The QueryString collection retrieves the values of the variables in the HTTP query string. The HTTP query string is specified by the values following the question mark (?). Several different processes can generate a query string. For example, the following anchor tag generates a variable named string with the value "this is a sample."
<A HREF="example?string=this is a sample">string sample</A>
Query strings are also generated by sending a form or by a user typing a query into the address box of the browser.
As a security precaution, always encode querystring input (or any request data) before using it. A general method of encoding data is to use Server.HTMLEncode. Another method is to write a short function that tests request data for invalid characters. More information can be found by reading chapter 12 of Writing Secure Code, and using Checklist: ASP Security when you create your ASP applications.
Request.QueryString( variable)[( index)|.Count]
- Specifies the name of the variable in the HTTP query string to
- An optional parameter that enables you to retrieve one of multiple values for variable. It can be any integer value in the range 1 to Request.QueryString( variable).Count.
The QueryString collection is a parsed version of the QUERY_STRING variable in the ServerVariables collection. It enables you to retrieve the QUERY_STRING variable by name. The value of Request.QueryString( parameter) is an array of all of the values of parameter that occur in QUERY_STRING. You can determine the number of values of a parameter by calling Request.QueryString(parameter).Count. If a variable does not have multiple data sets associated with it, the count is 1. If the variable is not found, the count is 0.
To reference a QueryString variable in one of multiple data sets, you specify a value for index. The index parameter can be any value between 1 and Request.QueryString(variable).Count. If you reference one of multiple QueryString variables without specifying a value for index, the data is returned as a comma-delimited string.
When you use parameters with Request.QueryString, the server parses the parameters sent to the request and returns the specified data. If your application requires unparsed QueryString data, you can retrieve it by calling Request.QueryString without any parameters.
You can use an iterator to loop through all the data values in a query string. For example, if the following request is sent:
And Names.asp contained the following script:
--- Names.asp --- <% For Each item In Request.QueryString("Q") Response.Write Request.QueryString("Q")(item) & "<BR>" Next %>
Names.asp would display the following:
The preceding script could also have been written using Count, as shown in the following code sample.
<% For i = 1 To Request.QueryString("Q").Count Response.Write Request.QueryString("Q")(i) & "<BR>" Next %>
The following client request:
Results in the following QUERY_STRING value:
The QueryString collection would then contain two
age. You can then use
the following script:
Welcome, <%= Request.QueryString("name") %>. Your age is <%= Request.QueryString("age") %>.
The output is:
Welcome, Fred. Your age is 22.
If the following script is used:
The unparsed query string is: <%=Request.QueryString %>
The output is:
The unparsed query string is: name=fred&age=22