Always use UrlEncode, when passing parameters to Url string

I had a function, that took the field BARCODE from the database and created URL string for Redirect with parameter ?barcode=BarcodeValue.


It worked fine for a while, because most of values were numeric or alpha-numeric.


However when  barcode has ‘plus’ sign in front, e.g ‘+2134214’, on the target page


Request.QueryString(“Barcode”) replaces the ‘plus’ sign with space and returns   ‘ 2134214’ ,which is obviously not expected


So the correct way to code is to use HttpUtility.UrlEncode , if characters such as blanks and punctuation can be used in your field, e.g.


“&Barcode=” & HttpUtility.UrlEncode(Barcode).

After fixing my code I found a very detailed article Using HttpUtility.UrlEncode to Encode your QueryStrings.

Advertisements