In article <11**********************@j72g2000cwa.googlegroups .com>,
"VK" <sc**********@yahoo.comwrote:
Joseph Taylor wrote:
I hope you're not doing this as a security measure, since it will be
possible to submit the form no matter *how* the submit button is
customized.
Doing what? Please provide a minimum quote of what are you replying to.
In relevance to <noscriptblocks they do not prevent users from
reverse engineering the obtained page and say still submit the form;
all what <noscriptblock can do is to alert users that some important
functionality is missing (say data update over ajaxoids is not
possible) and that they should not use the page in the state it is
right now. Will user follow this warning or will she attempt to hack
your source is out of your control. This way an additional server-side
check is highly suggested is any case.
Sorry, just tried to save some space.
I understand that this is a losing battle, that determined hackers can continue
to offer me tons of viagra etc.
Still, I'm trying to learn. What I'd like to do is to have an asp validation
for one field that will reject a submission but I haven't been able to get it
to work. The form never gets submitted so I obviously have copied or placed
the code incorrectly. Here is the asp code
<%
Validated_Form = true
IF st <"RI" THEN
Validated_Form = false
END IF
IF NOT Validated_Form THEN
%>
<HTML>
<BODY>
Error. Click back in your browser and activate Javascript.
</HTML>
</BODY>
<%
ELSE
Dim name,address,city,st,email,show,comments
name = Request.Form("name")
address = Request.Form("address")
city = Request.Form("city")
st = Request.Form("st")
email = Request.Form("email")
comments = Request.Form("comments")
show = Request.Form("show")
Dim ObjMail
Set ObjMail = Server.CreateObject("CDONTS.NewMail")
ObjMail.To = "xx***@xxx.xxx"
ObjMail.From = "xx***@xxx.xxx"
ObjMail.Subject = "Petition"
ObjMail.Body = "Name" & vbtab & name & vbcrlf&_
"Address" & vbtab & address & vbcrlf&_
"City" & vbtab & city & vbcrlf&_
"State" & vbtab & st & vbcrlf&_
"Email" & vbtab & email & vbcrlf&_
"Add Name?" & vbtab & show & vbcrlf&_
"Comments" & vbtab & comments
ObjMail.Send
Set ObjMail = Nothing
Response.Write"Thank You"
%>
<HTML>
<BODY>
<B>Thank you for filling out the form!</B>
<BR><BR>
</body></html>
<%
END IF
%>
Thanks
--
Harvey Waxman
remove spam to email
http://righttax.org/