Using the ASP Request object you can create simple, yet powerful scripts for collecting and processing data gathered with HTML forms. In this topic you will not only learn how to create basic form processing scripts, but also acquire useful techniques for validating form information, both on your Web server and at the user's browser.
HTML forms, the most common method for gathering Web information, are arrangements of special HTML tags that render user interface controls on a Web page. Text boxes, buttons, and check boxes are examples of controls that enable users to interact with a Web page and submit information to a Web server.
The following HTML example generates a form where a user can enter first name, last name, and age, and includes a button for submitting information to a Web server. The form also contains a hidden control (not rendered by the Web browser) that you can use to pass additional information to a Web server.
<FORM METHOD="POST" ACTION="myfile.asp"> <INPUT TYPE="text" NAME="firstname"> <INPUT TYPE="text" NAME="lastname"> <INPUT TYPE="text" NAME="age"> <INPUT TYPE="hidden" NAME="userstatus" VALUE= "new"> <INPUT TYPE="submit" VALUE="Enter"> </FORM>
When a form submits information to the Web server, the user's Web browser requests the .asp file specified by the HTML <FORM > tag's ACTION attribute (in the previous example, this file was called Myfile.asp). The .asp file contains scripts that carry out form value processing, such as displaying a table of results or querying information from a database.
You can use .asp files to collect HTML form values in three ways:
The first two methods operate in the same way as forms that interact with other gateway programs, except that, with ASP, you can include commands that read and respond to user choices.
Creating an .asp file that contains a form definition that posts information to itself is a slightly more complicated but very powerful means of working with forms. This process is demonstrated in Verifying Form Input.
The ASP Request object provides two collections that greatly simplify the task of retrieving form information appended to a URL request.
The QueryString collection retrieves form values passed to your Web server as text following a question mark in the request URL. The form values can be appended to the request URL by using either the HTTP GET method or by manually adding the form values to the URL.
For example, if the previous form example used the GET method (ACTION = "GET") and the user typed Jeff, Smith, and 30, then the following URL request would be sent to the server:
http://scripts/Myfile.asp?firstname=Jeff&lastname=Smith&age=30&userstatus=new
Myfile.asp might contain the following form processing script:
Hello, <%= Request.QueryString("firstname") %> <%= Request.QueryString("lastname") %>. You are <%= Request.QueryString("age") %> years old. <% If Request.QueryString("userstatus") = "new user" then Response.Write"This is your first visit to this Web site!" End if %>
In this case, your Web sever would return the following text to the user's Web browser:
Hello, Jeff Smith. You are 30 years old. This is your first visit to this Web site!
The QueryString collection also has an optional parameter that you can use to access one of multiple values that appear in the request body. You can also use the Count property to count the number of times that a specific type of value appears.
For example, a form containing a list box with multiple items can render the following request:
http://list.asp?food=apples&food=olives&food=bread
You could use the following command to count multiple values:
Request.QueryString("food").Count
To display the multiple values types, List.asp could contain the following script:
<%Total = Request.QueryString("food").Count%> <%For i = 1 to Total%> <%= Request.QueryString("food")(i) %> <BR> <%Next%>The preceding script would display:
apples olives bread
When you use the HTTP GET method to pass long and complex form values to a Web server, you run the risk of losing information. Most Web servers tend to restrict the size of the URL query string, so that lengthy form values passed with the GET method tend to get truncated. If you need to send a large amount of information from a form to a Web server, you must use the HTTP POST method. The POST method, which sends form data in the HTTP request body, can send a virtually unlimited number of characters to a server. You can use the ASP Request object's Form collection to retrieve the values sent with the POST method.
The Form collection stores values in a manner similar to the QueryString collection. For example, if a user filled out a form by entering a long list of names, then you could retrieve the names with the following script:
<% For i = 1 to Request.Form.Count %> <% =Request.Form("names")(i) %> <% Next %>
A good form processing script validates the information entered into a form before processing data. A validation script can check whether the user has entered the correct type of information into a form. For example, if your Web site includes a form that lets users compute financial information, you may want to verify that users have actually entered numerical information, and not text, before processing results.
A particularly advantageous way of verifying form input is to create a form that posts information to itself. In this case, the .asp file contains the form that retrieves information. For example, the following script determines whether a user entered a number into the "age" form field, by posting information to itself:
<% If Isnumeric(Request.QueryString("Age")) then %> <p>Hello, your age is <%=Request.QueryString("age")%> <%Else %> <p>Please enter a numerical age. <%End If %> <FORM METHOD= "POST" ACTION="verify.asp" > Name: <INPUT TYPE="text" NAME="Name" > Age: <INPUT TYPE="text" NAME="Age" > <INPUT TYPE="submit" VALUE="Enter"> </FORM>
In this example, the script is in a file named Verify.asp, the same file which contains the form. The form posts information to itself by specifying Verify.asp in the ACTION attribute.
You can also create client-side scripts that check whether a user has entered the appropriate information. In addition to prompting users more quickly about form entry errors, verifying form input at the user's Web browser can reduce your Web server's network traffic. The following script runs on the user's Web browser and validates user information before submitting information to your Web server.
<SCRIPT LANGUAGE="VBScript"> <!-- Sub btnEnter_OnClick Dim TheForm Set TheForm = Document.MyForm If IsNumeric(TheForm.Age.Value) Then TheForm.submit Else Msgbox "Please enter a numerical age." End if End Sub //--> </SCRIPT> <FORM METHOD= "POST" NAME= MyForm ACTION="myfile.asp" > Name: <INPUT TYPE="text" NAME="Name" > Age: <INPUT TYPE="text" NAME="Age" > <INPUT TYPE="button" NAME="btnEnter" VALUE="Enter"> </FORM>