I searched SO and found similar questions, but none compared all three. That surprised me, so if someone knows of one, please point me to it.
There are a number of different ways to parse the query string of a request... the "correct" way (IMO) should handle null/missing values, but also decode parameter values as appropriate. Which of the following would be the best way to do both?
Method 1
string suffix = Request.QueryString.Get("suffix") ?? "DefaultSuffix";
Method2
string suffix = Request.QueryString["suffix"] ?? "DefaultSuffix";
Method 3
NameValueCollection params = HttpUtility.ParseQueryString(Request.RawUrl);
string suffix = params.Get("suffix") ?? "DefaultSuffix";
Method 4
NameValueCollection params = HttpUtility.ParseQueryString(Request.RawUrl);
string suffix = params["suffix"] ?? "DefaultSuffix";
Questions:
Would
Request.QueryString["suffix"]
return a null if no suffix was specified? (Embarrassingly basic question, I know)Does
HttpUtility.ParseQueryString()
provide any extra functionality over accessingRequest.QueryString
directly?The MSDN documentation lists this warning:
The ParseQueryString method uses query strings that might contain user input, which is a potential security threat. By default, ASP.NET Web pages validate that user input does not include script or HTML elements. For more information, see Script Exploits Overview.
But it's not clear to me if that meansParseQueryString()
should be used to handle that, or is exposed to security flaws because of it... Which is it?ParseQueryString()
uses UTF8 encoding by default... do all browsers encode the query string in UTF8 by default?ParseQueryString()
will comma-separate values if more than one is specified... doesRequest.QueryString()
do that as well, or what happens if it doesn't?Which of those methods would correctly decode "%2b" to be a "+"?
Showing my Windows development roots again... and I would be a much faster developer if I didn't wonder about these things so much... : P