Tech Off Thread

15 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Passing a query string with ampersands to ImageURL property...

Back to Forum: Tech Off
  • User profile image
    qwert231

    I have code that returns a string. Here it is:

    Return "thumb.aspx?Order=" & CType(Me.imageOrderNum, String).PadLeft(6, "0") & "&Roll=" & CType(subjRow("Roll"), String).Trim & _
    "&Frame=" & CType(subjRow("Frame"), String).Trim & "&BW=" & Me.BW
    Else
    Return
    "thumb.aspx?Path=" & Me.folder & "\" & Me.lbSubj.SelectedItem.Text & "&Size=" & Me.hdnSize.Value & "&BW=" & Me.BW

    However, it returns this string:
    "thumb.aspx?Order=666666&Roll=001&Frame=DSCF0241&BW=False"


    I can't have my query string with &

    That's very unacceptable.

    Edit: The Return string get's applied to an ASP.Net Image like this:

    Img1.ImageUrl = imagePath(subj)

  • User profile image
    Manip

    The output you've provided does not match the input... So there is something seriously wrong with that application.

  • User profile image
    Tensor

    qwert231 wrote:
    I have code that returns a string. Here it is:

    Return "thumb.aspx?Path=" & Me.folder & "\" & Me.lbSubj.SelectedItem.Text & "&Size=" & Me.hdnSize.Value & "&BW=" & Me.BW

    However, it returns this string:
    "thumb.aspx?Order=666666&Roll=001&Frame=DSCF0241&BW=False"


    I can't have my query string with &

    That's very unacceptable.

    Edit: The Return string get's applied to an ASP.Net Image like this:

    Img1.ImageUrl = imagePath(subj)



    well, its not simple string concatination that isdoign that. Perhaps you are passign that string in to some object which is parsing the string?

    Anyway - lots of &. Try and steer clear of using & for joining strings as it is unperformant when you get lots of strings. Either use a stringbuilder or string.format. You could consider replacing all that above with;

    Return string.format("thumb.aspx?Path={0}\{1}&Size={2}&BW={3}", Me.folder, Me.lbSubj.SelectedItem.Text, Me.hdnSize.Value, Me.BW)

    You could then factor out the string as a constant, or something you get from a config file or database or somthing.

  • User profile image
    Manip

    Good advise... Use a StringBuilder instead... Not just because it might fix whatever is wrong but its also good practise with a string that long.

    By the way sometimes StringBuilder / Format (they are both StringBuilder: String.Format() calls StringBuilder.AppendFormat()) isn't any faster than String + String, depends on what your doing. So I suggest testing different implementations.... Don't just assume anything.

  • User profile image
    qwert231

    Well, I'm applying the string to:
    Img1.ImageURL =

    (Img1 is an ASP.Net Image control.)

    The thing is, the same code, in .Net 1.1 worked.

    I'm trying the string.format way. (I like the look of it.)

    I really think it is the ImageURL property of the Image control that's funking it up.

  • User profile image
    qwert231

    Yep, it's passing the string to ImageURL that changes all the & into &.

    Very bogus...

    How do I pass a querystring to an Image control ImageURL property.

    (Side note: The URL/URI I'm passing to it points to an .aspx page. This .aspx page returns Response.ContentType = "image/Jpeg")

  • User profile image
    Sven Groot

    qwert231 wrote:
    Yep, it's passing the string to ImageURL that changes all the & into &.

    That's the correct behaviour. All & characters in an HTML page must be escaped to &, even those in a URL. This is defined in the HTML standard.

    Nowadays very few browsers have a problem if you don't do it, but iirc in IE3 the URL would not work if you didn't escape your ampersands.

    EDIT: If the <img> element on the page isn't showing the image, this has some other cause. The escaped ampersands aren't the problem.

  • User profile image
    qwert231

    >>>EDIT: If the <img> element on the page isn't showing the image, this has some other cause. The escaped ampersands aren't the problem.

    YES IT IS!!!! THE ESCAPED AMPERSANDS ARE THE PROBLEM!!!

    I am passing a url to the Image object. (Not HTML img, but an ASP.Net Image control)

    The URL takes various parameters. Thus my url NEEDS TO LOOK LIKE THIS:
    thump.aspx?Order=666666&Roll=001&Frame=DSCF0241&BW=False

    NOT:
    thumb.aspx?Order=666666&amp;Roll=001&amp;Frame=DSCF0241&amp;BW=False


    If you have a normal web page that takes parameters from the URL/querystring, and you tried to pass it escaped ampersands it would fail!!!

  • User profile image
    Sven Groot

    qwert231 wrote:
    >>>EDIT: If the <img> element on the page isn't showing the image, this has some other cause. The escaped ampersands aren't the problem.

