Link to home
Start Free TrialLog in
Avatar of enjama
enjama

asked on

URL VS URI encoding

I have a post coming into an asp page, with address information urlencoded:

POST - application/x-www-form-urlencoded - Unicode (UTF-8)

property_street_address=130+CR+8231

when my asp page grabs Request.Form("property_street_address")  and displays it, I'm seeing 130CR8231 !  WTF?  

The poster is not willing to properly URI encode the string to be %20, and says I have to deal with the + instead, but I can't even see it once it's read from the request.form object.  How can I deal with this?
Avatar of COBOLdinosaur
COBOLdinosaur
Flag of Canada image

I don't know what your relationship is or your position so I can only go by my own experience.  I would simply inform the poster that you will reject the post until it complies with standards.  I have never lost a client for insisting on conformance to standards though I did get fired once.  Sometimes it leads to an argument, but they already know they are wrong and might just need help figuring out how to do it right.

if not...  

Put the garbage they are sending on the database and when they complain tell them that is how it comes in and they  have to deal with it.
Avatar of enjama
enjama

ASKER

Oh boy....  Thanks for the advice.  Rejecting the post is not an option, the poster has agreed to make the required changes, but not until Jan 1, between then and now my company will lose alot of revenue as a result of this problem.  I am database, so that won't work either....

What I'm looking for is a way to grab the raw data server-side, pre-asp.dll engine and encode it properly.
I don't know or use ASP in PHP I would grab the incoming strings from the $_POST variable and then use string methods to clean them up and make them usable.  Can you not do the same thing with ASP.

In PHP it would look something like:
$workStr = $_POST['property_street_address'];
$pieces=explode("+",$workStr);
// then loop through the pieces array to find and cleanup the CR or any other trash I find.

Open in new window


Hope that helps some.
Avatar of enjama

ASKER

For what it's worth, GET processes properly, POST does not.  ANYONE?
If GET works and POST does not, then the problem is in how ASP is decripting.  Post is more secure than GET because the data is encripted the non-standard format is probably resulting in the variables being corrupted in some way.  

Look at what is actually in the variables when they arrive at the server and see what is actually in them.  Then adjusted the parsing of the string to accomodate whatever is there.
Avatar of Robert Schutt
Did you check the content type they send? Use: Request.ServerVariables("HTTP_Content-Type")

If it's different from what they say, the decoding may be wrong because of that.

* I have tried it out and it does work:

<html>
<body>
<form enctype="application/x-www-form-urlencoded" method="post" action="http://localhost/_ee/showform.asp">
<input name="property_street_address" type="text" value="130 CR 8231">
<input type="submit">
</form>

Open in new window


submit the above to this asp:

<html>
<body>
Content-Type = <%= Request.ServerVariables("HTTP_Content-Type") %><br>
raw form = <%= Request.Form %><br>
<% For Each k In Request.Form %>
<%= k %> = <%= Request.Form(k) %><br>
<% Next %>

Open in new window


and you see that there's + signs in the raw form, nicely decoded to spaces in the output from Request.Form(var).
ASKER CERTIFIED SOLUTION
Avatar of Robert Schutt
Robert Schutt
Flag of Netherlands image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of enjama

ASKER

Yes, I'm just processing the raw form. Thanks!