Hello

I have an online form whose form fields are named as follows:

ContactUs_Name = ("ContactUs_Name")
ContactUs_Email = ("ContactUs_Email")
ContactUs_Subject = ("ContactUs_Subject")
ContactUs_Body = ("ContactUs_Body")

I now wish to use an ASP script to validate fields before the Webmaster received.

I have the following script which I am hoping to customise:

<%

Function ValidateField(sFieldValue, sFieldType)
Dim bFieldIsOkay

' default is true
bFieldIsOkay = True

' go to the field name to validate the entry
Select Case LCase(sFieldType)
Case "name"
If Len(sFieldValue) = 0 Then bFieldIsOkay = False
Case "email"
If Len(sFieldValue) < 5 Then
bFieldIsOkay = False
Else
If Instr(1, sFieldValue, " ") <> 0 Then
bFieldIsOkay = False
Else
If InStr(1, sFieldValue, "@") < 2 Then
bFieldIsOkay = False
Else
If InStrRev(sFieldValue, ".") < InStr(1, sFieldValue, "@") + 2 Then
bFieldIsOkay = False
End If
End If
End If
End If


Case "subject"
If Len(sFieldValue) = 0 Then bFieldIsOkay = False




Case "city"
If Len(sFieldValue) = 0 Then bFieldIsOkay = False
Case "state"
If Len(sFieldValue) <> 2 Then bFieldIsOkay = False
Case "zip"
If Len(sFieldValue) <> 5 And Len(sFieldValue) <> 10 Then
bFieldIsOkay = False
End If

Case Else 'if an unknown type gets in reject form!
bFieldIsOkay = False
End Select

ValidateField = bFieldIsOkay
End Function

Sub ShowFormField(strField)
' This function needs access to the dictFields object!
%>
<TR>
<TD ALIGN="right"><B><%= strField %>:</B>&nbsp;</TD>
<TD><INPUT NAME="<%= strField %>" TYPE="text" VALUE="<%= Request.Form(strField) %>"></INPUT></TD>
<TD><%
If dictFields(LCase(strField)) Then
Response.Write "<IMG SRC=""../images/check.gif"" BORDER=""0"" WIDTH=""25"" HEIGHT=""25"">"
End If
%></TD>
</TR>
<%
End Sub
%>

<%' Begin Runtime Code

Dim Field 'looping variable
Dim dictFields 'dictionary for failed fields

Set dictFields = Server.CreateObject("Scripting.Dictionary")

For Each Field in Request.Form
If ValidateField(Request.Form(Field), Field) = False Then
dictFields.Add LCase(Field), True
End If
Next 'Field

If Request.Form.Count <> 0 And dictFields.Count = 0 Then


%>
<B>Your entry meets our validation criteria!</B><BR>
<BR>This would naturally be the point where your just entered data
would be getting logged to a file, inserted into a database, mailed
off to someone, or whatever your plans for it might happen to be!
Since we're just playing with the form here, I simply show it below.<BR>
<BR>
<B>Here's what you entered:</B><BR>
<%

For Each Field In Request.Form
Response.Write Field & ": " & Request.Form(Field) & "<BR>" & vbCrLf
Next 'Field
Else

If Request.Form.Count <> 0 Then
%>
<font="verdana">Please complete the form correctly</font>.
<%
End If

' Show thw form with checks if appropriate
%>
<%
End If

%>

Do I make amendments to this along the following lines:

Case "name" - replace with ContactUs_Name
Case "email" - replace with ContactUs_Email
Case "subject" - replace with ContactUs_Subject

insert:

Case "ContactUs_Body"
If Len(sFieldValue) = 0 Then bFieldIsOkay = False

Remove:

Case "city"
If Len(sFieldValue) = 0 Then bFieldIsOkay = False
Case "state"
If Len(sFieldValue) <> 2 Then bFieldIsOkay = False
Case "zip"
If Len(sFieldValue) <> 5 And Len(sFieldValue) <> 10 Then
bFieldIsOkay = False
End If


Am I on the right lines!?

Thanks

Steve

I'd toss that el crappo code and write a *real* validator.


