I am at a loss. I have spent a few days trying to solve this. I want to encode my querystring like this:
string encode = HttpUtility.UrlEncode(TextBoxSearch.Text);
Response.Redirect("/Find/" + encode);However, when I enter a space in the search (that turns in to the querystring) I get the error in the title, a sort of 404 error.
From: localhost/Find/My search to: localhost/Find/My+search
So I tried setting
<security><requestFiltering allowDoubleEscaping="true" /></security>
And that solved that, but I also read everywhere that it really messes up my security and makes me vournarable to injections. Is this really the only way to encode? it seems whatever I do IIS will not accept my encoded URL without setting this in the web.config.
What can I do? Should I just not encode and hope that the browser will handle it? that feels wrong.