[英]call request.querystring inside javascript function
how to call Request.QueryString inside javascript function and i am using asp.net and C# 如何在javascript函数中调用Request.QueryString,我正在使用asp.net和C#
var str=<%=Request.quesryString("val")%>
but it is giving me error 但它给了我错误
If this javascript code is inline in your webform the correct way is to use a javascript serializer
: 如果此javascript代码在您的webform中内联,则正确的方法是使用
javascript serializer
:
<script type="text/javascript">
var str = <%= new JavaScriptSerializer().Serialize(Request.QueryString["val"]) %>;
alert(str);
</script>
Never do the following, it's completely unsafe and your site vulnerable to XSS injection attacks: 从不执行以下操作,它完全不安全,并且您的站点容易受到XSS注入攻击:
<script type="text/javascript">
var str = '<%= Request.QueryString["val"] %>';
alert(str);
</script>
You can do it with JavaScript directly. 您可以直接使用JavaScript来完成。
With window.location.search
you get full queryString like ?item1=val1&item2=val2
使用
window.location.search
您可以获得完整的queryString,例如?item1=val1&item2=val2
You can get querystring using some like 您可以使用类似的方式获取查询字符串
window.location.search.substr(1)
window.location.search.substr(1)
and use .split('&')
or substring function to get value of de 'val' key or another 并使用
.split('&')
或substring函数来获取de'val'键或其他值
You can actually write a function in javascript and pass the query string as parameter from the code behind. 您实际上可以在javascript中编写函数,并将查询字符串作为参数传递给后面的代码。 For example I have this textbox I want to set the value to the query
例如,我有这个文本框我想设置查询的值
function searchTerm(text) {
document.getElementById('txtSearch').value = text;
}
So in my code I use ScriptManager to call the javascript function and pass the query that way 所以在我的代码中我使用ScriptManager来调用javascript函数并以这种方式传递查询
ScriptManager.RegisterStartupScript(Page, typeof(Page), "", "searchTerm('" + Request.QueryString["id"].ToString() + "')", true);
Leveraging the theme of security in requests in ASP NET... 在ASP NET中利用请求中的安全主题......
You can also use JavaScriptStringEncode() or the AntiXSS library to prevent XSS in your website. 您还可以使用JavaScriptStringEncode()或AntiXSS库来阻止您网站中的XSS。
You are doing it wrong use this code to get the QueryString value because it isn't just giving you a Query String in JavaScript it will convert this into an object so use $.each function to retrieve the value of Query String 你错误地使用这段代码来获取QueryString值,因为它不只是在JavaScript中给你一个Query String它会将它转换成一个对象所以使用$ .each函数来检索Query String的值
let id = $(<%= Request.QueryString["id"] %>);
id.each((index, value) => {
console.log(value);
})
It will return you a value of your Query String Thanks 它会返回一个Query String的值谢谢
use this: 用这个:
var urlParams = new URLSearchParams(window.location.search);
var urlParams = new URLSearchParams(window.location.search);
console.log(urlParams.has('someValue'));
的console.log(urlParams.has( 'someValue中')); // true
//真的
console.log(urlParams.get('someValue'));
的console.log(urlParams.get( 'someValue中')); // "value"
//“价值”
it's key sensitive 这是关键敏感的
Short answer: You can't. 简答:你做不到。 The code in the
<%= %>
block is evaluated on the server side, the JavaScript code is evaluated on the client side. 在服务器端评估
<%= %>
块中的代码,在客户端评估JavaScript代码。
Long answer: You CAN use inline C# code to generate JavaScript code, which sometimes does make sense. 答案很长:您可以使用内联C#代码生成JavaScript代码,这有时确实有意义。 But this is not the same thing as calling C# code from a JavaScipt function.
但这与从JavaScipt函数调用C#代码不同。 Of course you can only do this in .aspx / .cshtml etc. files, not in .js files, because those are only treated as content and not parsed by ASP.NET.
当然,您只能在.aspx / .cshtml等文件中执行此操作,而不能在.js文件中执行此操作,因为这些文件仅被视为内容而不是由ASP.NET解析。
[EDIT] In your situation there is no need to bother anyway, because you can get the query string through JS anyway, see How can I get query string values in JavaScript? [编辑]在你的情况下无论如何都没有必要打扰,因为无论如何你都可以通过JS 获取查询字符串 ,请参阅如何在JavaScript中获取查询字符串值?
[EDIT2]: Of course the other answer about the JavaScriptSerializer is absoultely correct concerning safety. [EDIT2]:当然关于JavaScriptSerializer的另一个答案在安全方面是绝对正确的。 If you use the Razor view engine, things get a lot easier and safer because it escapes strings by default.
如果你使用Razor视图引擎,事情会变得更容易和更安全,因为它默认情况下会转义字符串。 But like I said, in the concrete case, there's no need to bother either way.
但就像我说的那样,在具体情况下,没有必要打扰任何一种方式。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.