<%
' useful regular expressions for validation:
Set txtOnly = New RegExp
txtOnly.Pattern = "[^a-z]"
txtOnly.Global = True
txtOnly.IgnoreCase = True

Set emRE = New RegExp
emRE.Pattern = "^[a-z][\w\-\'\.]+\@([a-z][\w\-\']*\.)+[a-z]{2,6}$"
emRE.IgnoreCase = True

' get the fields as submitted...trimmed of course
ContactUs_Name = Trim(Request("ContactUs_Name"))
ContactUs_Email = Trim(Request("ContactUs_Email"))
ContactUs_Subject = Trim(Request("ContactUs_Subject"))
ContactUs_Body = Trim(Request("ContactUs_Body"))

' accumulate errors here:
oops = ""

If Len(txtOnly.Replace(ContactUs_Name,"")) < 4 Then
oops = oops & "<li>The name you supplied appears to be too short.</li>"
End If
If Not emRE.Test(ContactUs_Email) Then
oops = oops & "<li>The email address you supplied appears to be invalid.</li>
End If
If Len(txtOnly.Replace(ContactUs_Subject,"")) < 10 Then
oops = oops & "<li>The subject of your request should be at least 10 letter long.</li>"
End If
If Len(txtOnly.Replace(ContactUs_Body,"")) < 30 Then
oops = oops & "<li>The body or your request doesn't contain enough information.</li>"
End If

If oops <> "" Then
%>
Your submission did not seem complete to us.<ul><%=oops%></ul>
Please hit the BACK button of your browser, complete the submission, and try again.
<%
Response.End
End If

... only now do you go on to the other stuff you will do with that info ...
...


That email validator isn't great, but it will catch 95%+ of bogus emails. And of course you can decide the minimum sizes of each of the other fields.

In addition to the ASP based validation here, you really should do the same validation in JavaScript *before* the <form> is submitted. It annoys people to have to hit BACK, etc. Treat the ASP validation as "just in case" the user has JS turned off and/or you are being spoofed.

Hello OP

Thanks for your strict validation code.

To prevent the user having to click on the back button, sometimes you see sites and the error message appears above the form field itself: in red it might say: 'please type a valid email address' (or something like that). I think displaying errors in that way looks quite OK. Another alternative is the one I posted yesterday which uses a small graphic to highlight an incorrectly completed form field:

<TR>
<TD ALIGN="right"><B><%= strField %>:</B>&nbsp;</TD>
<TD><INPUT NAME="<%= strField %>" TYPE="text" VALUE="<%= Request.Form(strField) %>"></INPUT></TD>
<TD><%
If dictFields(LCase(strField)) Then
Response.Write "<IMG SRC=""../images/check.gif"" BORDER=""0"" WIDTH=""25"" HEIGHT=""25"">"
End If
%></TD>
</TR>


What do you think of either alternative - better than having to click on the back button, don't you think.

But I am not sure how to integrate the code you post here, namely

<%
' useful regular expressions for validation:
Set txtOnly = New RegExp
txtOnly.Pattern = "[^a-z]"
txtOnly.Global = True
txtOnly.IgnoreCase = True

Set emRE = New RegExp
emRE.Pattern = "^[a-z][\w\-\'\.]+\@([a-z][\w\-\']*\.)+[a-z]{2,6}$"
emRE.IgnoreCase = True

' get the fields as submitted...trimmed of course
ContactUs_Name = Trim(Request("ContactUs_Name"))
ContactUs_Email = Trim(Request("ContactUs_Email"))
ContactUs_Subject = Trim(Request("ContactUs_Subject"))
ContactUs_Body = Trim(Request("ContactUs_Body"))

' accumulate errors here:
oops = ""

If Len(txtOnly.Replace(ContactUs_Name,"")) < 4 Then
oops = oops & "<li>The name you supplied appears to be too short.</li>"
End If
If Not emRE.Test(ContactUs_Email) Then
oops = oops & "<li>The email address you supplied appears to be invalid.</li>
End If
If Len(txtOnly.Replace(ContactUs_Subject,"")) < 10 Then
oops = oops & "<li>The subject of your request should be at least 10 letter long.</li>"
End If
If Len(txtOnly.Replace(ContactUs_Body,"")) < 30 Then
oops = oops & "<li>The body or your request doesn't contain enough information.</li>"
End If

If oops <> "" Then
%>
Your submission did not seem complete to us.<ul><%=oops%></ul>
Please hit the BACK button of your browser, complete the submission, and try again.
<%
Response.End
End If

with the little graphic (but I do suspect it will not be without its problems :()

Regards

Steve

Yes, that's actually how I do most of my pages. But the code you were quoting wasn't capable of that so I assumed you had the traditional post-to-another-page stuff.

It's not hard.

