473,511 Members | 15,624 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Plus signs in query strings

I'm tightening security on my application by encrypting query strings so
someone can't try and guess other valid query string values. This was
working well, but I noticed it wasn't working in some cases today. Looking a
little deeper, it seems that when encrypted one value had a + in it. When
this was picked up at the receiving page, I see the + turns into a space,
which then throws off the decryption.

Is a + an illegal character for a query string? If so, is the plus the only
character I can count on being converted to a space? It won't be hard to
look for any spaces and change them into + in the codebehind, but I only
want to do that if that's the only character that becomes a space.

Anyone got a good link to describe this in detail (what characters are
allowed and what happens to illegal ones)?

Thanks!
Matt
Nov 18 '05 #1
1 2739
MattB wrote:
I'm tightening security on my application by encrypting query strings so
someone can't try and guess other valid query string values. This was
working well, but I noticed it wasn't working in some cases today. Looking a
little deeper, it seems that when encrypted one value had a + in it. When
this was picked up at the receiving page, I see the + turns into a space,
which then throws off the decryption.

Is a + an illegal character for a query string? If so, is the plus the only
character I can count on being converted to a space? It won't be hard to
look for any spaces and change them into + in the codebehind, but I only
want to do that if that's the only character that becomes a space.

Anyone got a good link to describe this in detail (what characters are
allowed and what happens to illegal ones)?


Characters in a URL are expected to be URL Encoded to be passed through
safely. Since spaces are not safe characters in a URL, they are encoded
- some systems encode a space using "%20", some systems encode a space
using '+'.

What's happening is the the ASP.NET method you're using to grab the
query parameters is automatically URLDecoding the parameter for you - so
it's decoding the '+' as a space.

The fix is for your code that issues the query parameters to perform a
URLEncode() on it.

--
mikeb
Nov 18 '05 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
4106
Post with multiple words to form and Plus Sign
by: r0adh0g | last post by:
I am attempting to build a primitive search form on my site. It is searching an Access Database Table and comparing on field in the database to a field passed from the form. Works great if only...
ASP / Active Server Pages
1
6983
Field type with greater than, less than signs
by: trinity | last post by:
Hello all, First, I am grateful for this forum and all comments that will be posted. I am designing a database that compiles data from sewage treatment plants. Mostly the data is numeric. ...
Microsoft Access / VBA
4
2002
Plus sign in strings
by: Frederik Vanderhaeghe | last post by:
Hi, In my asp.net page i go to a link with parameters. The parameters are searched in a database table. One of them is 'Site+Pictures' when I add this parameter to the link it cuts of and it...
ASP.NET
9
2502
query run successfully in sql*plus but return 0 records affected in vb6
by: skyloon | last post by:
I've did a program using vb6 to connect to oracle9i, i can establish the connection, the problem is when i execute the query in oracle sql*plus, it can execute successfully, but when run in vb...
Visual Basic 4 / 5 / 6
3
1742
Saving Query Strings
by: Nathan Guill | last post by:
I have an interface that works with an Access back-end. I would like to store and/or load user defined query strings per each user (i.e. no user can access another's queries). The idea I had was...
.NET Framework
17
2708
query parameters at the end of the JavaScript file
by: NeoAlchemy | last post by:
I am starting to find more web pages that are using a query parameters after the JavaScript file. Example can be found at www.opensourcefood.com. Within the source you'll see: <script...
Javascript
3
6625
Plus is replaced with space when sending data with HttpWebRequest
by: Mateo | last post by:
(As.Net 1.1 framework!) Hi! So, I have problem as described in subject. Here is source code:
.NET Framework
1
13648
Removing plus signs from URL query string
by: Gene Kelley | last post by:
This has got to be an easy one, but I'm just not getting it. The following function (below) returns name=value pairs from URL queries (GET). All is working as expected, but I am trying to figure...
Javascript
5
2312
Routine cannot contain an On Error and lamda or query expression. Huh???
by: Just_a_fan | last post by:
I tried to put an "on error" statement in a routine and got the message that I cannot user "on error" and a lamda or query expression in the same routine. Help does not list anything useful for...
Visual Basic .NET
0
7252
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
7371
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
1
7093
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
1
5077
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
4743
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp
0
3230
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3218
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1583
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp
0
452
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us