I have a situation where the user is able to enter any characters they want in a URL query string.
Example:
http://localhost/default.aspx?ID=XXXX
http://localhost/default.aspx?ID=&XXXX
http://localhost/default.aspx?ID=#XXXX
The web page must accept the ID parameter as it is no matter what the characters are. However certain special characters such as ampersand(&) and pound(#) creates problems. How can I accept them as is?
I have a situation where the user is able to enter any characters they want in a URL query string.
Example:
http://localhost/default.aspx?ID=XXXX
http://localhost/default.aspx?ID=&XXXX
http://localhost/default.aspx?ID=#XXXX
The web page must accept the ID parameter as it is no matter what the characters are. However certain special characters such as ampersand(&) and pound(#) creates problems. How can I accept them as is?
Share Improve this question asked Jul 19, 2011 at 15:55 m0gm0g 9692 gold badges15 silver badges33 bronze badges4 Answers
Reset to default 8This:
encodeURIComponent(uri)
Where uri is the component after the ?ID=
If the user is entering the query string, they must properly encode the query string first. If you are creating the query string yourself, such as from a form submission, you will need to use a URL encode method.
Encode your URL HttpServerUtility.UrlEncode Method (String)
Edit: following your comment, you want to get query String value of ID
String id = Request.QueryString["ID"];
Use
userinput = escape(userinput)
then, in PHP:
$userinput = urldecode($_GET['id'])
or in JS:
userinput = unescape(userinput)