Menu
It's the first time I'm passing variables between two pages in my asp.net project. It works, but I'm wondering if it is a good way to do it? Is it secure? Is there a better way? The reason why I ask is that I've have learned never to use concatenation in sql, but instead use parameters (which I always do from now on). Is there a similar risk in this case?
In web page1:
protected void Button1_Click(object sender, EventArgs e)
{
string email = txtEmail.Text;
string date = txtDate.Text;
string time = txtTime.Text;
string name = txtName.Text;
string url = "~/change.aspx?newemail="+mail+"&newdate="+date+"&newtime="+time+"&newname="+name+"";
Response.Redirect(url);
}
In web page2:
protected void Page_Load(object sender, EventArgs e)
{
String email = Request.QueryString["newemail"];
String date = Request.QueryString["newdate"];
String time = Request.QueryString["newtime"];
String name = Request.QueryString["newname];
TextBox1.Text = email;
TextBox2.Text = date;
TextBox3.Text = time;
TextBox4.Text = name;
}
847
if it is a good way to do it?
Not really. You need to url encode the values because if they contain special characters the receiving page will not parse them correctly:
string url = "~/change.aspx?" +
"newemail=" + HttpUtility.UrlEncode(mail) +
"&newdate=" + HttpUtility.UrlEncode(date) +
"&newtime=" + HttpUtility.UrlEncode(time) +
"&newname=" + HttpUtility.UrlEncode(name);
Is it secure?
No, not at all. Anyone could send a request to your target page with whatever values he feels good for him.
Is there a better way?
That would depend on your specific requirements and whether the information you are transmitting is sensitive or not. If it is sensitive information, then you might consider storing the values on the server instead of passing them as query string parameters. For example you could use the ASP.NET Session for this purpose.
101
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
