Menu
Even if I don't POST or GET any parameter named url it still get inserted into the Request variable resulting in that Request["url"] is always set. The default value is the requested aspx file. If I include url as POST or GET parameter in the request the default value is overwritten. Can you explain why this behavior is implemented in .net?
959
This is documented in the HttpRequest class information. Look at the Items collection and it says specifically that it will look at objects from QueryString, Form, Cookies, or ServerVariables. This does go back to classic ASP and other languages have implemented similar, such as PHP although PHP considers it unsafe and I believe it was turned off in v 5.5. Microsoft also recommneded not to do this as it can be exploited. In the case of the Request["url"] it will return a server variable. If a querystring is present with the variable url in it, Request["url"] will return the querystring variable since it is scanned first in the list. It was put in for backwards compatibility with classic ASP as it was widely used in classic ASP.
HttpRequest Class MSDN Documentation
116
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
