

Author Comment

by:TPBPIT
ID: 26211405
Maybe my newbie status has me confused, but how am I suppose to capture the parameter passed into the event when it's being passed from one webpage to another?  I'm familiar with debugging other code, just not web based code.
0
 
LVL 61

Accepted Solution

by:
HainKurt earned 1000 total points
ID: 26211457
add

Response.Write(cmd.CommandText); Response.End();

after line 33

cmd.CommandText = "SELECT * FROM Names WHERE EMAIL = '" + strAttorneyEmail + "'";

and post the value, and comment out/delete these lines after you are done...
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26211469
or hit F9 on this line (33), run it, when it stops on this line, select "cmd.CommandText" and right click "add watch" to see the value
or just mouse over after selecting this and wait a few sec to see the value in a tooltip
0
 

Author Comment

by:TPBPIT
ID: 26211501
Small issue.  IDE is not on the server where the DB lives.  When I try to run it it looks for localhost.  Not sure how to connect to the server over the web with the IDE.
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26212240
just do 26211457 to get the value... modify the page on server...
0
 

Author Comment

by:TPBPIT
ID: 26212928
Ok, I have to laugh because I have no idea what that means! :)  Again, the newbie coming out.  
0
 
LVL 61

Expert Comment

by:HainKurt
ID: 26213373
how do you expect us help you ;)
if you cannot help us, we cannot do anymore, lol...

what happens if you run this on MySQL

SELECT * FROM Names WHERE EMAIL = 'firstname.lastname@domain.com'

 
0
 
LVL 10

Assisted Solution

by:ollyatstithians
ollyatstithians earned 1000 total points
ID: 26281769
TPBPIT,
HainKurt said what to do earlier, but perhaps it got lost:
  "add

Response.Write(cmd.CommandText); Response.End();

after line 33"

This should result in your sql statement getting output to the web page (you may have to look in the page source to see it depending on where it is).

When you find it, check that it is what you expect it to be. If it is not, you can then take steps to make it right.


Olly.
0
 

Author Comment

by:TPBPIT
ID: 26283634
I understand now.  Ok, this is was posted to the screen.

SELECT * FROM Names WHERE EMAIL = 'firstname.lastname@domain.com'

It appears to be correct, so I wonder what's not working.  Like I said, if I change this back to ID then everything works.
0
 

Author Closing Comment

by:TPBPIT
ID: 31674025
Ok, check all of this.  All of a sudden it's working.  Thanks for the help.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates how to create a simple responsive confirmation dialog with Ok and Cancel buttons using HTML, CSS, jQuery and Promises
Today, the web development industry is booming, and many people consider it to be their vocation. The question you may be asking yourself is – how do I become a web developer?
In this tutorial viewers will learn how to embed videos in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: "<!DOCTYPE html>": Use the <video> tag to insert a video. Define the src as the URL of your video; this is similar to …
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question