url- querystring | need expert suggestion | Is it advisable/fare to add url link into db......

Question

0.00/5 (No votes)

See more:

Dear Champs!

Story: .... I have a search dialog form collects search param and calls master page to display information based on query string... Works well by passing values by querystring.

just wondering "what if" user tampers or plays with url parameters... page gives access to other info. in that case. example

http://localhost/octopus/shipmentinfo.aspx?actno=WJgtAbTGa3P%2bUBkYmJrHpA%3d%3d&doctype=OEX&brid=1018&jc=0&po=0&wb=0&inv=0

I'm thinking of writing these param or url string in database and get recId of it and send encrypted recID by query-string....! which looks like
http://www.gesksa.com/octopus/shipmentinfo.aspx?recID=WjgtAbTGa3P%

and in page_load master page - get recID deCrypt it and get URL from stored database... for secure take-off and landing....

IS THIS FARE IDEA OR EFFECTS THE PERFORMANCE...

Please I need expert suggestion.....
Thanks,

Posted 25-Jun-14 3:57am

athiq bari

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

DamithSL · Accepted Answer · 2014-06-25T04:21:00

Query string is one way is one way to pass data to a another page.[^]. you can try something like Session to pass data and it will not visible to user.
But any case you better to have validation for input data. for example check whether current logged in user has access to requested data or not and then display only if validation pass.