query string in asp.net

A query string is information that is appended to the end of a page URL. 

We can use a query string to submit data back to our page or to another page through the URL.

Query strings provide a simple but limited way of maintaining some state information.

For example :

 Query strings are an easy way to pass information from one page to another, such as passing a product number to another page where it will be processed. 

A typical query string might look like the following real-world example:

http://support.microsoft.com/Default.aspx?kbid=315233 

In this example, the URL identifies the Default.aspx page. The query string (which starts with a question mark [?]) contains a single parameter named “kbid,” and a value for that parameter, “315233.” Query strings can also have multiple parameters, such as the following real-world URL, which specifies a language and query when searching the Microsoft.com Web site:

http://search.microsoft.com/results.aspx?kbid=315233&setlang=en-US

 Advantages of using query string in asp.net :

No server resources are required:  

The query string is contained in the HTTP request for a specific URL.

Widespread support:   Almost all browsers and client devices support using query strings to pass values.k

Simple implementation:  

ASP.NET provides full support for the query-string method, including methods of reading query strings using the Params property of the HttpRequest object.

Disadvantages of using query string in asp.net :

Potential security risks:   The information in the query string is directly visible to the user via the browser’s user interface. A user can bookmark the URL or send the URL to other users, thereby passing the information in the query string along with it.

If you are concerned about any sensitive data in the query string, consider using hidden fields in a form that uses POST instead of using query strings.

 Limited capacity:   Some browsers and client devices impose a 2048-character limit on the length of URLs. 

query string example

source view

<%@ Page Language="C#" AutoEventWireup="true" CodeFile="QueryStringExample.aspx.cs" Inherits="QueryStringExample" %>  
<!DOCTYPE html>  
<html xmlns="http://www.w3.org/1999/xhtml">
 <head id="Head1" runat="server">
     <title></title> </head> <body style="border: 1px solid gray">
     <form id="form1" runat="server">
         <div align="center">
             <h3 style="background-color: yellow; color: green">QueryString Example</h3>
             <div style="border: 2px solid blue; padding: 10px; margin: 30px; background-color: #e4f7b4">
                 <b>Enter Name:</b><asp:TextBox ID="txtName" runat="server"></asp:TextBox>
                 <br />
                 <br />
                 <b>Enter Age:&nbsp;&nbsp;&nbsp;&nbsp;</b><asp:TextBox ID="txtAge" runat="server"></asp:TextBox>
                 <br />
                 <br />
                 &nbsp;&nbsp;&nbsp;
                 <asp:Button ID="btnSubmit" runat="server" Text="Submit" OnClick="btnSubmit_Click" />
             </div>
         </div>
     </form>
 </body>
 </html>

code view

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI; 
using System.Web.UI.WebControls;  

public partial class QueryStringExample : System.Web.UI.Page
 {
     protected void Page_Load(object sender, EventArgs e)
     { 
     }
     protected void btnSubmit_Click(object sender, EventArgs e)
     {
         string name = txtName.Text.Trim();  
        int age = int.Parse(txtAge.Text.Trim());  
        Response.Redirect("AccessQueryStringExample.aspx?name=" + name + "&age=" + age);
     }
 } 

Accessing QueryString Values on another Page: AccessQueryStringExample.aspx

code view

using System; using System.Collections.Generic;
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls;  
public partial class AccessQueryStringExample : System.Web.UI.Page
 {
     protected void Page_Load(object sender, EventArgs e)
     {
         if (Request.QueryString["name"] != null && Request.QueryString["age"] != null)
         {
             Response.Write("Your Name Is: " + Request.QueryString["name"].ToString());
             Response.Write("<br />");  
            Response.Write("Your Age Is: " + Request.QueryString["age"].ToString());
         }
         else
         { 
            Response.Redirect("QueryStringExample.aspx");
         }
     }
 }