How to: Retrieve query string information in an online ClickOnce application (如何:在線上 ClickOnce 應用程式中擷取查詢字串資訊)How to: Retrieve query string information in an online ClickOnce application

「查詢字串」 (query string) 是開頭為句號 (?) 之 URL 的部分,內含 name=value格式的任意資訊。The query string is the portion of a URL beginning with a question mark (?) that contains arbitrary information in the form name=value. 假設您有裝載於 ClickOnceClickOnce 且名為 WindowsApp1servername應用程式,而且想要在啟動應用程式時傳入變數 username 的值。Suppose you have a ClickOnceClickOnce application named WindowsApp1 that you host on servername, and you want to pass in a value for the variable username when the application launches. URL 可能如下所示:Your URL might look like the following:


下列兩個程序示範如何使用 ClickOnceClickOnce 應用程式來取得查詢字串資訊。The following two procedures show how to use a ClickOnceClickOnce application to obtain query string information.


如果正在使用 HTTP 啟動應用程式,而非使用檔案共用或本機檔案系統,則只能在查詢字串中傳遞資訊。You can only pass information in a query string when your application is being launched using HTTP, instead of using a file share or the local file system.

第一個程序示範 ClickOnceClickOnce 應用程式如何在啟動應用程式時,使用一小部分的程式碼來讀取這些值。The first procedure shows how your ClickOnceClickOnce application can use a small piece of code to read these values when the application launches.

下一個程序示範如何使用 MageUI.exe 設定 ClickOnceClickOnce 應用程式,以接受查詢字串參數。The next procedure shows how to configure your ClickOnceClickOnce application using MageUI.exe so that it can accept query string parameters. 只要發行應用程式,就需要執行這項作業。You will need to do this whenever you publish your application.


當您決定啟用這項功能之前,請參閱本主題後面的<安全性>一節。See the "Security" section later in this topic before you make a decision to enable this feature.

如需如何使用mage.exemageui.exe建立 ClickOnceClickOnce 部署的詳細資訊,請參閱逐步解說:手動部署 ClickOnce 應用程式For information about how to create a ClickOnceClickOnce deployment using Mage.exe or MageUI.exe, see Walkthrough: Manually deploy a ClickOnce application.


從 .NET Framework 3.5 SP1 開始,可以將命令列引數傳遞至離線 ClickOnceClickOnce 應用程式。Starting in .NET Framework 3.5 SP1, it is possible to pass command-line arguments to an offline ClickOnceClickOnce application. 如果您要提供應用程式的引數,則可以將參數傳入副檔名為 .APPREF-MS 的捷徑檔案。If you want to supply arguments to the application, you can pass in parameters to the shortcut file with the .APPREF-MS extension.

從 ClickOnce 應用程式取得查詢字串資訊To obtain query string information from a ClickOnce application

  1. 請在專案中放入下列程式碼。Place the following code in your project. 為了讓此程式碼能夠運作,您必須擁有 System.web 的參考,並新增 usingImports 指示詞,以供 system.web、System.web、Deployment 和 System.web 應用程式使用。In order for this code to function, you will have to have a reference to System.Web and add using or Imports directives for System.Web, System.Collections.Specialized, and System.Deployment.Application.

    private NameValueCollection GetQueryStringParameters()
        NameValueCollection nameValueTable = new NameValueCollection();
        if (ApplicationDeployment.IsNetworkDeployed)
            string queryString = ApplicationDeployment.CurrentDeployment.ActivationUri.Query;
            nameValueTable = HttpUtility.ParseQueryString(queryString);
        return (nameValueTable);
    Private Function GetQueryStringParameters() As NameValueCollection
        Dim NameValueTable As New NameValueCollection()
        If (ApplicationDeployment.IsNetworkDeployed) Then
            Dim QueryString As String = ApplicationDeployment.CurrentDeployment.ActivationUri.Query
            NameValueTable = HttpUtility.ParseQueryString(QueryString)
        End If
        GetQueryStringParameters = NameValueTable
    End Function
  2. 呼叫先前定義的函式,以擷取依名稱編製索引之查詢字串參數的 DictionaryCall the function defined previously to retrieve a Dictionary of the query string parameters, indexed by name.

使用 MageUI.exe 將查詢字串傳入 ClickOnce 應用程式To enable query string passing in a ClickOnce application with MageUI.exe

  1. 開啟 .NET 命令提示字元,並輸入:Open the .NET Command Prompt and type:

  2. 從 [檔案] 功能表中,選取 [開啟],然後開啟您 ClickOnceClickOnce 應用程式的部署資訊清單,這是 .application 擴充功能中的檔案結尾。From the File menu, select Open, and open the deployment manifest for your ClickOnceClickOnce application, which is the file ending in the .application extension.

  3. 選取左導覽視窗中的 [部署選項] 面板,然後選取 [允許傳遞 URL 參數至應用程式] 核取方塊。Select the Deployment Options panel in the left-hand navigation window, and select the Allow URL parameters to be passed to application check box.

  4. 從 [檔案] 功能表中,選取 [儲存]。From the File menu, select Save.


或者,您可以在 Visual StudioVisual Studio中啟用查詢字串傳遞。Alternately, you can enable query string passing in Visual StudioVisual Studio. 選取 [允許傳遞 URL 參數至應用程式] 核取方塊,藉由開啟 [專案屬性]、選取 [發行] 索引標籤、按一下 [選項] 按鈕,然後選取 [資訊清單]即可找到此核取方塊。Select the Allow URL parameters to be passed to application check box, which can be found by opening the Project Properties, selecting the Publish tab, clicking the Options button, and then selecting Manifests.

穩固程式設計Robust programming

當您使用查詢字串參數時,必須仔細考慮要如何安裝和啟用應用程式。When you use query string parameters, you must give careful consideration to how your application is installed and activated. 如果您的應用程式設定成從 Web 或網路共用安裝在使用者的電腦上,則使用者可能只會透過 URL 啟用應用程式一次。If your application is configured to install on the user's computer from the Web or from a network share, it is likely that the user will activate the application only once through the URL. 之後,使用者通常會使用 [開始] 功能表中的捷徑來啟用您的應用程式。After that, the user will usually activate your application using the shortcut in the Start menu. 因此,保證您的應用程式只會在其存留期間接收到查詢字串引數一次。As a result, your application is guaranteed to receive query string arguments only once during its lifetime. 如果您選擇將這些引數儲存在使用者的電腦上供日後使用,則必須負責以安全的方式儲存它們。If you choose to store these arguments on the user's machine for future use, you are responsible for storing them in a safe and secure manner.

如果您的應用程式只能在線上時使用,則一律會透過 URL 予以啟用。If your application is online only, it will always be activated through a URL. 不過,如果查詢字串參數遺失或損毀,則即使在此情況下,您的應用程式還是必須寫入才能正常運作。Even in this case, however, your application must be written to function properly if the query string parameters are missing or corrupted.

.NET Framework 安全性.NET Framework security

只有在使用之前想要清理任何惡意字元的輸入時,才允許將 URL 參數傳入 ClickOnceClickOnce 應用程式。Allow passing URL parameters to your ClickOnceClickOnce application only if you plan to cleanse the input of any malicious characters before using it. 例如,如果在資料庫的 SQL 查詢中未進行篩選,則內嵌引號、斜線或分號的字串可能會執行任意資料作業。A string embedded with quotes, slashes, or semicolons, for example, might perform arbitrary data operations if used unfiltered in a SQL query against a database. 如需查詢字串安全性的詳細資訊,請參閱 指令碼惡意探索概觀For more information on query string security, see Script exploits overview.

請參閱See also