...

View Full Version : Trouble with ASP Form Validation



OttoBott
07-12-2007, 05:12 AM
Hi. I'm (obviously) a pretty big newb when it comes to ASP. I've had reasonable success with PHP but this is the first Window's server I've had to work on so I've been trying to get myself as familiar with ASP as possible.

Anyway, I've got this registration form (http://www.casaforkidsofet.org/register-champaign.html) working correctly when I wanted to make the three final boxes required. Initially I thought I was successful in making Name, Phone, and E-mail required but then I realized that regardless of what I put in, it came back as an invalid submission. The ASP script I'm using is


<%

DIM strreal_name, strphone_number, stre_mail
strreal_name = Request.Form("Real Name")
strphone_number = Request.Form("Phone Number")
stre_mail = Request.Form("E-Mail")

IF strreal_name <> "" AND strphone_number <> "" AND stre_mail <> "" THEN

Set Mailer = Server.CreateObject("SMTPsvg.Mailer")
Mailer.FromName = "CASA Website Registration"
Mailer.FromAddress= "registration@casaforkidsofet.org"
Mailer.RemoteHost = "localhost"
Mailer.AddRecipient "Georgia Harris", "z.herring@gmail.com"
Mailer.AddExtraHeader "X-MimeOLE:Produced yourdomain.com"
Mailer.Subject = "Form Submission"

strMsgHeader = "Form information follows" & vbCrLf
for each qryItem in Request.Form
strMsgInfo = strMsgInfo & qryItem & " - " & request.Form(qryItem) & vbCrLf
next
strMsgFooter = vbCrLf & "End of form information"

Mailer.BodyText = strMsgHeader & strMsgInfo & strMsgFooter
if Mailer.SendMail then
Response.Redirect("ok.htm?" & EmailFrom)
else
Response.Write "Mail send failure. Error was " & Mailer.Response
end if
set Mailer = Nothing

ELSE

Response.Write "<p>Please click back on your browser and complete the following fields:</p>"
IF strreal_name <> "" THEN
ELSE
Response.Write "<b> Name</b><br>"
END IF
IF strphone_number <> "" THEN
ELSE
Response.Write "<b> Phone Number</b><br>"
END IF
IF stre_mail <> "" THEN
ELSE
Response.Write "<b> E-Mail</b><br>"
END IF

END IF




%>

I honestly can't find what I'm doing wrong. I've googled this problem for hours now, gone back over and over again all of the ASP scripts I was referencing and I'm apparently missing a pretty big something. Any assistance would be greatly appreciated.

Thanks for your time and (hopefully) your help.

:D

Daemonspyre
07-12-2007, 02:22 PM
It's actually much simpler than you think, and it has something to do with your ASP, but not much...

In your HTML form, your 3 input fields are:


<input name="Real_Name" type="text" id="Real_Name" size="32">
<input name="Phone_Number" type="text" id="Phone_Number" size="32">
<input name="E_Mail" type="text" id="E_Mail" size="32">

However, your ASP is looking for:



strreal_name = Request.Form("Real Name")
strphone_number = Request.Form("Phone Number")
stre_mail = Request.Form("E-Mail")


Notice the difference?

Your HTML fields have UNDERSCOREs and your ASP has SPACEs.

Try:



strreal_name = Request.Form("Real_Name")
strphone_number = Request.Form("Phone_Number")
stre_mail = Request.Form("E_Mail")



Remember - Things need to match up EXACTLY, although not case-sensitivity.

Now, for some CYA... You need to do some validation on the text. You don't want people sending you crap data.

Use JavaScript (or post-form-processing ASP) to check the data and make sure it's what you want.

If you are inserting this data into a database at all, then you really need to consider this due to SQL injection.

HTH!

OttoBott
07-13-2007, 01:21 AM
Thank you so much for your help and suggestions. I was hoping it wasn't something stupid, but sure enough...

Oh well. Thanks again. Greatly appreciated.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum