Form Validation Redux

Re: Form Validation Redux

VBScript on the client, only works in IE....as far as I know.

For the second thingy, I will often post to the same page.....

Example.asp

<%
Dim sUser
Dim sPass

sUser=Request.F orm("user")
sPass=Request.F orm("pass")
'VALIDATION CODE HERE.......

%>

<form method=post action=Example. asp>
Username:<input name="user" value="<%=sUser %>"><br>
Password:<input name="pass" value="<%=sPass %>"><br>
<input type=submit value="submit">
</form>


Note that the action is set to Example.asp the same name as the current
page.


"r0adhog" <roadhog@nospam .phreaker.net> wrote in message
news:%23dL5u3nP EHA.1392@TK2MSF TNGP09.phx.gbl. ..[color=blue]
> First off wanted to that all that replied to my previous questions, you[/color]
were[color=blue]
> much help.
>
> Had a couple of general questions.
>
> Why has everyone suggested not using VB Script on the Client Side?
>
> Secondly, I have decided to do my validation on the processing page.
> If a field on the form does not meet the validation rules, I am able to
> redirect back to the sending page. How do I do this so that the sending
> page retains the values that the Client had previously put in so that he
> only
> needs to correct the fields that are not valid?
>
> Thanks for helping out the nuuubeeeee.....
>
> rh
>
>[/color]

Re: Form Validation Redux


"r0adhog" <roadhog@nospam .phreaker.net> wrote in message
news:%23dL5u3nP EHA.1392@TK2MSF TNGP09.phx.gbl. ..[color=blue]
>
> Why has everyone suggested not using VB Script on the Client Side?[/color]

Because Internet Explorer is the only browser that supports it. Even if
you're working on an intranet and you know that all your visitors are using
IE, it's still highly ill-advised to use VBS. One day your intranet will
become an extranet, and then you'll have to recode it all. If you don't
know javascript, bite the bullet and learn enough to get by with what you
have to do.

[color=blue]
> Secondly, I have decided to do my validation on the processing page.
> If a field on the form does not meet the validation rules, I am able to
> redirect back to the sending page. How do I do this so that the sending
> page retains the values that the Client had previously put in so that he
> only
> needs to correct the fields that are not valid?[/color]

There are a number of ways. One is to post the form to the same page that
it's on.

form.asp:

<%
If request.serverV ariables("REQUE ST_METHOD") = "POST" Then
'''do your thing
End If
%>

<form method="post" action="form.as p">
<input name="txtName"
value="<%=Serve r.HTMLEncode(Re quest.Form("txt Name"))%>" type="text" />
</form>

If the form is being loaded for the first time, REquest.Form("t xtName") will
be empty, so you'll have an empty value. If the form has been submitted and
you're redisplaying it because of failed validation, anything the user had
previously entered in that textbox will be pulled from the form collection
and displayed in it.


If you don't want to post to the same page, you can set the values in
session variables and pull from them. The first method is easier, but then
you wind up having pages that can't be refreshed without the "Warning. By
refreshing this page, any data you submitted will be sent again..." or
whatever that browser warning is.

Ray at work

Re: Form Validation Redux

Thanks again folks!

rh

"r0adhog" <roadhog@nospam .phreaker.net> wrote in message
news:%23dL5u3nP EHA.1392@TK2MSF TNGP09.phx.gbl. ..[color=blue]
> First off wanted to that all that replied to my previous questions, you[/color]
were[color=blue]
> much help.
>
> Had a couple of general questions.
>
> Why has everyone suggested not using VB Script on the Client Side?
>
> Secondly, I have decided to do my validation on the processing page.
> If a field on the form does not meet the validation rules, I am able to
> redirect back to the sending page. How do I do this so that the sending
> page retains the values that the Client had previously put in so that he
> only
> needs to correct the fields that are not valid?
>
> Thanks for helping out the nuuubeeeee.....
>
> rh
>
>[/color]

Re: Form Validation Redux

"r0adhog" wrote in message news:%23dL5u3nP EHA.1392@TK2MSF TNGP09.phx.gbl. ..
: Secondly, I have decided to do my validation on the processing page.
: If a field on the form does not meet the validation rules, I am able to
: redirect back to the sending page. How do I do this so that the sending
: page retains the values that the Client had previously put in so that he
: only needs to correct the fields that are not valid?

I prefer to use client-side validation, no matter where I post to (same page
or different page). Unless you need information from the server, there's no
need to make that trip.

-- mypage.asp --

<script type="text/javascript">
function validate() {
var ename=document. getElementById( "iname");
if(!ename.value ) {
alert("Please enter your name");
ename.focus();
return false;
} else {

document.myform .action="<%=Req uest.ServerVari ables("SCRIPT_N AME")%>";
document.myform .submit();
}
}
</script>

<form name="myform" method="post" onsubmit="retur n validate()">
What is your name?<br />
<input type="text" id="iname" name="iname" value="" /><br />
<input type="submit" value="Submit" />
</form>

HTH...

