I have a situation where the user is able to enter any characters they want in a URL query string.
Example:
http://localhost/default.aspx?ID=XXXX
http://localhost/default.aspx?ID=&XXXX
http://localhost/default.aspx?ID=#XXXX
The web page must accept the ID parameter as it is no matter what the characters are. However certain special characters such as ampersand(&) and pound(#) creates problems. How can I accept them as is?
If the user is entering the query string, they must properly encode the query string first. If you are creating the query string yourself, such as from a form submission, you will need to use a URL encode method.
This:
encodeURIComponent(uri)
Where uri is the component after the ?ID=
Encode your URL HttpServerUtility.UrlEncode Method (String)
Edit: following your comment, you want to get query String value of ID
String id = Request.QueryString["ID"];
Use
userinput = escape(userinput)
then, in PHP:
$userinput = urldecode($_GET['id'])
or in JS:
userinput = unescape(userinput)
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贼婆χ 的文章《Special Characters in URL query string》','https://www.manongdao.com/article-692942.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}