Can some tell me the exact difference between Request.Form and Request.QueryString?
I know one difference, like
If the HTTP request method is POST, the user submitted data is in the
Request.Form() collection
If the HTTP request method is GET, then user submitted data is in the
Request.QueryString() collection
any other difference? and Any example would be greatly appreciated.
In Request.Form the data is posted in the http request body whereas in QueryString data is sent through url.
I found some other difference
Request("id")
will first try to locate
Request.Form("id")
then
Request.Querystring("id")
then
Request.Cookies("id")
and finally
Request.ServerVariables("id")
it is reccommended to use the explicit naming convention if possible because it is more efficient and more readable.it also enables you to be sure where your information is coming from since the system will stop after the first hit is made.... It is also faster for the system if you specify the location of the information.
and we can refer this link for more some details :
http://www.hanselman.com/blog/ASPNETParamsCollectionVsQueryStringFormsVsRequestindexAndDoubleDecoding.aspx
But any one know any other difference, I really appreciate that .
As stated on MSDN,
(Request.Form): The value of Request.Form(element) is an array of all
the values of element that occur in the request body. You can
determine the number of values of a parameter by calling
Request.Form(element).Count. If a parameter does not have multiple
values associated with it, the count is 1. If the parameter is not
found, the count is 0.
and (Request.QueryString): The value of Request.QueryString(parameter)
is an array of all of the values of parameter that occur in
QUERY_STRING. You can determine the number of values of a parameter by
calling Request.QueryString(parameter).Count. If a variable does not
have multiple data sets associated with it, the count is 1. If the
variable is not found, the count is 0.
So, some things to note:
In a typical Form on a page, we may include some hidden elements:
<form method="post">
<input type="hidden" name="lol" value="cat" />
<input type="text" />
</form>
Hidden elements (if memory serves), are not displayed in the QueryString. So, I would assume that there are some things that are not shown in Request.QueryString. Unfortunately I am in the process of re-installing dev apps on a new machine and cannot test this at the moment but if I'm right, when you POST a form, more details about the form and its contents gets sent. And when you access QueryString, you are only seeing the things that make up the entirety of the URL, e.g.:
http://somesite.com/index.html?v=1&NonHiddenElement=lol&ManualValue=hello
Request.Form - means you are wanting to retrieve the values for the form that was posted.
Request.QueryString - means you are wanting to retrieve values that have been passed on the querystring.
Request.Form()
The Form collection retrieves the values of form elements posted to the HTTP request body, Only those elements and value which exist in your Form.
Request.QueryString()
The QueryString collection retrieves the values of the variables in the HTTP query string, Here you can append any of your custom variable and value which event dose not exist in your Form.
Request.Form Collection
The Form collection retrieves the values of form elements posted to the HTTP request body, with a form using the POST method.
Form input is contained in headers. It is wise to not trust the data that is contained in headers, as this information can be falsified by malicious users. For example, do not rely on data such as cookies to securely identify a user.
As a security precaution, always encode header data or user input before using it. A general method of encoding data is to use Server.HTMLEncode. Alternatively, you can validate header data and user input with a short function such as the one described in Validating User Input to Avoid Attacks. For more detailed information about developing secure Web applications, see chapter 12 of MS Press - Writing Secure Code.
Syntax
Request.Form(element)[(index)|.Count]
Parameters
element
The name of the form element from which the collection is to retrieve values.
index
An optional parameter that enables you to access one of multiple values for a parameter. It can be any integer in the range 1 to Request.Form(parameter).Count.
Applies To
Request Object
Remarks
The Form collection is indexed by the names of the parameters in the request body. The value of Request.Form(element) is an array of all the values of element that occur in the request body. You can determine the number of values of a parameter by calling Request.Form(element).Count. If a parameter does not have multiple values associated with it, the count is 1. If the parameter is not found, the count is 0.
To reference a single value of a form element that has multiple values, you must specify a value for the index parameter. The index parameter may be any number between 1 and Request.Form(element).Count. If you reference one of multiple form parameters without specifying a value for index, the data is returned as a comma-delimited string.
When you use parameters with Request.Form, the Web server parses the HTTP request body and returns the specified data. If your application requires unparsed data from the form, you can access it by calling Request.Form without any parameters.
Request.QueryString Collection
The QueryString collection retrieves the values of the variables in the HTTP query string. The HTTP query string is specified by the values following the question mark (?). Several different processes can generate a query string. For example, the following anchor tag generates a variable named string with the value "this is a sample."
string sample
Query strings are also generated by sending a form or by a user typing a query into the address box of the browser.
Query strings are contained in request headers. It is wise to not trust the data that is contained in headers, as this information can be falsified by malicious users. For example, do not rely on data such as cookies to securely identify a user.
As a security precaution, always encode header data or user input before using it. A general method of encoding data is to use Server.HTMLEncode. Alternatively, you can validate header data and user input with a short function such as the one described in Validating User Input to Avoid Attacks. For more detailed information about developing secure Web applications, see chapter 12 of MS Press - Writing Secure Code.
Syntax
Request.QueryString(variable)[(index)|.Count]
Parameters
variable
Specifies the name of the variable in the HTTP query string to retrieve.
index
An optional parameter that enables you to retrieve one of multiple values for variable. It can be any integer value in the range 1 to Request.QueryString(variable).Count.
Applies To
Request Object
Remarks
The QueryString collection is a parsed version of the QUERY_STRING variable in the ServerVariables collection. It enables you to retrieve the QUERY_STRING variable by name. The value of Request.QueryString(parameter) is an array of all of the values of parameter that occur in QUERY_STRING. You can determine the number of values of a parameter by calling Request.QueryString(parameter).Count. If a variable does not have multiple data sets associated with it, the count is 1. If the variable is not found, the count is 0.
To reference a QueryString variable in one of multiple data sets, you specify a value for index. The index parameter can be any value between 1 and Request.QueryString(variable).Count. If you reference one of multiple QueryString variables without specifying a value for index, the data is returned as a comma-delimited string.
When you use parameters with Request.QueryString, the server parses the parameters sent to the request and returns the specified data. If your application requires unparsed QueryString data, you can retrieve it by calling Request.QueryString without any parameters.
You can use an iterator to loop through all the data values in a query string.
For example, if the following request is sent:
for more details click this link
Related
So if I would want to get say a User data, passing user id, I will use GET verb and pass user id in query string with route something like this
[HttpGet]
[Route("user/{userId}")]
But what if I want to fetch user based on multiple input parameters. Say by UserType, Salary etc.
Then passing these multiple values or complex object values in querystring will not make sense, I will have to pass them in body and for that I will have to use the POST verb.
But is it correct to use POST verb to get data?
If not, which verb should I use for these cases
I would say it is ok to use POST in this situation. A query string that is too long can also cause problems when it comes to limits to the url length of webrowsers or servers.
But if you want to be correct about the verbs you could POST and create a filter object and return its id, then do your GET request including the filterId.
Your backend can now retrieve the previously created filter and apply it.
When I get continuation token while querying Documents on DocumentDb NoSQL database I get feedResponse.ResponseContinuation JSON
{
"token":"+RID:r+xQAPHUJQANAAAAAAAAAA==#RT:1#TRC:10#FPC:AQ0AAAAAAAAAIAAAAAAAAAA=",
"range":{"min":"","max":"FF"}
}
Could you please explain what each field means? And how the values are set/ calculated? Is the "token" value encrypted?
Thanks.
Could you please explain what each field means? And how the values
set/ calculated ? Is "token" value encrypted?
Presence of continuation token in response headers means there's more data available for the request you made.
You should not try to interpret this value and treat it as Opaque. By opaque what I mean to say is that you should not build your business logic around this continuation token's value because in my experience, you will receive different values under different circumstances.
For example, we receive following tokens under different circumstances:
In one instance, we received the following:
{"token":"-RID:4pVnPNKLRAAGAAAAAAAAAA==#RT:1#TRC:2","range":{"min":"","max":"FF"}}.
Yet, in another instance we received the following:
{"token":null,"range":{"min":"05D1A53CB92960","max":"05D1B53CB92960"}}.
And then there's another one:
+RID:4pVnAO6fMNADAAAAAACAAQ==#RT:1#TRC:2#FPC:ALMABAAAAIABAwAAAAAAgAE=
As you can see, there's no rhyme or reason behind the value of this token.
What your code should do is check for the existence of continuation token in response headers and if it is there then include this in your next request to get next set of data.
I'm attempting to utilize the DataView.ToValue function, and while it is pulling the correct columns needed, I am still not getting the DISTINCT values. I have a DataValue that contains a gridview of all of the information on the website. When a client goes to download this data in a specific format, they need just the unique values to be processed into the file.
At present, I store all of the columns needed for the report within an array with the purpose of being dynamic. Once that string array has been created, I create my DataTable with
tblData = dvData.ToTable(true, arrColumns);
Despite this, the data is still coming back with all rows. Am I missing something? According to this from Microsoft's documentation I SHOULD be getting back distinct values.
Turns out I forgot that a step on the backend handles cleaning up NULLs into valid datapoints for the xml. So it was properly sorting, just the null fields were actually causing "copies".
