 |
| Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0 |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
|
October 9th, 2004, 09:02 AM
|
|
Authorized User
|
|
Join Date: Oct 2004
Posts: 36
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Check form for integers in range...
I have a page which receives user submitted variables, 1 or 2 of which have to be integers. These integers have to be in the range 1 to 64,000 (64,000 is arbitrary, maybe I should use the max range for Clng, 2147483647...)
I have a very longwinded way to check this.
if len(request("mid")) > 5 or len(request("rid")) > 5 then response.redirect ("x.asp")
(...prevent overflow error caused by user entering too many chars)
if not isNumeric(request("mid")) or not isNumeric(request("rid")) then response.redirect ("x.asp")
if cLng(request("mid")) > 64000 or cLng(request("mid")) < 1 then response.redirect ("x.asp")
if cLng(request("rid")) > 64000 or cLng(request("rid")) < 1 then response.redirect ("x.asp")
This seems very inefficient, can somebody show me the true way!?
Regards, Guy
|
|
October 10th, 2004, 08:05 PM
|
|
Friend of Wrox
|
|
Join Date: Sep 2003
Posts: 363
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Hi,
Better you do these validations at client side instead of server side.
------------
Rajani
|
|
October 11th, 2004, 06:37 PM
|
|
Friend of Wrox
|
|
Join Date: Jan 2004
Posts: 1,870
Thanks: 12
Thanked 20 Times in 20 Posts
|
|
To check a value is a number and > 64000 in Javascript (yes better to do it on the client side) put this in the head of your document inside script tags:
function validate()
{
if(isNaN(parseInt(document.fName.fieldName.value))
{
alert("You must enter a valid number");
document.fName.fieldName.focus();
document.fName.fieldName.select();
return(false);
if(document.fName.fieldName.value < 64000)
{
alert("Num should be less than 64000");
document.fName.fieldName.focus();
document.fName.fieldName.select();
return(false);
}
}
return (true);
}
now put this inside your <form> tag:
onSubmit="return validate();"
Wind is your friend
Matt
|
|
October 11th, 2004, 11:44 PM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Looks like this needed some fine tuning.
Code:
function validate()
{
if(isNaN(parseInt(document.fName.fieldName.value))
{
alert("You must enter a valid number");
document.fName.fieldName.focus();
document.fName.fieldName.select();
return(false);
} //If not closed here or no ELSE used here, it would never execute the lines following this.
// if(document.fName.fieldName.value < 64000)
// Should that be ">" instead of "<" above?
if(document.fName.fieldName.value > 64000)
{
alert("Num should be less than 64000");
document.fName.fieldName.focus();
document.fName.fieldName.select();
return(false);
}
// } has been closed above, so not required.
return (true);
}
Hope that helps.
Cheers!
_________________________
- Vijay G
Strive for Perfection
|
|
October 13th, 2004, 09:36 PM
|
|
Authorized User
|
|
Join Date: Oct 2004
Posts: 36
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Hi all,
Thanks for your suggestions/solutions.
I still need to do server side validation as it is possible for uesrs to sneak their way around javascript validation, and I would like my site to be watertight.
Is there a good way of trapping all errors (including those I cant foresee!) and redirecting the user to a specified page.
That way if someone does manage to 'crash' a page they wont get any generic error messages.
Thanks in advance, Guy
|
|
October 14th, 2004, 02:43 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 2,480
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Then check for IsNumeric IsNAN vbscript functions and can use the same logic as the javascript code that was posted.
_________________________
- Vijay G
Strive for Perfection
|
|
October 14th, 2004, 06:34 PM
|
|
Friend of Wrox
|
|
Join Date: Jan 2004
Posts: 1,870
Thanks: 12
Thanked 20 Times in 20 Posts
|
|
;;;sneak their way around javascript
How is this done? I do realize Javascript can be disabled, this doesnt allow a user to sneak around though. If the page the form is posting to checks an expected form variable has been posted it can:
a..let them in
or
b..redirect then back until it's submitted as the developer intended
Wind is your friend
Matt
|
|
October 15th, 2004, 03:38 AM
|
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post
|
|
Quote:
quote:
;;;sneak their way around javascript
How is this done?
|
The simplest way is just to not use your page with the js validation to post the data. For any HTML page I can view the source, see what your fields are called, see where the form posts to and then construct my own HTML page with the same field names and post target - then voila I can post anything I like to your destination page. How will your js stop that?
Guy is correct, you should always repeat validation at the server-side. The golden rule is "never trust anything that comes via the browser"
Quote:
quote:
Is there a good way of trapping all errors (including those I cant foresee!) and redirecting the user to a specified page.
That way if someone does manage to 'crash' a page they wont get any generic error messages.
|
Guy, look into providing custom 500;100 error pages, assuming you're using IIS5+. See http://support.microsoft.com/?kbid=299981 and http://support.microsoft.com/?kbid=224070 for examples.
hth
Phil
|
|
October 27th, 2004, 08:53 AM
|
|
Authorized User
|
|
Join Date: Oct 2004
Posts: 36
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Thanks all,
and cheers to PGTips!
Guy
|
|
|
