Best way of send multiple parameters via querystring Asp .Net

Question

Hi, I have a question:

Which is the best way (in performance and security) to send multiple parameters to a web page (on a different server), considering that the length of the parameters may vary because I'm sending a list of products, and the customer may have selected more than one product, so we need to send each product on the querystring to the other page.

For example (I'm on C#); I want to call a web page like this:

• Simple Querystring: thepage.asp?Product=1&Name=Coffee&Value=1.99
• Json: thepage.asp?{"Product":"1","Name":"Coffee","Value":"1.99"}
• XML: thepage.aps?<xml><Products><product>1</product><name>Coffee</name><Value>1.99</Value></Products>

(Obviouly considering we can't send special characters via querystring, but I put them here for better understanding)

Which will be the better way (performance, security)?

Thanks in advance.

Answer 1

Hey,

I would use the simple querystring approach, which you could write a utility to convert the request.querystring collection into a format that works better for you (XML, JSON, Dictionary, etc.), IMHO.

HTH.

Answer 2

You need to keep in mind that there is a limit to how long your query string can be, depending on which browser your users use. IE6 has a limit of 2053 characters for example. I would suggest you come up with a method to keep your query string as short as possible to avoid hitting this limit.

As far as security goes, there really isn't any security if you are passing around information in a query string. Anyone can modify that information and then send it. If security is a major concern, you should look into encrypting the information before adding it to the query string, or find a different method for sending it altogether.

Answer 3

Based on your comment, you're limited to what the third-party site will accept - if all it will handle is query-strings, that's how you'll have to send it. If it will handle form posts, then you could look at submitting the information in the headers of a post, but that is going to take more work (you also haven't specified if you're building a WebRequest on the server side, or doing this through JavaScript on the client side).

All things considered, here are some general points:

1. There are various limits on the length of a query string (IE limits them to about 2083 characters, some servers or proxies may ignore parts over 1024 characters etc), while POST requests can be much larger.
2. If you are doing this client side, the user can see the query string parameters (which has the benefit that they can book mark them), while they can't (easily) see POST requests.
3. For greater security, if the third party server supports it, submit the request over SSL.
4. Special characters can easily be sent via the query string if you UrlEncode them first.

As to performance, it depends on the amount of processing you have to do to create the query strings over creating XML or JSON strings.

Answer 4

Come on what is the question asked ? which is the better way . no one answer proper here. all are telling about limitations. but not about the remedy to solve it . let say i want to pass 100 parameters generates dynamically all are in huge length , can i use here POST() then? I don't thinks so, just consider, what should the remedy then?? may be pass collection object as parameter.