Re: Form Validation Redux

You should always do both, it's easy to spoof a form. Also, not all clients
support javascript.


"Roland Hall" <nobody@nowhere > wrote in message
news:utS4fwpPEH A.3012@TK2MSFTN GP09.phx.gbl...[color=blue]
> "r0adhog" wrote in message news:%23dL5u3nP EHA.1392@TK2MSF TNGP09.phx.gbl. ..
> : Secondly, I have decided to do my validation on the processing page.
> : If a field on the form does not meet the validation rules, I am able to
> : redirect back to the sending page. How do I do this so that the sending
> : page retains the values that the Client had previously put in so that he
> : only needs to correct the fields that are not valid?
>
> I prefer to use client-side validation, no matter where I post to (same[/color]
page[color=blue]
> or different page). Unless you need information from the server, there's[/color]
no[color=blue]
> need to make that trip.
>
> -- mypage.asp --
>
> <script type="text/javascript">
> function validate() {
> var ename=document. getElementById( "iname");
> if(!ename.value ) {
> alert("Please enter your name");
> ename.focus();
> return false;
> } else {
>
> document.myform .action="<%=Req uest.ServerVari ables("SCRIPT_N AME")%>";
> document.myform .submit();
> }
> }
> </script>
>
> <form name="myform" method="post" onsubmit="retur n validate()">
> What is your name?<br />
> <input type="text" id="iname" name="iname" value="" /><br />
> <input type="submit" value="Submit" />
> </form>
>
> HTH...
>
>[/color]

Re: Form Validation Redux

TomB wrote:[color=blue]
> You should always do both, it's easy to spoof a form. Also, not all
> clients support javascript.[/color]

You should certainly always do the server-side validation, but there is no
compelling reason to require the client-side type.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

Re: Form Validation Redux


"Dave Anderson" <GTSPXOESSGOQ@s pammotel.com> wrote in message
news:OR6FpbrPEH A.3452@TK2MSFTN GP10.phx.gbl...[color=blue]
>
> You should certainly always do the server-side validation, but there is no
> compelling reason to require the client-side type.[/color]

If nothing else, it's certainly much quicker to see an alert('Please enter a
valid whatever') than to wait for the form to post and the page to reload
with the validation message.

Personally, I don't do client-side validation, but I see why people would.

Ray at home

Re: Form Validation Redux

"TomB" wrote in message news:u4UWw4qPEH A.3596@tk2msftn gp13.phx.gbl...
: You should always do both, it's easy to spoof a form. Also, not all
clients
: support javascript.

On the server-side I validate that the form is submitted from only the page
intended and not from another site but data is already validated at that
point and of course you weed out the SQL injection attempts but that's not
really validating, is it?

Re: Form Validation Redux

I was just responding to the previous post, trying to indicate that
client-side only was not sufficient.


"Dave Anderson" <GTSPXOESSGOQ@s pammotel.com> wrote in message
news:OR6FpbrPEH A.3452@TK2MSFTN GP10.phx.gbl...[color=blue]
> TomB wrote:[color=green]
> > You should always do both, it's easy to spoof a form. Also, not all
> > clients support javascript.[/color]
>
> You should certainly always do the server-side validation, but there is no
> compelling reason to require the client-side type.
>
>
>
> --
> Dave Anderson
>
> Unsolicited commercial email will be read at a cost of $500 per message.[/color]
Use[color=blue]
> of this email address implies consent to these terms. Please do not[/color]
contact[color=blue]
> me directly or ask me to contact you directly for assistance. If your
> question is worth asking, it's worth posting.
>
>[/color]

Re: Form Validation Redux

On Thu, 20 May 2004 17:11:48 -0500, "Dave Anderson"
<GTSPXOESSGOQ@s pammotel.com> wrote:
[color=blue]
>TomB wrote:[color=green]
>> You should always do both, it's easy to spoof a form. Also, not all
>> clients support javascript.[/color]
>
>You should certainly always do the server-side validation, but there is no
>compelling reason to require the client-side type.[/color]

4 Million forms a day, times two-three trips to the server... :)

Jeff

Re: Form Validation Redux

Jeff Cochran wrote:[color=blue][color=green]
>>
>> You should certainly always do the server-side validation, but there
>> is no compelling reason to require the client-side type.[/color]
>
> 4 Million forms a day, times two-three trips to the server... :)[/color]

I guarantee Amazon does more round trips a day than you do, and I've never
run into client-side validation on their site. Compelling? I think it
stretches the word. Required? Absolutely not.



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.