I'm trying to receive the values passed from other non aspx page to my asp.net page with C# via HTTP GET with Parameters. Would it be fine if I fetch the values with Request.QueryString in Page Load event?
Please advice.
Here's what I've done so far.
protected void Page_Load(object sender, EventArgs e)
{
//fetch query from url
string queryTimeStamp = Request.QueryString["t"];
Int64 queryCallerID = Convert.ToInt64(Request.QueryString["s"]);
int querySMSGateway = Convert.ToInt32(Request.QueryString["d"]);
string querySMSMessage = Request.QueryString["m"];
//Do other processings
}
you can get the value in Request.QueryString or Request.Form collection
Below is the better way to go, which will handle unexpected exception, thanks:
string queryTimeStamp = Request.QueryString["t"];
Int64 queryCallerID;
Int64.TryParse(Request.QueryString["s"] == string.Empty ? "0" : Request.QueryString["s"], out queryCallerID);
int querySMSGateway;
Int32.TryParse(Request.QueryString["d"] == string.Empty ? "0" : Request.QueryString["d"], out querySMSGateway);
string querySMSMessage = Request.QueryString["m"];
Related
It's the first time I'm passing variables between two pages in my asp.net project.
It works, but I'm wondering if it is a good way to do it? Is it secure? Is there a better way?
The reason why I ask is that I've have learned never to use concatenation in sql, but instead use parameters (which I always do from now on). Is there a similar risk in this case?
In web page1:
protected void Button1_Click(object sender, EventArgs e)
{
string email = txtEmail.Text;
string date = txtDate.Text;
string time = txtTime.Text;
string name = txtName.Text;
string url = "~/change.aspx?newemail="+mail+"&newdate="+date+"&newtime="+time+"&newname="+name+"";
Response.Redirect(url);
}
In web page2:
protected void Page_Load(object sender, EventArgs e)
{
String email = Request.QueryString["newemail"];
String date = Request.QueryString["newdate"];
String time = Request.QueryString["newtime"];
String name = Request.QueryString["newname];
TextBox1.Text = email;
TextBox2.Text = date;
TextBox3.Text = time;
TextBox4.Text = name;
}
if it is a good way to do it?
Not really. You need to url encode the values because if they contain special characters the receiving page will not parse them correctly:
string url = "~/change.aspx?" +
"newemail=" + HttpUtility.UrlEncode(mail) +
"&newdate=" + HttpUtility.UrlEncode(date) +
"&newtime=" + HttpUtility.UrlEncode(time) +
"&newname=" + HttpUtility.UrlEncode(name);
Is it secure?
No, not at all. Anyone could send a request to your target page with whatever values he feels good for him.
Is there a better way?
That would depend on your specific requirements and whether the information you are transmitting is sensitive or not. If it is sensitive information, then you might consider storing the values on the server instead of passing them as query string parameters. For example you could use the ASP.NET Session for this purpose.
Is it secure? No, of course not, the values are on the query string which gets sent to the browser. If you want to keep it secure put the values in session on the server side.
You are using QueryString Way to pass variables from one page to another page.its not a problem if the parameters are not secure like you cant pass secure info(Sensitive Information) like passwords,any important ids...
if you want to handle with secure parameters(Sensitive Information) you can use Sessions,Cookies..
In your case you are passing names.i hope it doesnt create any problems because this are not secure parameters(Sensitive info).even though if you feel any security risks you can use encryption and decryption concepts like encrypt your parameter name and pass it with url and then decrypt that parameter where you want to use.
Refer :
http://msdn.microsoft.com/en-us/library/6c3yckfw%28v=vs.100%29.aspx
http://www.codeproject.com/Articles/8055/Transferring-page-values-to-another-page
For better understanding about passing variables from one page to another page
Thank you guys for you help!
