Hide a querystring or make querystring non editable in adress bar

Question

4.00/5 (1 vote)

See more:

how to make querystring non -editable or hide it but pass its value in next page?
i used
<td onclick="javascript:DoNav('<%#Eval("storeid")%>');return false;" >

my javascript goes here

 function DoNav(id)
{
       document.location.href = "View.aspx?id="+id;
}

to get bugid

In view.aspx.cs page to get id I used..
Convert.ToInt32(Request.QueryString["id"])
My problem is Querystring is editable in adress bar..in browser
as
http://../../View.aspx?id=1

How to remove it..
I used

C#

var testURL = "View.aspx?id="+id;
var newURL = testURL.match(new RegExp("[^?]+"))
document.location.href = newURL;

to remove querystring.. but on doing this i cannot get my querystring value in view.aspx.cs page..

Please help me to solve this problem
thanks in advance

Posted 15-May-11 18:50pm

maya-123

Updated 15-May-11 18:52pm

walterhevedeich

v2

Add a Solution

9 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Sandeep Mewara · Answer 1 · 2011-05-15T21:10:00

Solution 8

I see 7 answers here. I still propose something totally different and believe one of the best way to handle it.
Try URL Rewriting.

Read here: URL Rewriting with ASP.NET[^]
MSDN: URL Rewriting[^]
OR
Read about, In ASP.NET 4.0: URL Routing[^]

A discussion that would add on and help on the topic[^]

Posted 15-May-11 21:10pm

Sandeep Mewara

Comments

Albin Abel 17-May-11 6:28am

My 5,

Sandeep Mewara 17-May-11 9:45am

Thanks Albin.

Abhinav S · Answer 2 · 2011-05-15T18:52:00

Solution 1

AFAIK, this is one of the disadvantages of using query string. You cannot hide any values (nor make the address bar read only). The best you can do is to try and encrypt the query string parameters.

Posted 15-May-11 18:52pm

Abhinav S

walterhevedeich · Answer 3 · 2011-05-15T18:54:00

Solution 2

If you dont want the data shown, do not use querystring. Instead, use Session variables.[^]

Posted 15-May-11 18:54pm

walterhevedeich

sekharkaza · Answer 4 · 2011-05-15T18:56:00

Solution 3

You can encrypt your querystring ....

this http://devcity.net/articles/47/1/encrypt_querystring.aspx might help you.

Otherwise y dont u use sessions..

session["id"]=id.ToString();

Posted 15-May-11 18:56pm

sekharkaza

v2

prot0col · Answer 5 · 2011-05-15T19:02:00

Solution 4

If QueryString is not mandatory, you can send values in headers which cannot be seen by anyone.

Posted 15-May-11 19:02pm

prot0col

prot0col · Answer 6 · 2011-05-15T19:03:00

Solution 5

If Querystring is not mandatory, you can send values in headers which cannot be seen by anyone.

Posted 15-May-11 19:03pm

prot0col

Ra-one · Answer 7 · 2011-05-15T20:40:00

Querystrings are directly visible and can be easily editable.

If you are passing sensitive data then you can instead use session variable.

Session variables also comes with a cost of the performance as it is stored in inproc you should minimize the use of session variable as much as possible

You can also use headers so it can be send between the pages.

If you want to use the querystring only than encrypt it, but it will increase its size which are restricted in some old browser.

Another thing that you can do is URL Rewriting, which will give a custom URL which is also an SEO frienly one so you get the advantage of the Search Engine.

So the choice is yours..

Keep Googling...Enjoy Coding :)

Uday Kumar B R · Answer 8 · 2011-05-15T20:47:00

Solution 7

Hi if you want to develop Secure Website then you can use <b>Hidden fields </b> or <b>Session Variable</b> .You can Pass the values in Hidden fields in pages instead of using those values in Query String and you can read those values in Next page.

Posted 15-May-11 20:47pm

Uday Kumar B R

Updated 15-May-11 21:08pm

v3

Albin Abel · Answer 9 · 2011-05-17T00:33:00

If you are worrying on SEO, try Sandeep Mewara's solution.

if you are worrying about protection try protective methods.

One is here
Preventive Method for URL Request Forgery- An Example with ASP.NET MVC[^]

Though it is in MVC you can use the logic in asp.

Apart from that you can pass parameters across pages using sessions, personalization and cross page posting. Choice is yours depends on the situation