Use of % as wildcard messing up my QueryString

I have an aspx page with a text box. My user enters text to search for
and presses a button; the text is passed via a QueryString to another
aspx page and used in a SQL search. The wildcard character is a percent
sign.

This works great if I place the % at the end of a search string, but I'm
getting peculiar errors if I start the search string with the wildcard
character. My search string seems to be altered at the front, and I
can't figure out a pattern.

The passed string looks fine in the address bar. For instance, if I
enter "%500", the address bar on the destination page looks like this:

"http://localhost/Results.aspx?QueryString=(SerialNumber%20L IKE%20'%500');"

But the destination page sees the string " %500 " as " 'P0' " (without
the outside quotes). As I said, if I use the % at the end of the string,
everything works fine.

I'd be happy to post my code, but I'm guessing that anyone who knows why
this is happening will be able to tell me without it. I'm also guessing
that this has something to do with the percent signs that ASP uses to
pass strings with spaces, but I can't figure out what to do about it.

As usual, thanks so much for any help.

Re: Use of % as wildcard messing up my QueryString

There's a good reason, the % is reserved for another purpose and it's not
reserved by ASP, it's actually part of the URL specification. Nothing to do
with Microsoft, but the engineering committees that set the standards for
handling URL's. For example, %20 is a the code for a space in a URL as
you've noticed, but there are lots of others (unfortunately I can't find my
link to their definitions). Try using the Server.UrlEncode method to get a
safe string that you can then pass into the querystring and on the other end
use the Server.UrlDecode method to get the data back out like so: string
query = Server.UrlDecode(Request.QueryString["QueryString"]);

You have to pay careful attention to what you put into a querystring because
a lot of things are not allowed.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression

"Arch Stanton" wrote in message
news:LsmdnaleyM1siZDVnZ2dnUVZ_q-jnZ2d@comcast.com...
>I have an aspx page with a text box. My user enters text to search for and
>presses a button; the text is passed via a QueryString to another aspx page
>and used in a SQL search. The wildcard character is a percent sign.
>
> This works great if I place the % at the end of a search string, but I'm
> getting peculiar errors if I start the search string with the wildcard
> character. My search string seems to be altered at the front, and I can't
> figure out a pattern.
>
> The passed string looks fine in the address bar. For instance, if I enter
> "%500", the address bar on the destination page looks like this:
>
> "http://localhost/Results.aspx?QueryString=(SerialNumber%20L IKE%20'%500');"
>
> But the destination page sees the string " %500 " as " 'P0' " (without the
> outside quotes). As I said, if I use the % at the end of the string,
> everything works fine.
>
> I'd be happy to post my code, but I'm guessing that anyone who knows why
> this is happening will be able to tell me without it. I'm also guessing
> that this has something to do with the percent signs that ASP uses to pass
> strings with spaces, but I can't figure out what to do about it.
>
> As usual, thanks so much for any help.

Re: Use of % as wildcard messing up my QueryString

Helps a whole bunch. Thanks, Mark.

Fitzpatrick wrote:
> There's a good reason, the % is reserved for another purpose and it's
> not reserved by ASP, it's actually part of the URL specification.
> Nothing to do with Microsoft, but the engineering committees that set
> the standards for handling URL's. For example, %20 is a the code for a
> space in a URL as you've noticed, but there are lots of others
> (unfortunately I can't find my link to their definitions). Try using the
> Server.UrlEncode method to get a safe string that you can then pass into
> the querystring and on the other end use the Server.UrlDecode method to
> get the data back out like so: string query =
> Server.UrlDecode(Request.QueryString["QueryString"]);
>
> You have to pay careful attention to what you put into a querystring
> because a lot of things are not allowed.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP - Expression
>
> "Arch Stanton" wrote in message
> news:LsmdnaleyM1siZDVnZ2dnUVZ_q-jnZ2d@comcast.com...
>> I have an aspx page with a text box. My user enters text to search for
>> and presses a button; the text is passed via a QueryString to another
>> aspx page and used in a SQL search. The wildcard character is a
>> percent sign.
>>
>> This works great if I place the % at the end of a search string, but
>> I'm getting peculiar errors if I start the search string with the
>> wildcard character. My search string seems to be altered at the front,
>> and I can't figure out a pattern.
>>
>> The passed string looks fine in the address bar. For instance, if I
>> enter "%500", the address bar on the destination page looks like this:
>>
>> "http://localhost/Results.aspx?QueryString=(SerialNumber%20L IKE%20'%500');"
>>
>>
>> But the destination page sees the string " %500 " as " 'P0' " (without
>> the outside quotes). As I said, if I use the % at the end of the
>> string, everything works fine.
>>
>> I'd be happy to post my code, but I'm guessing that anyone who knows
>> why this is happening will be able to tell me without it. I'm also
>> guessing that this has something to do with the percent signs that ASP
>> uses to pass strings with spaces, but I can't figure out what to do
>> about it.
>>
>> As usual, thanks so much for any help.
>