URL Encode and Chr(0)

Results 1 to 5 of 5

Thread: URL Encode and Chr(0)

  1. #1
    Amir Kundalic Guest

    Default URL Encode and Chr(0)

    Does anybody knows how to handle chr(0) when you use server.URLEncode? Here is my problem: I encrypt each URL variable and then urlEncode it to get something like this: example t.asp?uid=%98%89%00%98&PSW=%90%88 … (I&#039M CREATING A LINK FROM VISUAL BASIC)... However, encryption sometimes returns chr(0), and it URL encode it as %00 (see above example). When I try to get the variable with request.queryString("uid"), it will ignore everything after %00, because chr(0) is null string pointer. I modified a small VB program (found on http://www.zocalo.net/~waters/dhtml/index.html ) to fix this problem, but if there is an easier solution, I would really appreciate it. Here is my fix, and if somebody can comment if this approach is good.<BR><BR>Public Function urlEncode(theData As String) As String<BR><BR> Dim c As Integer<BR> Dim ch As String<BR> Dim returnString As String<BR> Dim l As Long<BR> Dim i As Long<BR> <BR> l = Len(theData)<BR> For i = 1 To l<BR> &#039If i = l Then Stop<BR> c = Asc(Mid(theData, i))<BR> <BR> Select Case c<BR> Case 32<BR> ch = "+"<BR> Case 42, 45, 46, 48 To 57, 65 To 90, 95, 97 To 122<BR> ch = Chr(c)<BR> Case 0<BR> ch = " SomethingMeaningfulThatWillNotBeMatchedByRandomEnc ryption " &#039letters only, so we don&#039t have to encode it again<BR> Case Else<BR> ch = Hex(c)<BR> If Len(ch) = 1 Then<BR> ch = "0" & ch<BR> End If<BR> ch = "%" & ch<BR> End Select<BR> <BR> returnString = returnString & ch<BR> Next i<BR> urlEncode = returnString<BR>End Function<BR><BR>Then in asp page, when you get the variable with request.queryStiring, I had to use replace function like this:<BR><BR> varA = replace(request.queryString("variable"), "SomethingMeaningfulThatWillNotBeMatchedByRandomEn cryption", chr(0))<BR>to replace special case back with chr(0) so I can get the correct decrypted value.<BR><BR>Is there a better solution to this? And if there is not, this is a good case to point out for people who use encryption (if they have the same problem).<BR><BR>

  2. #2
    SteveC Guest

    Default RE: URL Encode and Chr(0)

    So you&#039re saying it works now? I found an article on 4 guys that seems to do something similar, you may want to check on that instead.<BR><BR>http://www.4guysfromrolla.com/webtech/110599-1.shtml

  3. #3
    Amir Kundalic Guest

    Default RE: URL Encode and Chr(0)

    I did try to use their encryption, but the result is the same. When I URL Encode chr(0), that&#039s where the problem is. Request.querystring will get the URL variable but it will ingore everything after chr(0) or %00 URL encoded. That&#039s why I had to create new function URLEncode.

  4. #4
    Shadao Shai Guest

    Default RE: URL Encode and Chr(0)

    Wait a second. if you used the encryption method described in that article than you could not end up with chr(0). It specifically states:<BR><BR>"Now take a closer look at the KeyGeN Function, the lowerbound and upperbound values are the &#039range&#039 of ASCII characters you&#039d like to use in the generation of the key."<BR><BR>The upperbound is set to 35(#) and the upper bound is 96 (&#039).<BR>So if you did use that than a Null character could not be generated. You would have to modify the lowerbound to be 0. BUT the problem is a null character cannot be part of a URL and there is no equivalent in the http URL RFP.<BR><BR>One suggestion would be to eliminate all characters that are out of range for a URL in the encryption alg you use.<BR><BR>hope this helps - Shai

  5. #5
    Amir Kundalic Guest

    Default Thanks for helping

    The problem was that I had to use existing encryption, and I had to find out a way around chr(0). So as I see, my first original solution is the best, at least in this case. I tried again this other encryption, and yes, you are right. No chr(0) But most of my values in Database are encrypted with existing encryption program, so for me at this point is not worth changing it.<BR>Thanks again...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts