im getting a string and urlencoding it (in the SanitizeForQueryString
function) is this the correct approach? should i be encoding each parameter
seperately or the entire string?
Dim AreaID As String = Request.Form(hAreaID.UniqueID)
Dim SalePrice As String =
SanitizeForQueryString(Request.Form(elMinPrice.Con trolID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxPrice.Con trolID)) & "-0"
Dim RentPrice As String =
SanitizeForQueryString(Request.Form(elMinRent.Cont rolID)) & "-" &
SanitizeForQueryString(Request.Form(elMaxRent.Cont rolID)) & "-0"
Dim QString As New System.Text.StringBuilder
With QString
..Append("?Mode=0")
..Append("&Page=1")
..Append("&vs=1")
..Append("&rlt=")
..Append(SanitizeForQueryString(Request.Form(txtRe altorName.UniqueID)))
..Append("&cp=")
..Append(SanitizeForQueryString(Request.Form(txtBr okerCompany.UniqueID)))
..Append("&pt=")
..Append(SanitizeForQueryString(elPropertyTypes.Ge tSelectedValues))
..Append("&mp=")
..Append(SalePrice)
..Append("&mrt=")
..Append(RentPrice)
..Append("&Beds=")
..Append(SanitizeForQueryString(Request.Form(elBed s.ControlID)))
..Append("&Baths=")
..Append(SanitizeForQueryString(Request.Form(elBat hs.ControlID)))
..Append("&f=")
..Append(SanitizeForQueryString(Request.Form(elFea tures.ControlID)))
..Append("&ft=")
..Append(SanitizeForQueryString(Request.Form(ddlFe atureType.UniqueID)))
..Append("&o=")
..Append(SanitizeForQueryString(Request.Form(ddlOr der.UniqueID)))
..Append("&of=")
..Append(SanitizeForQueryString(Request.Form(ddlOr derField.UniqueID)))
..Append("&ps=")
..Append(SanitizeForQueryString(Request.Form(ddlPa geSize.UniqueID)))
If Not AreaID Is Nothing AndAlso AreaID <> String.Empty Then
..Append("&aid=")
..Append(SanitizeForQueryString(AreaID))
..Append("&MapURL=")
..Append(SanitizeForQueryString(Request.QueryStrin g("MapURL")))
Else
..Append("&pro=")
..Append(SanitizeForQueryString(Request.Form(elPro vinces.ControlID)))
..Append("&ci=")
..Append(SanitizeForQueryString(Request.Form(txtCi ty.UniqueID)))
..Append("&st=")
..Append(SanitizeForQueryString(Request.Form(txtSt reet.UniqueID)))
..Append("&zip=")
..Append(SanitizeForQueryString(Request.Form(txtPo stalCode.UniqueID)))
End If
End With