Platform SDK: Internet Information Services 6.0
Request.QueryString Collection
The QueryString collection retrieves the values of the
variables in the HTTP query string. The HTTP query string is
specified by the values following the question mark (?). Several
different processes can generate a query string. For example, the
following anchor tag generates a variable named string with
the value "this is a sample."
<A HREF="example?string=this is a sample">string
sample</A>Query strings are also generated by sending a form or by a user
typing a query into the address box of the browser.
As a security precaution, always encode querystring input (or
any request data) before using it. A general method of encoding
data is to use Server.HTMLEncode.
Another method is to write a short function that tests request data
for invalid characters. More information can be found by reading
chapter 12 of Writing Secure Code, and using Checklist: ASP Security when you
create your ASP applications.
Syntax
Request.QueryString(
variable)[(
index)|.Count]
Parameters
- variable
- Specifies the name of the variable in the HTTP query string to
retrieve.
- index
- An optional parameter that enables you to retrieve one of
multiple values for variable. It can be any integer value in
the range 1 to Request.QueryString(
variable).Count.
Remarks
The QueryString collection is a parsed version of the
QUERY_STRING variable in the ServerVariables collection.
It enables you to retrieve the QUERY_STRING variable by
name. The value of Request.QueryString(
parameter) is an array of all of the values of
parameter that occur in QUERY_STRING. You can determine
the number of values of a parameter by calling
Request.QueryString(parameter).Count. If a
variable does not have multiple data sets associated with it, the
count is 1. If the variable is not found, the count is 0.
To reference a QueryString variable in one of multiple
data sets, you specify a value for index. The index
parameter can be any value between 1 and
Request.QueryString(variable).Count. If you
reference one of multiple QueryString variables without
specifying a value for index, the data is returned as a
comma-delimited string.
When you use parameters with Request.QueryString, the
server parses the parameters sent to the request and returns the
specified data. If your application requires unparsed
QueryString data, you can retrieve it by calling
Request.QueryString without any parameters.
You can use an iterator to loop through all the data values in a
query string. For example, if the following request is sent:
http://localhost/script/directory/NAMES.ASP?Q=Fred&Q=Sally
And Names.asp contained the following script:
--- Names.asp ---
<%
For Each item In Request.QueryString("Q")
Response.Write Request.QueryString("Q")(item) & "<BR>"
Next
%>
Names.asp would display the following:
Fred
Sally
The preceding script could also have been written using
Count, as shown in the following code sample.
<%
For i = 1 To Request.QueryString("Q").Count
Response.Write Request.QueryString("Q")(i) & "<BR>"
Next
%>
Example
The following client request:
/scripts/directory-lookup.asp?name=fred&age=22
Results in the following QUERY_STRING value:
name=fred&age=22.
The QueryString collection would then contain two
members, name and age. You can then use
the following script:
Welcome, <%= Request.QueryString("name") %>.
Your age is <%= Request.QueryString("age") %>.
The output is:
Welcome, Fred. Your age is 22.
If the following script is used:
The unparsed query string is: <%=Request.QueryString %>
The output is:
The unparsed query string is: name=fred&age=22
Applies To
Request Object