Home » Development » How to encrypt query strings in .NET (C#), Classic ASP (VBScript), and JavaScript

How to encrypt query strings in .NET (C#), Classic ASP (VBScript), and JavaScript

Sending variables via URLs can be very dangerous if some sensitive data needs to be transferred between your pages. You may want to encrypt your variables and their values. By using these simple encode/decode algorithms, you can hide your content from curious eyes.

C#

Decode:

public string Decode(string token)
{
	string functionReturnValue = "";
	int x = 0;
	int y = 0;
	string abfrom = "";
	string abto = "";

	for (x = 0; x <= 25; x++)
	{
		abfrom = abfrom + ((char)(65 + x)).ToString();
	}
	for (x = 0; x <= 25; x++)
	{
		abfrom = abfrom + ((char)(97 + x)).ToString();
	}
	for (x = 0; x <= 9; x++)
	{
		abfrom = abfrom + Convert.ToString(x);
	}

	abto = abfrom.Substring(16, abfrom.Length - 16) + abfrom.Substring(0, 16);
	for (x = 0; x < token.Length; x++)
	{
		y = abto.IndexOf(token.Substring(x, 1));
		if (y == 0)
		{
			functionReturnValue = functionReturnValue + token.Substring(x, 1);
		}
		else
		{
			functionReturnValue = functionReturnValue + abfrom.Substring(y, 1);
		}
	}

	return functionReturnValue;
}

Encode:

public string Encode(string username)
{
	string functionReturnValue = "";
	int x = 0;
	int y = 0;
	string abfrom = "";
	string abto = "";

	for (x = 0; x <= 25; x++)
	{
		abfrom = abfrom + ((char)(65 + x)).ToString();
	}
	for (x = 0; x <= 25; x++)
	{
		abfrom = abfrom + ((char)(97 + x)).ToString();
	}
	for (x = 0; x <= 9; x++)
	{
		abfrom = abfrom + Convert.ToString(x);
	}

	abto = abfrom.Substring(16, abfrom.Length - 16) + abfrom.Substring(0, 16);
	for (x = 0; x < username.Length; x++)
	{
		y = abfrom.IndexOf(username.Substring(x, 1));
		if (y < 0)
		{
			functionReturnValue = functionReturnValue + username.Substring(x, 1);
		}
		else
		{
			functionReturnValue = functionReturnValue + abto.Substring(y, 1);
		}
	}
	return functionReturnValue;
}

Example:

sField = Decode(Request.QueryString[0]);
response.Redirect("Nextpage.aspx?sParm=" + Encode(sData));

VBScript

Decode:

' USE: sField = Decode(request.querystring(encode("sParm")))

Function Decode(sIn)
    Dim x, y, abfrom, abto
    Decode = "" : abfrom = ""
    For x = 0 To 25 : abfrom = abfrom & Chr(65 + x) : Next
    For x = 0 To 25 : abfrom = abfrom & Chr(97 + x) : Next
    For x = 0 To 9 : abfrom = abfrom & CStr(x) : Next
    abto = Mid(abfrom, 17, Len(abfrom) - 16) & Left(abfrom, 16)
    For x = 1 To Len(sIn) : y = InStr(abto, Mid(sIn, x, 1))
        If y = 0 Then
            Decode = Decode & Mid(sIn, x, 1)
        Else
            Decode = Decode & Mid(abfrom, y, 1)
        End If
    Next
End Function

Encode:

' USE: location.href="nextpage.asp?" & encode("sParm=" & sData)

Function Encode(sIn)
    Response.Write "sIn: " & sIn
    Dim x, y, abfrom, abto
    Encode = "" : abfrom = ""
    For x = 0 To 25 : abfrom = abfrom & Chr(65 + x) : Next
    Response.Write "ABFrom 1: " & abfrom
    For x = 0 To 25 : abfrom = abfrom & Chr(97 + x) : Next
    Response.Write "ABFrom 2: " & abfrom
    For x = 0 To 9 : abfrom = abfrom & CStr(x) : Next
    Response.Write "ABFrom 3: " & abfrom
    abto = Mid(abfrom, 17, Len(abfrom) - 16) & Left(abfrom, 16)
    Response.Write "abto: " & abto
    For x = 1 To Len(sIn) : y = InStr(abfrom, Mid(sIn, x, 1))
        Response.Write "y: " & y
    If y = 0 Then
            Encode = Encode & Mid(sIn, x, 1)
        Else
            Encode = Encode & Mid(abto, y, 1)
        End If
    Next
    Response.Write "Encode: " & Encode
End Function

Example:

Response.Redirect ("targetPage.aspx?" & encode("productID=" & ArrID))
var productID= Decode(querystring(Encode('productID')));

JavaScript

Decode:

function Decode(sIn) {
    var x, y, abto;
    var Decode = ""; var ABFrom = "";
    for (var x = 0; x <= 25; x++) { ABFrom = ABFrom + String.fromCharCode(65 + x); }
    for (var x = 0; x <= 25; x++) { ABFrom = ABFrom + String.fromCharCode(97 + x); }
    for (var x = 0; x <= 9; x++) { ABFrom = ABFrom + x.toString(); }
    abto = ABFrom.toString().substring(16, ABFrom.length) + ABFrom.toString().substring(0, 16);
    for (x = 0; x < sIn.length; x++) {
        if (sIn.substring(x, x + 1) == "/") { Decode = Decode + "/"; }
        else {
            y = abto.toString().indexOf(sIn.substring(x, x + 1));
            if (y < 0) { Decode = Decode + sIn.substring(x, x + 1); }
            else { Decode = Decode + ABFrom.substring(y, y + 1); }
        }
    }
    return Decode;
}

Encode:

function Encode(sIn) {
    var x, y, abto;
    var Encode = ""; var ABFrom = "";
    for (var x = 0; x <= 25; x++) { ABFrom = ABFrom + String.fromCharCode(65 + x); }
    for (var x = 0; x <= 25; x++) { ABFrom = ABFrom + String.fromCharCode(97 + x); }
    for (var x = 0; x <= 9; x++) { ABFrom = ABFrom + x.toString(); }
    abto = ABFrom.toString().substring(16, ABFrom.length) + ABFrom.toString().substring(0, 16);
    for (x = 0; x < sIn.length; x++) {
        y = ABFrom.toString().indexOf(sIn.substring(x, x + 1));
        if (y < 0) { Encode = Encode + sIn.substring(x, x + 1); }
        else { Encode = Encode + abto.substring(y, y + 1); }
    }
    return Encode;
}

Example:

var productID = Decode(querystring(Encode('productID'))).toString();

Ned Sahin

Blogger for 20 years. Former Microsoft Engineer. Author of six books. I love creating helpful content and sharing with the world. Reach me out for any questions or feedback.

Leave a Comment