I have now changed it to Sessions. My code now looks like this:
In web page1:
string email = txtEmail.Text;
string date = txtDate.Text;
string time = txtTime.Text;
string name = txtName.Text;
Session["email"] = email;
Session["date"] = date;
Session["time"] = time;
Session["name"] = name;
Response.Redirect("~/change.aspx");
In web page2:
protected void Page_Load(object sender, EventArgs e)
{
string email = (string)(Session["email"]);
string date = (string)(Session["date"]);
string time = (string)(Session["time"]);
string name = (string)(Session["name"]);
TextBox1.Text = email;
TextBox2.Text = date;
TextBox3.Text = time;
TextBox4.Text = name;
}
Hi there I am a beginner with developing on C#. I am having some problems passing data from one page to another. Within a listbox I have data which i have obtained from a database via web service.
I have created some coding to move sets of selected data to the next page and input it into the assigned text blocks. Currently this coding only works for one data field "eventId."
Could you please have a look at my code and tell me what I have done wrong and how i can fix this.
Here is my coding from the page which holds the listbox with the sets of data:
private void FirstListBox2_SelectionChanged(object sender, SelectionChangedEventArgs e)
{
EventServiceReference1.Event myEvent = (EventServiceReference1.Event)FirstListBox2.SelectedItem;
int eventId = myEvent.EventID;
string eventList = myEvent.EventList;
string eventDescription = myEvent.Description;
string eventDate = myEvent.Date;
string eventTime = myEvent.Time;
string eventLocation = myEvent.Location;
var url = string.Format("/EventPageTemp.xaml?eventId={0}", eventId + "&eventList={0}", eventList);
NavigationService.Navigate(new Uri(url, UriKind.Relative));
}
Here is my coding from the "EventPageTemp" page which i am passing the data to:
int eventId;
string eventIdStr;
string eventList;
if (NavigationContext.QueryString.TryGetValue
("eventId", out eventIdStr) && int.TryParse(eventIdStr, out eventId))
{// load event data, and set data context
txtEID.Text = eventIdStr;}
if (NavigationContext.QueryString.ContainsKey("eventList"))
{
string val = NavigationContext.QueryString["eventList"];
txtEList.Text = eventList;
}
At the moment it is coming up with the errors:
- the name 'eventList' does not exist in current context
-use of unassigned local variable 'eventList'
Please can you help me figure this out. Thank you.
the issue is your url, eventId + "&eventList={0}", eventList will be pass as eventId:
var url = string.Format("/EventPageTemp.xaml?eventId={0}", eventId + "&eventList={0}", eventList);
it should be:
var url = string.Format("/EventPageTemp.xaml?eventId={0}&eventList={1}", eventId, eventList);
I want to know-from what url user come from.
So, i use
Uri MyUrl = Request.UrlReferrer;
But when i get only null value from MyUrl:
I have two projects-first is my aspx page, second- redirects to this first project-page with GET parameters.
But when second project redirect to first project- i have :
Object reference not set to an instance of an object.
My second test project so simple:
protected void Page_Load(object sender, EventArgs e)
{
Response.Redirect("http://localhost:54287/go.aspx?id=DEFAULT");
}
First and main project:
protected void Page_Load(object sender, EventArgs e)
{
//Request.ServerVariables('http_referer');
// Request.ServerVariables;
string id = Request.QueryString["id"];
if (id != null)
{
Uri MyUrl = Request.UrlReferrer;
Console.WriteLine(MyUrl);
Response.Write("Referrer URL : " + MyUrl.AbsolutePath);
}
}
Error in :Response.Write("Referrer URL : " + MyUrl.AbsolutePath);
OK, there a a few errors:
Your code:
Uri MyUrl = Request.UrlReferrer;
Console.WriteLine(MyUrl);
Response.Write("Referrer URL : " + MyUrl.AbsolutePath);
In the code above you get a NullReferenceException because MyUrl is null.
