URL Query String Values
Query Strings are the extra data that follow a question mark on a URL, and are always sent to the server as part of the request. This example (http://www.delmarit.com?PayType=Discover) contains the query string "PayType=Discover", which contains a param=value pair. Multiple parameters can be passed in a single query string by separating the param=value pairs with ampersands (&). This example (http://www.delmarit.com?PayType=Discover&Part=253070704&Qty=2) contains the query string "PayType=Discover&Part=253070704&Qty=2", which in turn contains three parameters: "PayType=Discover", "Part=253070704", and "Qty=2". Retrieving the contents of a query string is easily accomplished using the ASP Request object's QueryString collection property. For example:
PayType = Request.QueryString("PayType") PartNbr = Request.QueryString("Part") Quantity = Request.QueryString("Qty")
Note that to pass special characters (that is, spaces, =, &, punctuation characters, non-ASCII characters, and so on) as parameter values, they must first be URLEncoded using the ASP Server object's URLEncode method. URLEncode basically changes each special character to a percent (%) followed by the hexadecimal version of the character's ASCII value. For example, an ampersand (&) gets changed to %26.
If you use the query string technique to save user state information, you have mostly the same advantages and disadvantages of using hidden HTML form fields:
It doesn't rely on cookies.
The user can't disable it.
It results in increased transmission times.
The application must dynamically alter the HTML code sent to the browser to include the state information.
It's even easier for the user to tamper with the state information because it's on the address bar of the browser.
Additionally, query strings are limited to about 2KB of text, so the amount of state data you can save using this technique is limited.