Decrypt QueryString – Space + Issue = Uri.EscapeDataString

While working with encrypted querystrings in ASP.NET I noticed people doing this:

string strValues = "search term";
string strURL = "http://mysite.com?search="
+ encryptQueryString(strValues);
Response.Redirect(strURL);
string strScramble = Request.QueryString["search"];
string strdeCrypt = decryptQueryString(strScramble.Replace(" ", "+"));

The “strScramble.Replace(” “, “+”)” is a scary way to get around the request.querystring automatically changing the “+” into a space.   A better way is to use System.Uri.EscapeDataString before adding the querystring value. Then HttpUtility.UrlDecode works as expected returning the “+”.

According to this blog on MSDN (http://blogs.msdn.com/yangxind/default.aspx), when encoding the URL use “System.Uri.EscapeDataString”, when decoding the URL use HttpUtility.UrlDecode“.

Example using Uri.EscapeDataString and taking out replace:

string strValues = "search term";
string strURL = "http://mysite.com?search="
+ encryptQueryString(Uri.EscapeDataString(strValues));
Response.Redirect(strURL);
string strScramble = Request.QueryString["search"];
string strdeCrypt = decryptQueryString(strScramble);
NET encoding methods

Characters

HttpUtility.UrlEncode

System.Uri.EscapeDataString

System.Uri.EscapeUriString

&

%26

%26

&

$

%24

%24

$

+

%2b

%2B

+

Space

+

%20

%20

%

%25

%25

%25

<

%3c

%3C

%3C

There are two decoding methods in .NET

Encoded Characters

HttpUtility.UrlDecode

System.Uri.UnescapeDataString

%26

&

&

%24

$

$

%2b

+

+

%20

Space

Space

+

Space

+

%25

%

%

%3c

<

<

One thought on “Decrypt QueryString – Space + Issue = Uri.EscapeDataString

  1. Thanks man,

    I was searching for a solution for my + sign problem.
    We have articlenumber with spaces and + signs… Uri.EscapeDataString solved the problem for me ;-).

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>