Below is actually quite similar to how ASP.NET would do it for you, without you writing much code at all:

<%
oopsName = "none"
oopsSubject = "none"
oopsEmail = "none"
oopsBody = "none"
oops = False
If Trim(Request("POSTBACK")) = "YES" Then

' useful regular expressions for validation:
Set txtOnly = New RegExp
txtOnly.Pattern = "[^a-z]"
txtOnly.Global = True
txtOnly.IgnoreCase = True

Set emRE = New RegExp
emRE.Pattern = "^[a-z][\w\-\'\.]+\@([a-z][\w\-\']*\.)+[a-z]{2,6}$"
emRE.IgnoreCase = True

' get the fields as submitted...trimmed of course
ContactUs_Name = Trim(Request("ContactUs_Name"))
ContactUs_Email = Trim(Request("ContactUs_Email"))
ContactUs_Subject = Trim(Request("ContactUs_Subject"))
ContactUs_Body = Trim(Request("ContactUs_Body"))


If Len(txtOnly.Replace(ContactUs_Name,"")) < 4 Then
oopsName = "inline" : oops = True
End If
If Not emRE.Test(ContactUs_Email) Then
oopsEmail = "inline" : oops = True
End If
If Len(txtOnly.Replace(ContactUs_Subject,"")) < 10 Then
oopsSubject = "inline" : oops = True
End If
If Len(txtOnly.Replace(ContactUs_Body,"")) < 30 Then
oopsBody = "inline" : oops = True
End If

If oops = False Then
' when you do Server.Transfer, all the Request collections are transferred, too
' so the transferred-to page has full access to everything
Server.Transfer "processFields.asp"

... alternatively, do the processing here ...
... go ahead and process the fields ...
... send email, put info in DB, whatever you will do ...
... and only then ...
Server.Transfer "thankYouForYourSubmission.asp"
End If

' but if you get here, at least one "oops", so...
Response.Write "<h2>Please correct your error(s) and resubmit the form</h2><br/>"

End If
%>
<form>
<input type="hidden" name="POSTBACK" value="YES" />
Name: <input name="ContactUs_Name" value="<%=ContactUs_Name%>" />
<span style="display: <%=oopsName%>; color: red;">You must supply a valid contact name</span>
<br/><br/>
Email: <input name="ContactUs_EMail" value="<%=ContactUs_EMail%>" />
<span style="display: <%=oopsEmail%>; color: red;">You must supply a valid email address</span>
Subject: <input name="ContactUs_Subject" value="<%=ContactUs_Subject%>" />
<span style="display: <%=oopsSubject%>; color: red;">You must supply a reason for this email</span>
Comments:
<span style="display: <%=oopsBody%>; color: red;">Please tell us in detail what your problem is</span>
<textarea name="ContactUs_Name"><%=ContactUs_Body%></textarea>
<br/>
<input type="submit"/>
</form>


But of course if you did the kind of JavaScript validation that Philip showed you, then you *could* use my prior code. Because then only people idiotic enough to turn off JavaScript even encounter your ASP validation.

OK, OP. I'll try out the code you have posted. I'll give it a pretty look and let you see it online.

Cheers again.

Steve

Hello OP

I have tidied up the form a little and it looks a bit prettier:

http://proofreading4students.com/Test_This_TODAY.asp

I also got some errors, but whenever I resolved (or tried to resolve) one of them, it only seemed to generate another. There seems to be a problem at source which I can't seem to uproot.

At the moment, the error I am getting is this:

CDO.Message.1 error '80040220'

The "SendUsing" configuration value is invalid.

/Test_This_TODAY.asp, line 235

line 235 is this:

strBody = strBody & "Please do not reply to this email" & vbcrlf & "<br><br>" &_

The code is as follows:


<form><input type="hidden" name="POSTBACK" value="YES" /><br>

<table border="0" cellspacing="1">
<tr><td valign="top">
Name:</td>
<td colspan="2">
<span style="display: <%=oopsName%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid name</span>
<br>
<input name="ContactUs_Name" size="35" value="<% =ContactUs_Name %>">
</td></tr>


<tr>
<td valign="top">
Email:</td>
<td colspan="2">
<span style="display: <%=oopsEmail%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid email</span>
<br>
<input name="ContactUs_Email" size="35" value="<% =ContactUs_Email %>">
</td></tr>


<tr>
<td valign="top">
Subject:</td>
<td colspan="2">
<span style="display: <%=oopsSubject%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid subject</span>
<br>
<input name="ContactUs_Subject" value="<% =ContactUs_Subject %>" size="35">
</td></tr>


