ASP.Net URLEncode Ampersand for use in Query Strin

2020-01-24 09:32发布

站内问答 / C#
1298 7 6

I need to redirect to a url passing a parameter as a query string.

This can include an Ampersand in the value. such as

string value = "This & That";
Response.Redirect("http://www.example.com/?Value=" + Server.UrlEncode(value));

This however returns http://www.example.com/?Value=This+&+That

What should I be using to encode this string?

EDIT: Thanks Luke for pointing out the obvious, the code does indeed work correctly. I Apologise, my question was not a valid question after all!

The page I was going to had a lot of old legacy code which is apparently doing some kinda of encoding and decoding itself making it appear as if my urlencode was not working.

My solution unfortunately is to completely drop use of an & until the code in question can be re-written. Don't you just hate old code!

7条回答
▲ chillily
2楼-- · 2020-01-24 10:06

Another character that needs escaping is the apostrophe. Replace it with %27.

string url = Server.UrlEncode(value).Replace("'", "%27);

HttpUtility.UrlEncode() And Server.UrlEncode() do not replace this character along with a few others for backwards compatibility with other .Net Frameworks. See this microsoft article for details: http://connect.microsoft.com/VisualStudio/feedback/details/214349/httputility-urlencode-does-not-encode-apostrophe

查看更多
0人赞 添加讨论(0) 举报
▲ chillily
3楼-- · 2020-01-24 10:08

this is correct however if you have several parameters in the query string.

for example : &firstname=bob&secondName="Tracy and John"

查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
4楼-- · 2020-01-24 10:10

And if you are getting a value from a GridView the & ampersand may very well be showing up as "&":

row.Cells[4].Text.ToString() = xxxx&

So in this case you will want to use:

.Replace("&", "%26")
查看更多
0人赞 添加讨论(0) 举报
手持菜刀,她持情操
5楼-- · 2020-01-24 10:12

The documentation suggests that Server.UrlEncode should handle ampersands correctly.

I've just tested your exact code and the returned string was correctly encoded:

http://www.example.com/?Value=This+%26+That

查看更多
0人赞 添加讨论(0) 举报
爱情/是我丢掉的垃圾
6楼-- · 2020-01-24 10:17

Technically doing: 

value = value.Replace("&", "%26")

will do the trick.

EDIT: There seem to be some tricky issues with the whole UrlEncode/HttpEncode methods that don't quite do the trick. I wrote up a simple method a while back that may come in handy. This should cover all the major encoding issues, and its easy to write a "desanitizer" as well.

Protected Function SanitizeURLString(ByVal RawURLParameter As String) As String

      Dim Results As String

      Results = RawURLParameter    

      Results = Results.Replace("%", "%25")
      Results = Results.Replace("<", "%3C")
      Results = Results.Replace(">", "%3E")
      Results = Results.Replace("#", "%23")
      Results = Results.Replace("{", "%7B")
      Results = Results.Replace("}", "%7D")
      Results = Results.Replace("|", "%7C")
      Results = Results.Replace("\", "%5C")
      Results = Results.Replace("^", "%5E")
      Results = Results.Replace("~", "%7E")
      Results = Results.Replace("[", "%5B")
      Results = Results.Replace("]", "%5D")
      Results = Results.Replace("`", "%60")
      Results = Results.Replace(";", "%3B")
      Results = Results.Replace("/", "%2F")
      Results = Results.Replace("?", "%3F")
      Results = Results.Replace(":", "%3A")
      Results = Results.Replace("@", "%40")
      Results = Results.Replace("=", "%3D")
      Results = Results.Replace("&", "%26")
      Results = Results.Replace("$", "%24")

      Return Results

End Function
查看更多
0人赞 添加讨论(0) 举报
forever°为你锁心
7楼-- · 2020-01-24 10:22

You must use Server.UrlEncode(string containing the ampersand).

I've just tested it and the returned query string was correctly encoded and then decoded.

HttpUtility didn't work for this operation.

查看更多
0人赞 添加讨论(0) 举报
1 2 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)