Is there a way to pass a parameter to a controller without putting it on the URL?
For example,
http://www.winepassionate.com/p/19/wine-chianti-docg-la-moto
has the value 19 on the URL. If you actually change that value to another, the page displays a different record even it the page name remains the same.
So I would like to NOT pass the ID on the URL but still be able to pass that to the Controller.
What's the recommended way to do so?
You can do a post and send it as a form parameter. I do not recommend this. Posts should be for requests that modify data. In this case you're most likely looking just to get that data. The fact that the id is in the URL is a good thing (see the Stack Overflow URLs for reference). If you really don't want the user to be able to modify it (I hope it's not because you think this makes it more secure, because it doesn't), you could do some simple encryption on it to make it more difficult to guess/produce a valid ID.
Using TempData, as some other suggest, is not a robust solution. It won't work for links on a page, just a GET after POST, and then only once since TempData is deleted after the next request.
Well, you have a couple of options:
Is this a form post? If so, then you can simply add a specific key value pair to your form when you submit it and then data will be passed along.
Is the URL unique to that resource? i.e. Does "Wine-chianti-docg-la-moto" exist as a unique representation of the number 19 in a database somewhere? If so, then you can simply do a lookup of that route component in your database to retrieve the value you need (or push that logic all the way down to the database).
Is that a value that is not expected to change a bunch? You can set that value in Session or in a cookie that would be persisted across pages and then pull it from the respective collection.
Are you redirecting to this page from another request on your server? If so, then you can use TempData to store this temporary value. However, I would recommend against this approach, as it is very transient and not good practice imo.
Lastly, you can obscure the value on the URL if you dont want it to be easily user editable. Encrypt it with some algorithm, and then decrypt it on the destination page. The user will be unlikely to be able to alter the ID by typing in a different value in the URL.
If the page is a GET, and you are following the PRG like you should be (Post-Redirect-Get) then you can use TempData["dataName"] = value; in your [HttpPost] controller and then consume it in your [HttpGet] method. It really depends on how the page is being called.
However, there is nothing wrong in letting the user change that number if it is not security related, and is common practice to show non-vital information in the url like that.
You should use TempData in this case. A good read on this can be found on this blog.
TempData allows you to store a value temporarily between requests and is, by default, erased after being accessed.
// TempData samplepublic ActionResult Featured(){ var featuredProduct = new Product { Name = "Assorted Cupcakes", Description = "Delectable vanilla and chocolate cupcakes", CreationDate = DateTime.Today, ExpirationDate = DateTime.Today.AddDays(7), ImageName = "cupcakes.jpg", Price = 5.99M, QtyOnHand = 12 };
I have 2 webforms with 1 ListBox Control on each of them.
How do I access the Listbox that's located on webformA from webformB?
For example I wish to declare something like this string name = ListBoxWebformA.SelectedValue.ToString(); on WebFormB, so that I can work with that value in the code of WebFormB.
The ListBox on WebFormA lists several names.
When I select a name from the listbox and press the OK button I call Response.Redirect("~/WebFormB.aspx");
So from WebFormB I wish to access this "name" by putting the selected value into a string.
Based on your edit, the easiest (possibly best) way to go about doing this will not be to try to maintain a stateful instance of webformA during the request to webformB. Once the user is redirected, assume that webformA is gone.
Instead, when you're about to perform the Response.Redirect() to webformB, include in some way the value from webformA that you wish to pass along. The easiest way to do this will be on the query string. Something like:
Response.Redirect(string.Format("~/WebFormB.aspx?name={0}", HttpUtility.UrlEncode(ListBoxWebformA.SelectedValue.ToString())));
Then, in webformB you can access the value:
string name = Request.QueryString["name"];
Note that you'll want to do some error checking, etc. Make sure the value is actually selected before appending it to the redirect URL on webformA, make sure Request.QueryString["name"] contains a value before using it in webformB, etc.
But the idea in general is to pass that value along, by query string or POST value or Session value or some other more stateful means, when redirecting from one form to the other.
I guess you have to resort to either passing the value from A to B in the query string or storing the value in Session and reading afterwards.
So would be a
Response.Redirect(string.Format("~/WebFormB.aspx?YourVariable={0}",HttpUtility.UrlEncode(ListBoxWebformA.SelectedValue));
and you can read it in Form B like
Request.QueryString["YourVariable"]
If the values are not sensitive this approach above would be the best.
If they are... To store in Session:
Session["YourVariable"] = ListBoxWebformA.SelectedValue
And to read...
if (Session["YourVariable"] != null) {
var listAValue = Session["YourVariable"].ToString()
}