ASP Encode/Decode Functions
-------------------------------------------------------------------------------------------------------
Server.URLEncode
Used for encoding data that will be passed via a querystring variable. A querystring variable is anything following the question mark (?) in the URL (location) field of your browser. You create querystring variables when you perform a redirect or build a hyperlink to another page on your site.
<a href="page2.asp?name=Joe+Schmoe">here</a>
<%
Response.Redirect "page2.asp?ID=3"
%>
In the example above, the hyperlink contains a variable named "name" which has a value of "Joe Schmoe" (the space is encoded as "+") In the Response.Redirect statement, we have a querystring variabled named "ID" with a value of 3. To perform a URL encode on a variable (for purposes of passing this variable to another page) use the following:
<a href="page2.asp?name=<%= Server.URLEncode(sName) %>">
here</a>
<%
Response.Redirect "page2.asp?ID=" &_
Server.URLEncode(nID)
%>
URLDecode
For some reason, Microsoft did not include a URL decode function with Active Server Pages. Most likely, this was because the decoding of querystring variables is done automatically for you when you access the querystring object:
<%= Request.QueryString("name") %>
For those of you who are desperately in need of this function:
' -----------------------------------------
' URL decode to retrieve the original value
Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If
' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")
' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")
If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If
URLDecode = sOutput
End Function
Server.HTMLEncode
This useful built-in function is very useful for encoding text that should be displayed in a form input. By "form input" we mean a web form control such as a text input, select or textarea control.
You may have noticed that certain characters cause the HTML on your web form to be interpretted incorrectly. Specifically, the HTML tag characters "<" and ">" can have this effect as well as the quote character (") which is used to encapsulate values.
<input type="text" value="<%= Server.HTMLEncode(sValue) %>">
<textarea name="sample" width=38 height=10>
<%= Server.HTMLEncode(sValue) %>
</textarea>
This simple value shows you how easy it is to safely include any value within a web form control.
HTMLDecode
Just like with the URLDecode function described previously, Microsoft, in its infinite wisdom decided not to include an HTMLDecode function with their Server component. It is a relatively simple matter to decode this test data (although I haven't had a need to do this so far.) For completeness sake, here is an HTMLDecode function you may use:
Function HTMLDecode(sText)
Dim I
sText = Replace(sText, """, Chr(34))
sText = Replace(sText, "<" , Chr(60))
sText = Replace(sText, ">" , Chr(62))
sText = Replace(sText, "&" , Chr(38))
sText = Replace(sText, " ", Chr(32))
For I = 1 to 255
sText = Replace(sText, "&#" & I & ";", Chr(I))
Next
HTMLDecode = sText
End Function
-------------------------------------------------------------------------------------------------------
Server.URLEncode
Used for encoding data that will be passed via a querystring variable. A querystring variable is anything following the question mark (?) in the URL (location) field of your browser. You create querystring variables when you perform a redirect or build a hyperlink to another page on your site.
<a href="page2.asp?name=Joe+Schmoe">here</a>
<%
Response.Redirect "page2.asp?ID=3"
%>
In the example above, the hyperlink contains a variable named "name" which has a value of "Joe Schmoe" (the space is encoded as "+") In the Response.Redirect statement, we have a querystring variabled named "ID" with a value of 3. To perform a URL encode on a variable (for purposes of passing this variable to another page) use the following:
<a href="page2.asp?name=<%= Server.URLEncode(sName) %>">
here</a>
<%
Response.Redirect "page2.asp?ID=" &_
Server.URLEncode(nID)
%>
URLDecode
For some reason, Microsoft did not include a URL decode function with Active Server Pages. Most likely, this was because the decoding of querystring variables is done automatically for you when you access the querystring object:
<%= Request.QueryString("name") %>
For those of you who are desperately in need of this function:
' -----------------------------------------
' URL decode to retrieve the original value
Function URLDecode(sConvert)
Dim aSplit
Dim sOutput
Dim I
If IsNull(sConvert) Then
URLDecode = ""
Exit Function
End If
' convert all pluses to spaces
sOutput = REPLACE(sConvert, "+", " ")
' next convert %hexdigits to the character
aSplit = Split(sOutput, "%")
If IsArray(aSplit) Then
sOutput = aSplit(0)
For I = 0 to UBound(aSplit) - 1
sOutput = sOutput & _
Chr("&H" & Left(aSplit(i + 1), 2)) &_
Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
Next
End If
URLDecode = sOutput
End Function
Server.HTMLEncode
This useful built-in function is very useful for encoding text that should be displayed in a form input. By "form input" we mean a web form control such as a text input, select or textarea control.
You may have noticed that certain characters cause the HTML on your web form to be interpretted incorrectly. Specifically, the HTML tag characters "<" and ">" can have this effect as well as the quote character (") which is used to encapsulate values.
<input type="text" value="<%= Server.HTMLEncode(sValue) %>">
<textarea name="sample" width=38 height=10>
<%= Server.HTMLEncode(sValue) %>
</textarea>
This simple value shows you how easy it is to safely include any value within a web form control.
HTMLDecode
Just like with the URLDecode function described previously, Microsoft, in its infinite wisdom decided not to include an HTMLDecode function with their Server component. It is a relatively simple matter to decode this test data (although I haven't had a need to do this so far.) For completeness sake, here is an HTMLDecode function you may use:
Function HTMLDecode(sText)
Dim I
sText = Replace(sText, """, Chr(34))
sText = Replace(sText, "<" , Chr(60))
sText = Replace(sText, ">" , Chr(62))
sText = Replace(sText, "&" , Chr(38))
sText = Replace(sText, " ", Chr(32))
For I = 1 to 255
sText = Replace(sText, "&#" & I & ";", Chr(I))
Next
HTMLDecode = sText
End Function
No comments:
Post a Comment