<tr>
<td valign="top">
Message:</td>
<td valign="top">
<span style="display: <%=oopsBody%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid message</span>
<br>
<textarea name="ContactUs_Body" cols="40"><% =ContactUs_Body %></textarea>
</td></tr>

<tr>
<td valign="top">
&nbsp;


</td>
<td colspan="2">
<input type="submit" value="Send">
</td></tr>
</table>
</form>


<%

smtpserver = "details_here"
youremail = "details_here"
yourpassword = "details_here"


Set ObjSendmail = CreateObject("CDO.Message")


ObjSendMail.To = youremail
'ObjSendMail.Name = ContactUs_Name
ObjSendMail.From = " ' " & ContactUs_Name & " ' <" & ContactUs_Email & ">"
ObjSendMail.From = ContactUs_Email
ObjSendMail.Subject = ContactUs_Subject

' we are sending a html email.. simply switch the comments around to send a text email instead
ObjSendMail.HTMLBody = strBody
'ObjSendMail.TextBody = strBody

'ContactUs_Body <--how do I reference this?

strBody = strBody & "Please do not reply to this email" & vbcrlf & "<br><br>" &_

"<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " & ContactUs_Name & vbcrlf & "<br>" &_

"<B><font face='verdana' size='2' color='navy'>StaffID</font></B>: " & ContactUs_Email & vbcrlf & "<br>" &_

"<B><font face='verdana' size='2' color='navy'>Email</font></B>: " & ContactUs_Subject & vbcrlf & "<br>" &_


ObjSendMail.Send

Set ObjSendMail = Nothing
%>

Thanks for any further advice.

Steve

The error is actually on the SEND line.

You haven't specified any configuration at all for the the message, so you get the default configuration. Which apparently isn't valid for the SMTP server you are using.

You need to get the details for that SMTP server and then set the CDO.Configuration appropriately.

As for the body: You are changing the contents of the variable strBody *AFTER* you assign it to the mail!

ObjSendMail.HTMLBody = strBody
strBody = strBody & "Please do not reply to this email" & vbcrlf & "<br><br>" &_
... etc ...

No no no. You create the contents of strBody *FIRST* and *THEN* assign them to HTMLBody.

Hello OP

I have done that, but it only generates another error:

Microsoft VBScript compilation error '800a0400'

Expected statement

/Test_This_TODAY.asp, line 229

"<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " & ContactUs_Name & vbcrlf & "<br>" &_
^

line 229 =

"<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " & ContactUs_Name & vbcrlf & "<br>" &_

At the moment the code is looking like this:

<%
oopsName = "none"
oopsSubject = "none"
oopsEmail = "none"
oopsBody = "none"
oops = False
If Trim(Request("POSTBACK")) = "YES" Then

' useful regular expressions for validation:
Set txtOnly = New RegExp
txtOnly.Pattern = "[^a-z]"
txtOnly.Global = True
txtOnly.IgnoreCase = True

Set emRE = New RegExp
emRE.Pattern = "^[a-z][\w\-\'\.]+\@([a-z][\w\-\']*\.)+[a-z]{2,6}$"
emRE.IgnoreCase = True

' get the fields as submitted...trimmed of course
ContactUs_Name = Trim(Request("ContactUs_Name"))
ContactUs_Email = Trim(Request("ContactUs_Email"))
ContactUs_Subject = Trim(Request("ContactUs_Subject"))
ContactUs_Body = Trim(Request("ContactUs_Body"))


If Len(txtOnly.Replace(ContactUs_Name,"")) < 4 Then
oopsName = "inline" : oops = True
End If
If Not emRE.Test(ContactUs_Email) Then
oopsEmail = "inline" : oops = True
End If
If Len(txtOnly.Replace(ContactUs_Subject,"")) < 10 Then
oopsSubject = "inline" : oops = True
End If
If Len(txtOnly.Replace(ContactUs_Body,"")) < 30 Then
oopsBody = "inline" : oops = True
End If

If oops = False Then
' when you do Server.Transfer, all the Request collections are transferred, too
' so the transferred-to page has full access to everything
Server.Transfer "processFields.asp"


End If

' but if you get here, at least one "oops", so...
'Response.Write "<h2>Please correct your error(s) and resubmit the form</h2><br/>"

