By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
435,300 Members | 1,795 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 435,300 IT Pros & Developers. It's quick & easy.

Advanced server-side form validation

P: n/a
Can anybody point me to a good tutorial/manual on advanced server-side
form validation including validation of fields against unwanted
strings such as the use of "http://".

Thank you in advance,

FayeC
Jul 15 '06 #1
Share this Question
Share on Google+
2 Replies


P: n/a

FayeC wrote:
Can anybody point me to a good tutorial/manual on advanced server-side
form validation including validation of fields against unwanted
strings such as the use of "http://".

Thank you in advance,
You can go two ways with this kind of thing, depending on how complex
your validation is and what action you want to take as a result of
invalid data. Your example is straightfoward. Use of instr against
the string will find whether something like "http://" is in there.
Most of these tasks can be accomplished using the built-in functions.
More complex tasks might benefit from the use of Regular Expressions.

http://msdn.microsoft.com/library/de...ting051099.asp

--
Mike Brind

Jul 15 '06 #2

P: n/a
On Sat, 15 Jul 2006 16:49:30 -0500, FayeC <fa*******@hotmail.comwrote:
Can anybody point me to a good tutorial/manual on advanced server-side
form validation including validation of fields against unwanted
strings such as the use of "http://".
I have no specific references to direct you to, but I tend to create a
class for each form that has one method which reads the form data from a
collection (usually one of either the QueryString or Form properties of
the Request object), and a second that returns True if the data is
valid. The form data itself is exposed as properties, and there is
usually a collection of error messages that is populated by the
validation method. Even if you never use the form in more than one
place, it's nice to get all the form processing code out of the main
flow of the page.

A quick 'n dirty (and rather obnoxious) new account form using this
style follows.

Class NewAccountForm
Public UserName
Public Password1
Public Password2
Public Email
Public WhatNumberAmIThinkingOf

Public Messages

Function Init(form)
UserName = Trim(form("username"))
Password1 = Trim(form("password1"))
Password2 = Trim(form("password2"))
Email = Trim(form("email"))

WhatNumberAmIThinkingOf = form("whatnumberamithinkingof")
If IsNumeric(WhatNumberAmIThinkingOf) Then
WhatNumberAmIThinkingOf = CLng(WhatNumberAmIThinkingOf)
Else
WhatNumberAmIThinkingOf = 0
End If

Set Init = Me
End Function

Function DataValid()
DataValid = True

If Len(UserName) = 0 Then
Messages("username") = "Please enter a username."
DataValid = False
End If

If Len(Password1) = 0 Then
Messages("password1") = "Please enter password."
DataValid = False
ElseIf Password1 <Password2
Messages("password1") = "Passwords do not match."
DataValid = False
End If

If Len(Email) = 0 Then
Messages("email") = "Please enter an email address."
DataValid = False
ElseIf InStr(Email, "@") = 0 Or InStr(Email, ".") = 0 Then
Messages("email") = "Please enter a valid email address"
DataValid = False
End If

If WhatNumberAmIThinkingOf <5 Then
Messages("whatnumberamithinkingof") = "Ha! Nice try, buddy!"
DataValid = False
End If
End Function

Private Sub Class_Initialize
Set Messages = CreateObject("Scripting.Dictionary")
End Sub
End Class

--
Justin Piper
Bizco Technologies
http://www.bizco.com/
Jul 17 '06 #3

This discussion thread is closed

Replies have been disabled for this discussion.