I have a string parameter I pass around using the querystring, I’ll call it:

Question

0

Asked: May 22, 20262026-05-22T22:20:01+00:00 2026-05-22T22:20:01+00:00

I have a string parameter I pass around using the querystring, I’ll call it:

0

I have a string parameter I pass around using the querystring, I’ll call it: Request.QueryString[“x”]. If i manually enter a URL like: mypage.aspx?x=co%3Csub%3E2, asp.net doesn’t have the chance to get its hands on the value before throwing an error. Is there a way to safely allow this value to be pulled down and validated using my own logic WITHOUT turning validateinput off?

The problem is that we have custom error pages which send me an e-mail when they’re hit. Bots pummel our site, and on occasion, I’ll come into work and have 500 e-mails from errors like this waiting in my inbox. I’d like to do my own validation and display my own error message on the page they’re trying to access.

Thanks!

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-22T22:20:02+00:00

Editorial Team

2026-05-22T22:20:02+00:00Added an answer on May 22, 2026 at 10:20 pm

I don’t think you can do that without turning validateinput off. Could you encode your querystring somehow so that ASP will validate it?

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a string parameter I pass around using the querystring, I’ll call it:

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply