0

I have a problem in that I am trying to update a password based on an email address obtained from a querystring. I need to put the querystring value in a session variable due to some different scenarios. Everything works perfectly with a standard email address: bob@outlook.com, but if I use the '+' symbol in the email address like bob+1@outlook.com the session value shows a space where it should show a '+' symbol. This causes my SQL to fail to find a match.

When I create a test session variable such as session("plus") = '+' this works perfectly. However session("email") = request("email") will convert the '+' to a space. 

If Request("email") <> "" Then
    Session("email") = Request("email")
    Session("DBstatus") = "Password Reset Requested"
End If

I expect this: session("email") = "bob+1@outlook.com"

I get this: session("email") = "bob 1@outlook.com"

I have tried using server.urlencode but that does not match the value stored in my tables.

Dale K
  • 25,246
  • 15
  • 42
  • 71
user2055729
  • 199
  • 1
  • 1
  • 13

2 Answers2

1

That is one way to go. It may work with the email because we all know email addresses cannot contain spaces.

However, when it comes to other string values that have no strict rules like emails, some that may have + and white-spaces would be eventually decoded as a white-space. Thus you will not be able to determine which one should be the plus sign to replace.

ASP.NET automatically calls UrlDecode() when you access a property by key index (i.e. (Request.QueryString["key"]). https://stackoverflow.com/a/13095475/2289769

Take the following example:

String passed to the browser

spacebetween=Q Q&pluscharbetween=Q+Q&encodedpluschar=Q%2BQ

QueryString encoded by the browser

spacebetween=Q%20Q&pluscharbetween=Q+Q&encodedpluschar=Q%2BQ

Interpreted by ASP (Request.QueryString.ToString()):

spacebetween=Q+Q&pluscharbetween=Q+Q&encodedpluschar=Q%2bQ

UrlDecoded() by ASP

spacebetween: Q Q

pluscharbetween: Q Q

encodedpluschar: Q+Q

With that said, is best to encode any string value passed to the browser if you want to get it back exactly as is.

You can conduct your own test:

<h4>UrlDecoded()</h4>
<asp:Label ID="Label1" runat="server" Text=""></asp:Label>
<h4>Without Decoding()</h4>
<asp:Label ID="Label2" runat="server" Text=""></asp:Label>

If Request.QueryString.ToString().Length > 0 Then
    For Each key As String In Request.QueryString.Keys
        If Request.QueryString.Get(key).Length > 0 Then
            Label1.Text &= String.Format("{0}: {1}<br />", key, Request.QueryString.Get(key))
        End If
    Next

    Dim items As String() = Request.QueryString.ToString().Split("&".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)

    For Each item In items
        Dim key = item.Split("=")(0)
        Dim value = item.Split("=")(1)

        Label2.Text &= String.Format("{0}: {1}<br />", key, value)
    Next
End If
Attila Antal
  • 811
  • 8
  • 17
0

Okay I got this bastard figured out for the moment with my good friend viewstate. I don't know if I am going to run into trouble down the road but this little function did the trick :)

ViewState("email") = Session("email").Replace(" ", "+")

user2055729
  • 199
  • 1
  • 1
  • 13