End If
%>

<html>
<head>
</head>
<body>


<form><input type="hidden" name="POSTBACK" value="YES" /><br>

<table border="0" cellspacing="1">
<tr><td valign="top">
Name:</td>
<td colspan="2">
<span style="display: <%=oopsName%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid name</span>
<br>
<input name="ContactUs_Name" size="35" value="<% =ContactUs_Name %>">
</td></tr>


<tr>
<td valign="top">
Email:</td>
<td colspan="2">
<span style="display: <%=oopsEmail%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid email</span>
<br>
<input name="ContactUs_Email" size="35" value="<% =ContactUs_Email %>">
</td></tr>


<tr>
<td valign="top">
Subject:</td>
<td colspan="2">
<span style="display: <%=oopsSubject%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid subject</span>
<br>
<input name="ContactUs_Subject" value="<% =ContactUs_Subject %>" size="35">
</td></tr>


<tr>
<td valign="top">
Message:</td>
<td valign="top">
<span style="display: <%=oopsBody%>; color: red; font-family: Verdana, Arial, Helvetica, sans-serif;font-size:10px">
Please provide a valid message</span>
<br>
<textarea name="ContactUs_Body" cols="40"><% =ContactUs_Body %></textarea>
</td></tr>

<tr>
<td valign="top">
&nbsp;


</td>
<td colspan="2">
<input type="submit" value="Send">
</td></tr>
</table>
</form>


<%

smtpserver = "IP address"
youremail = "Webmaster_email@mysite.com"
yourpassword = "details"


Set ObjSendmail = CreateObject("CDO.Message")

ObjSendMail.To = youremail

ObjSendMail.From = ContactUs_Name & "<" & ContactUs_Email & ">"

ObjSendMail.Subject = ContactUs_Subject


"<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " & ContactUs_Name & vbcrlf & "<br>" &_

"<B><font face='verdana' size='2' color='navy'>Email</font></B>: " & ContactUs_Email & vbcrlf & "<br>" &_

"<B><font face='verdana' size='2' color='navy'>Subject</font></B>: " & ContactUs_Subject & vbcrlf & "<br>" &_

strBody = strBody & "Please do not reply to this email" & "<br><br>" & vbcrlf &_

ObjSendMail.HTMLBody = strBody

ObjSendMail.Send

Set ObjSendMail = Nothing
%>

Please note that I have included the smtp server IP address.

Thanks again.

Steve

I am finally figuring out that you have never coded in VBScript before, right?

And probably haven't done much programming in any language, yes?

Okay...

That line that starts with "<b>...." is the beginning of a *literal string*.

You have to *DO* something with a literal string. Assign it to a variable, response.write it, etc.

I can't dictate what you should do. But I would *GUESS* that what you are after is something like this:

strBody = "<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " _
& ContactUs_Name & vbcrlf & "<br>" _
& "<B><font face='verdana' size='2' color='navy'>Email</font></B>: " _
& ContactUs_Email & vbcrlf & "<br>" _
& "<B><font face='verdana' size='2' color='navy'>Subject</font></B>: " _
& ContactUs_Subject & vbcrlf & "<br>" _
& "<B><font face='verdana' size='2' color='navy'>Message</font></B>: " _
& ContactUs_Body & vbcrlf & "<br>" _
& "Please do not reply to this email" & "<br><br>" & vbcrlf

ObjSendMail.HTMLBody = strBody

But the code is still badly broken. It's in the wrong place in the page. The code for actually sending the email should either be in a separate page (the "ProcessFields.asp" that I showed) or it should be in that same "IF" block:

If oops = False Then

' one way or the other, the code for sending the email needs to be in here ONLY.
' either inline in this same page or in a separate page

End If

And you still aren't using any CDO.Configuration object or fields, so I don't think your email send is going to succeed.

I can't teach you programming here. I don't have the time or space. If you can't find some much better sample code then I'll see if I can dig some up.

Hello OP

No, that still generates an error:

"<B><font face='verdana' size='2' color='navy'>Full name:</font></B> " & ContactUs_Name & vbcrlf & "<br>" &_

I do have

If oops = False Then
' when you do Server.Transfer, all the Request collections are transferred, too
' so the transferred-to page has full access to everything
Server.Transfer "processFields.asp"

and processFields.asp (thank you) is a separate file.

Do you mind if I attach the whole file - most of it is yours anyway (thanks again)?

I have had cursory glances at it over the weekend and just can't work out what's wrong. I have ensured the smtp details are correct with my hosting service.

Steve