The UrlReferer may be null, so you have to check this like:
Uri MyUrl = Request.UrlReferrer;
Console.WriteLine(MyUrl);
if (MyUrl != null)
Response.Write("Referrer URL : " + MyUrl.AbsolutePath);
Also you can never make sure that the UrlReferer can have a value, if the user comes from another website you don't know if this website will provide this value, so you have first to assume the referrer is null (in summary never trust it).
Second, when you use Response.Redirect on your code ran server-side you don't know what is the referrer.
I find this question and this question that will help you to better understand.
UrlReferrer is based off the HTTP_REFERER header that a browser should send. But, as with all things left up to the client, it's variable.
I know some "security" suites (like Norton's Internet Security) will strip that header, in the belief that it aids tracking user behavior. Also, I'm sure there's some Firefox extensions to do the same thing.
Bottom line is that you shouldn't trust it. Just append the url to the GET string and redirect based off that.
Reference:
Stackover flow reference
I am using Querystring to pass values from one page to other. I am tring to implement encoding and decoding using the Server.UrlDecode and urlEncode.
Query string returns a null value, but I can check the values are been sent in URL.
The two pages are:
QueryString.aspx
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
string id = "1";
string name = "aaaa";
string url = string.Format("QueryStringValuesTransfer.aspx?{0}&{1}", Server.UrlEncode(id), Server.UrlEncode(name));
Response.Redirect(url);
}
;;
In another page :
QueryStringValuesTransfer.aspx:
public partial class QueryStringValuesTransfer : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string id1 = Server.UrlDecode(Request.QueryString["id"]);
string name1 = Server.UrlDecode(Request.QueryString["name"]);
Response.Write(id1 + name1);
}
}
I am get null values in the id1 and name1.
Any help please..
Change this line:
string url = string.Format("QueryStringValuesTransfer.aspx?id={0}&name={1}", Server.UrlEncode(id), Server.UrlEncode(name));
Right now you are only setting the values in the querystring, you need to assign them names so you can grab them again:
string url = string.Format("QueryStringValuesTransfer.aspx?id={0}&name={1}", Server.UrlEncode(id), Server.UrlEncode(name));
That's because your query string should be something like
MyPage.aspx?id=xxx&name=yyy
You are not passing the values, only the names...
string url = string.Format("QueryStringValuesTransfer.aspx?{0}&{1}", Server.UrlEncode(id), Server.UrlEncode(name));
Should be:
string url = string.Format("QueryStringValuesTransfer.aspx?id={0}&name={1}", Server.UrlEncode(id), Server.UrlEncode(name));
You aren't specifying a name for the values. You need:
string url = string.Format("QueryStringValuesTransfer.aspx?id={0}&name={1}", Server.UrlEncode(id), Server.UrlEncode(name));
When constructing the URL in the first page you should do this:
string url = string.Format("QueryStringValuesTransfer.aspx?id={0}&name={1}", Server.UrlEncode(id), Server.UrlEncode(name));
The query string consists of key-value pairs, you should provide the keys.
I found a good way to check if a file exists and read the contents if it does, but for some reason I can't create a method out of it.
Here's what I have so far:
<script runat="server">
void Page_Load(Object s, EventArgs e) {
lblFunction.Text = mwbInclude("test.txt");
}
string mwbInclude(string fileName) {
string inc = Server.MapPath("/extra/include/" + Request["game"] + "/" + fileName);
string valinc;
if(System.IO.File.Exists(inc))
{
valinc = System.IO.File.ReadAllText(inc);
}
return valinc;
}
</script>
I wish I could provide more info, but the server this is on doesn't show any feedback on errors, just a 404 page.
I think
valinc = Response.Write(System.IO.File.ReadAllText(inc));
should be
valinc = System.IO.File.ReadAllText(inc);
Why are you setting the Text property and calling Response.Write? Do you want to render the text as a label, or as the whole response?
If you're getting a 404, it's because your page isn't being found, not because there's a problem with the script itself. Have you tried ripping out all of the code and just sticking in some HTML tags as a sanity check?