ASP.NET: Using Request["param"] versus using Request.QueryString["param"] or Request.Form["param"]

Question

When accessing a form or query string value from code-behind in ASP.NET, what are the pros and cons of using, say:

// short way
string p = Request["param"];

instead of:

// long way
string p = Request.QueryString["param"]; // if it's in the query string or
string p = Request.Form["param"];        // for posted form values

I've thought about this many times, and come up with:

Short way:

• Shorter (more readable, easier for newbies to remember, etc)

Long way:

• No problems if there are a form value and query string value with same name (though that's not usually an issue)
• Someone reading the code later knows whether to look in URLs or form elements to find the source of the data (probably the most important point)

.

So what other advantages/disadvantages are there to each approach?

Answer 1

The long way is better because:

• It makes it easier (when reading the code later) to find where the value is coming from (improving readability)

• It's marginally faster (though this usually isn't significant, and only applies to first access)

In ASP.NET (as well as the equivalent concept in PHP), I always use what you are calling the "long form." I do so out of the principle that I want to know exactly from where my input values are coming, so that I am ensuring that they get to my application the way I expect. So, it's for input validation and security that I prefer the longer way. Plus, as you suggest, I think the maintainability is worth a few extra keystrokes.

Answer 2

the param collection includes all (4) collections:

1. Query-string parameters
2. Form fields
3. Cookies
4. Server variables

you can debate that searching in the combined collection is slower than looking into a specific one, but it is negligible to make a difference