- A query string is an information that is appended to the end of a page URL.
- A typical query string might look like the following example:
- Moreover, In the URL path above, the query string starts with a question mark (?) and includes two attribute/value pairs, one called “category” and the other called “semester”
- Query strings provide a simple but limited way to maintain state information. Moreover, For example, they are an easy way to pass information from one page to another, such as passing a product number from one page to another page where it will be processed.
Advantages of using query strings
- No server resources are required: The query-string is contained in the HTTP request for a specific URL.
- Widespread support: Almost all browsers and client devices support using query strings to pass values.
- Simple implementation: ASP.NET provides full support for the query-string method, including methods of reading query strings using the Params property of the HttpRequest object.
Potential security risks: The information in the query-string is directly visible to the user via the browser’s user interface. Also, A user can bookmark the URL or send the URL to other users, thereby passing the information in the query string along with it. Moreover, If you are concerned about any sensitive data in the query string, consider using hidden fields in a form that uses POST instead of using query strings
Limited capacity: Moreover, Some browsers and client devices impose a 2083-character limit on the length of URLs.
// Getting data
if (Request.QueryString[“number”] != null)
View.Text = Request.QueryString[“number”];
// Setting query string int postbacks = 0; if (Request.QueryString[“number”] != null)
postbacks = Convert.ToInt32(Request.QueryString[“number”]) + 1;
postbacks = 1;
Response.Redirect(“default.aspx?number=” + postbacks);