1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Nov 2005
    Rep Power

    Asp - post form data to a new page

    On page 1, I have a form, which onclick="location.reload(); the same page and runs a classic asp validation scrip. If the validation passes (fields filled in and no duplicates found ect), how do I then post this form data to page 2 where it can then be added to the db.

    PHP Code:
     // test to see if its a bot
    If Request("test") = "" Then
    // if its NOT a bot then...
    If Request("username") = "" Then
    .Write ("<script language=""javascript"">alert('Please include a username');</script>")
    Dim username
    Response.Write username
            Dim strSQL
    "SELECT username FROM Owner WHERE username = '"+username+"' " 
    Set rs_username conn.Execute(strSQL)
    rs_username.EOF Then
    //No record exists, move onto error checking and form submission
    Response.Write Response.write("<script type=""text/javascript"">theForm.submit(page2.asp);</script>"// this does not work!!

    // Record exists, Display alert, do nothing
    Response.Write ("<script language=""javascript"">alert('We have found a duplicate Username in our records<br>Please pick another and try again');</script>")
    Response.Write ("<script language=""javascript"">window.history.back();</script>")

    If // end rs_username.EOF

    End If  // end if username
    End If // end test

    form action="" method="post" name="form1" onclick="location.reload();location.href='page1.asp'>
    <input name="
    test" type="hidden"><br>
    user <input name="
    username" type="text"><br>
    fN<input name="
    firstname" type="text"><br>
    <input type="
    submit" value="Submit Form" name="submit"> 
  2. #2
  3. Lord of the Dance
    Devshed Specialist (4000 - 4499 posts)

    Join Date
    Oct 2003
    Rep Power
    Have you checked that it does send the correct values?
    Reload does not send, but let the user re-retrieve the page before he entered anything.
    You should use the 'action' parameter to send the information.

    Can see the ASP code on that page only check if the user name exists before it forward the reloaded (empty?) form to page2.asp.
    You still have to validate all user input at that page - page2.asp, which mean this scripts seems to be complete unnecessary (calling it useless will be to harsh ).

    You should also look up SQL injection. Inserting user input directly into a SQL statement is an open invitation to let other people calling their own SQL command.

IMN logo majestic logo threadwatch logo seochat tools logo