HTMLEncode / URLEncode

<html>

 <head>

  <title> URL encode </title>

 </head>

 <body>

   <h2><font color='blue'>Duraboys</font></h2><br>

  <%=Server.HTMLEncode("<h2><font color='blue'>Duraboys</font></h2>")%><p>

  <%=Server.HTMLEncode("<%=Server.ScriptTimeout%\>")%><p>

  <a href="duraboys_ok.asp?width=<%=Server.URLEncode("50%오십")%>">50%</a><p>

  <a href="duraboys_ok.asp?width=50%오십">50%</a>

   

 </body>

</html>

Server.URLEncode

Used for encoding data that will be passed via a querystring variable. A querystring variable is anything following the question mark (?) in the URL (location) field of your browser. You create querystring variables when you perform a redirect or build a hyperlink to another page on your site.

<a href="page2.asp?name=Joe+Schmoe">here</a>
<%
Response.Redirect "page2.asp?ID=3"
%>

In the example above, the hyperlink contains a variable named "name" which has a value of "Joe Schmoe" (the space is encoded as "+") In the Response.Redirect statement, we have a querystring variabled named "ID" with a value of 3. To perform a URL encode on a variable (for purposes of passing this variable to another page) use the following:

<a href="page2.asp?name=<%= Server.URLEncode(sName) %>">
here</a>
<%
Response.Redirect "page2.asp?ID=" &_
    Server.URLEncode(nID)
%>

URLDecode

For some reason, Microsoft did not include a URL decode function with Active Server Pages. Most likely, this was because the decoding of querystring variables is done automatically for you when you access the querystring object:

<%= Request.QueryString("name") %>
	

For those of you who are desperately in need of this function:

' -----------------------------------------
' URL decode to retrieve the original value

Function URLDecode(sConvert)
    Dim aSplit
    Dim sOutput
    Dim I
    If IsNull(sConvert) Then
       URLDecode = ""
       Exit Function
    End If
	
    ' convert all pluses to spaces
    sOutput = REPLACE(sConvert, "+", " ")
	
    ' next convert %hexdigits to the character
    aSplit = Split(sOutput, "%")
	
    If IsArray(aSplit) Then
      sOutput = aSplit(0)
      For I = 0 to UBound(aSplit) - 1
        sOutput = sOutput & _
          Chr("&H" & Left(aSplit(i + 1), 2)) &_
          Right(aSplit(i + 1), Len(aSplit(i + 1)) - 2)
      Next
    End If
	
    URLDecode = sOutput
End Function

Server.HTMLEncode

This useful built-in function is very useful for encoding text that should be displayed in a form input. By "form input" we mean a web form control such as a text input, select or textarea control.

You may have noticed that certain characters cause the HTML on your web form to be interpretted incorrectly. Specifically, the HTML tag characters "<" and ">" can have this effect as well as the quote character (") which is used to encapsulate values.

<input type="text" value="<%= Server.HTMLEncode(sValue) %>">

<textarea name="sample" width=38 height=10>
<%= Server.HTMLEncode(sValue) %>
</textarea>

This simple value shows you how easy it is to safely include any value within a web form control.

HTMLDecode

Just like with the URLDecode function described previously, Microsoft, in its infinite wisdom decided not to include an HTMLDecode function with their Server component. It is a relatively simple matter to decode this test data (although I haven't had a need to do this so far.) For completeness sake, here is an HTMLDecode function you may use:

Function HTMLDecode(sText)
    Dim I
    sText = Replace(sText, """, Chr(34))
    sText = Replace(sText, "<"  , Chr(60))
    sText = Replace(sText, ">"  , Chr(62))
    sText = Replace(sText, "&" , Chr(38))
    sText = Replace(sText, " ", Chr(32))
    For I = 1 to 255
        sText = Replace(sText, "&#" & I & ";", Chr(I))
    Next
    HTMLDecode = sText
End Function