    YES IT IS!!!! THE ESCAPED AMPERSANDS ARE THE PROBLEM!!!

    NO THEY AREN'T!!!

    No reason to start shouting. Tongue Out

    qwert231 wrote:
    I am passing a url to the Image object. (Not HTML img, but an ASP.Net Image control)

    No difference, it just becomes an <img> on the client side.

    qwert231 wrote:
    The URL takes various parameters. Thus my url NEEDS TO LOOK LIKE THIS:
    thump.aspx?Order=666666&Roll=001&Frame=DSCF0241&BW=False

    NOT:
    thumb.aspx?Order=666666&amp;Roll=001&amp;Frame=DSCF0241&amp;BW=False

    If you have a normal web page that takes parameters from the URL/querystring, and you tried to pass it escaped ampersands it would fail!!!

    There's a fundamental difference between the actual URL and it's escaped form in terms of how they're used. The HTML standard says that & always marks the beginning of an escape sequence so if you want an actual & in your HTML you must use &amp;. This also goes for attribute values and thus URLs.

    The browser will see the escaped string, and unescape it before using it to make a request for the image.

    Now if your URL in the HTML looks like &amp;amp;, then you have a problem. Could you post the relevant portion of the generated HTML?

  • User profile image
    qwert231

    This is how .Net 2.0 returns it to the client (and it does NOT work):
    <img id="_ctl0_ContentPlaceHolder1_imgCtrl_Img1" src="thumb.aspx?Order=666666&amp;Roll=001&amp;Frame=DSCF0241&amp;BW=False" alt="Click to Clear Image" style="border-color:Black;border-width:1px;border-style:Solid;" />

    Whatever the case... In .Net 1.1 this would come out like this (and it did work):
    <img id="_ctl0_ContentPlaceHolder1_imgCtrl_Img1" src="thumb.aspx?Order=666666&Roll=001&Frame=DSCF0241&BW=False" alt="Click to Clear Image" style="border-color:Black;border-width:1px;border-style:Solid;" />

    That's the HTML source. I don't want the user to see the source, just the image, of course.

  • User profile image
    Sven Groot

    I stand by my claim. .Net 1.1's behaviour was wrong (run it through the w3c validator and you'll see it complains about the &'s not being escaped), .Net 2.0's behaviour is correct. In any modern browser, both should work. Why it doesn't work in this case I don't know, but it isn't the escaping that's the cause.

  • User profile image
    Maurits

    CGI URLs are of the form page?name1=value1&name2=value2

    Note that & is literally & and not &amp;

    So when you are testing your URL by typing into the address bar of your browser, you'll need to type & and not &amp;

    HOWEVER...

    HTML spellings of URLs DO NEED &amp;

    This applies to all of the following locations, and others:

    <img src="page?name1=value1&amp;name2=value2">
    <a href="page?name1=value1&amp;name2=value2">
    <link rel="stylesheet" href="page?name1=value1&amp;name2=value2">

    In embedded javascript, it gets a little hazy... especially if comment protection is used.

    The moral is that you can not typically just copy/paste from the src attribute into your browser bar... you have to decode the HTML.

  • User profile image
    csharp1171

    Couldn't you use Server.UrlEncode() and Server.UrlDecode()? 

    For example in the method that returns the string:
    return Server.UrlEncode(somestring);

    and then for the ImageUrl:
    Img1.ImageUrl = Server.UrlDecode(MyMethod());

  • User profile image
    Shark_M

    why not simply replace the bit you dont want in your string with String.Empty?

  • User profile image
    Maurits

    csharp1171 wrote:
    Couldn't you use Server.UrlEncode() and Server.UrlDecode()?


    Alas, UrlEncode and UrlDecode are misnamed.

    They're for encoding things to put into the name1 and value1 bits of the URLs I posted above.

    For example:

    search?product=foo&formula=bar

    this works well for

    search?product=blenders&formula=gaussian

    but not so well for

    search?product=b&w tvs&formula=2+2=4

    The UrlEncode takes Url-significant characters and escapes them in %xx fashion:

    search?product=b%26w%20tvs&formula=2%2B2%3D4

    Note that UrlEncoding removes HTML-significant characters... so HtmlEncode(UrlEncode(foo)) = UrlEncode(foo) as an identity.

    EDIT: to be perfectly forthcoming, b&w tvs maps to b%26w+tvs... I consider this a flaw, though technically not a bug.

    Yes, this is compliant with HTTP URLs.  But it's not compliant with any other URI (mailto:, for example.)  I recommend sticking with %20 rather than messing with +.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.