Put a query string in a server variable

Question

djblois 0 Newbie Poster

9 Years Ago

I need to put a query string into a servervariable so when the user posts back to the page, the variable is still in the URL (and it will not crash). How do I do this.

Here is the code that calls the page:

function GoProfile(Userid) 

    {
        window.document.location.href = 'AdminEditProfile.asp?UserID=' + Userid;
    }

Then when it posts back to the page, here is the code that calls it back:

<form action="<%=Request.ServerVariables("SCRIPT_NAME")%>" method=post id=form1 name=form1>

Since I have a line of code, like this:

prm.Append cmd.CreateParameter("@UserID", adVarchar, adParamInput,24,request.QueryString("UserID"))

on the page if the query string is not in the URL when it posts back it will crash (but the rest works).

web-design

Edited 9 Years Ago by djblois

3 Contributors
7 Replies
142 Views
6 Days Discussion Span
Latest Post 9 Years Ago Latest Post by djblois

iamthwee

9 Years Ago

Bad idea to put the userid in the query string, best to save this as a session and will be persistent across the entire site.

JorgeM 958 Problem Solver

9 Years Ago

There's nothing wrong with using the query string. Its up to you as the web developer to determine the best approach for passing information between pages. You have options... query string, sessions, cookies, etc...

I generally use query string parameters..for example.... take an application that displays products... it would be very common to pass the query string parameter of product id to the product details page.

However, if you want to track which user is logged in to your application, if you only use the approach of passing the user id in the query string, what will prevent someone from just changing the query string to another value? that wouldnt be very secure.

So, when security is of concern, if you do pass the value via query string, you should most definately validate the value before you perform any type of processing on the target page.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

djblois 0 Newbie Poster · Answer 1 · 2015-01-06T20:47:43+00:00

Thank you for that information.

Can you point me where I can find code samples to do that?

and when is it good to use a querystring then?

iamthwee · Answer 2 · 2015-01-06T20:57:03+00:00

What language are you using looks like asp.net.

Any server side language you will be able to set sessions, these are handled server side and cannot be tampered with.

Once the session is set you can use regular query strings without fear of the user tampering to get unauthenicated access to part of your site.

'Sessions' are the driving force in any web portal application.

JorgeM 958 Problem Solver Team Colleague Featured Poster · Answer 3 · 2015-01-06T21:01:09+00:00

Actually, this looks like classic ASP to me...(i hope you are not coding like this in asp.net).

here is an example of how to store a value in a session variable.

<%
Session("userid")="djblois"
Session("name")="Daniel Blois"
%>

To retreive the value...

Hello <%Response.Write(Session("name"))%>

djblois 0 Newbie Poster · Answer 4 · 2015-01-12T14:29:26+00:00

JorgeM is correct that it is classic ASP.

Curious when would using a query string be a good idea?

djblois 0 Newbie Poster · Answer 5 · 2015-01-13T14:16:55+00:00

JorgeM,

Thank you - I guess from your answer iamthwee misunderstood what userid was in this case. It is for administrators being able to pull up the users profiles and edit in an in house help desk site. So security is not of concern. Thank you both for your help.