The other day I was trying to pass an encoded version of
id=123 to a customer's search API. I tried
var result = HttpUtility.HtmlEncode("id=123");
but it returned
id=123. I stared at the screen, scratched my head, and jumped on Google.
A quick search reminded me that HtmlEncode is for escaping HTML, but it leaves everything else alone. So
var result = HttpUtility.HtmlEncode("<br/>");
<br/>. All the less thans and greater thans get escaped, but the rest is pretty much the same.
UrlEncode is for cases where you want to escape a URL, so
var result = HttpUtility.UrlEncode("id=123");
id%3d123, which is what I wanted in the first place. By comparison, if you UrlEncode the
<br/> tag, like
var result = HttpUtility.UrlEncode("<br/>");
you'll get back
%3cbr%2f%3e. It's encoding the less than, the slash, and the greater than, but it's encoding them with URL-type escapes instead of HTML-style ones.
I guess it's been a while since I paid attention to encoding. Not all encoding methods are equal in the ASP.NET framework, so be careful which one you use.