Are you talking about passing multiple parameters in a query string? If you are, all you need to do is append them to the query string using the format
&key=value
Okay, that seems straightforward enough, but is it enough? Well no - the important thing to understand is that the query string is part of the URL, so this means that you need to encode your values (and not use invalid keys). .NET provides the handy
HttpUtility.UrlEncode which you should use on the values to ensure that they are suitable for passing across - don't forget to decode them at the receiving end with
HttpUtility.UrlDecode.
The question is, should you really use query strings? A query string represents a point of attack against your system. By this I mean that it is another area that "hackers" can use to target your website looking for vulnerabilities, and loopholes to exploit. There are several famous query string attacks*, so you really need to think long and hard about whether this is the appropriate mechanism for you, or whether you would be better using alternate mechanisms such as session values to operate your site. I can't answer this for you - only you know your requirements so you are best placed to judge whether or not it's appropriate.
*a couple of the vulnerabilities include: buffer overflow attacks, code injection.
Submit an article or tip