Stopping People Putting Scripts Into Form Fields
im making a simple site where people can add comments into a shoutbox. only ive had experience of people adding in html tags and javascript to redirect people away from my site and display images etc which im not interested in.
how do i stop this from happening? is there a way to intercept the form contents and kick out the code leaving plain text? or changing the code so it displays the real code using < and > ?
View Replies
ADVERTISEMENT
I thought when I discovered the power of session.sessionID I was onto a winner... but in the last month or so have been finding more and more of it's shortfalls (all down to whatever specific users have running on their machines)
Passing data through querystrings isn't ideal as people might go and type a url in to move around.
View Replies
View Related
Would anyone be able to give some guideance in ASP code as to how I would repeat a section of input fields in a form based upon the number of guests that are attending an event?
Basically, what needs to happen is if 3 guests are attending, I need the Name, address, city, state fields to repeat so they can be filled in with information.
Then all of the information from the whole form is submitted which returns an email to the administrator of the event.
View Replies
View Related
I have a standard ASP page that appends to an xml page.
Currently if there is more than one person attempting to append to the same XML file at a time. One user will have the ability to append, and the other user will append nothing.
Is there a way to avoid this from happening? For example. Lets say the user opens up a cached version of the page then append to the actual file. For some reason I remember reading about something like that, but just can't recall.
View Replies
View Related
I have 3 pages. on page 1 there is a select box, name="UD", containing "Data B"
page1 submits to page 2
on page 2, <% USD=request("UD")%> results in USD = "Data B"
USD displays in a text box as "Data" (the space and B missing)
page 2 submits to page 3
on page 3, <% USD=request("USD")%> results in USR = "Data" (the space and B
missing)
How do I keep the data complete?
View Replies
View Related
I have an asp page which has a number of form fields on it (about 50). 2/3rds of these fields are used to store username (windows username) and date (todays date). I want these fields to be locked so the user cannot enter any info into them. The infor will be grabbed from the current user and the current date.
However, I only want these fields to be populated only when the left most field is changed. Once the fields have been populated the username and date fields will change with however is logged in and the new date.
View Replies
View Related
I have a form that will be filled out by users, what I would like to do is when the user selects a state from a dropdown list i want to have the City field show select options based on their state. I know this can be done but I dont remember how.
View Replies
View Related
This problem is regarding ASP/AJAX. I don't really want to bore you with all the code so i will start off by giving an overview of the problem.
I have an ASP page that places an AJAX request to an ASP page that retrieves a random record from the database, the information returned is then updated into a Div on the original page. The original page has a Refresh link to repeat the procedure and select another random database entry. With me so far?
In firefox this works perfectly, but im having problems in IE. It seems that the ASP page that accesses the database is cached somehow as everytime i use the refresh link it returns the same data. I have used the time() function in the returned data so I can see that it is exactly the same info returned with each refresh.
It seems that the response is being cached and rather than rerunning the script the cache is being returned.
View Replies
View Related
I need to loop through all submitted form fields and place them all into 1 variable but i have no idea how. Here's what I have so far:
for each item in request.form
myVariable = "formfieldname:" & item & "formfieldvalue:" & request(item)
next
response.write(myVariable)
The problem with that is that response.write(myVariable) only prints the last field in the form.
I know that if I move the response.write(myVariable) INSIDE of the loop it will print correctly but I am not trying to print the form fields BUT I AM TRYING to store them in ONE variable.
For example:
myVariable = formfield1name:formfield1value:formfield2name:formfield2value:formfield3name:f ormfield3value:ETC ETC
View Replies
View Related
Code to email form data via ASP. Forced to use CDOSYS by 2003 server at host. It sends an email fine, but the form data is missing. Where my going wrong? Could it be the html file's form actuating the .asp file? Could it be an enctype issue? Or bad ASP syntax... Code:
View Replies
View Related
Can someone tell me how I can take a bunch of form fields using Request.Form, and put them in a array. And then, how do I send that in and INSERT sql.
View Replies
View Related
I have about 30 names of workers (and their IDs in hidden fields, that depend on their departments) in one form, beside them there is one dropdown list for each worker, with same items. I want to select item from dropdown list for each worker, that will write item ID in another hidden field... and then I want to submit worker's ID, ID from dropdown list etc....into another .asp page and sql db.
If I use next way :
<%
FOR EACH name IN Request.Form
Response.Write("<BR>")
Response.Write(Request.Form(name))
NEXT
%>
I get only values of IDs from dropdown lists. But I need workers' IDs, too.
View Replies
View Related
how can I send the whole form using the script below, without listing every NAME of the form. Basically I wondered if you can just put a certain code in that will send all the fields of the form without putting each NAME of the fields down indiv individualy??
My forms Name is 'conf', so I was wondering if there was a code like SENDWHOLEFORM="conf", (I know it obviously won't be that, but just to put the point across!)
<%
DIM strNAME, Mailer
strFirstName = Upload.Form("NAME")
Set JMail = Server.CreateObject("JMail.SMTPMail")
JMail.ServerAddress = "10.2.3.2"
JMail.AddRecipient "me@me.com"
JMail.Sender = "me@me.com"
JMail.Subject = "Submitted Item to sell"
JMail.Body = "Name: " & strNAME
JMail.Execute
Set JMail= Nothing
%>
View Replies
View Related
I have about 30 worker names (and their IDs in hidden fields) in one form, beside each worker I have a dropdown list with same items. When I select an item from dropdown list its ID is written in another hidden field. I want to submit values from hidden fields into another .asp page and sql db. If I use :
<%
FOR EACH name IN Request.Form
Response.Write("<BR>")
Response.Write(Request.Form(name))
NEXT
%>
I get only values from dropdown lists IDs. how to loop through all fields and get IDs of workers, too.
View Replies
View Related
I have the following asp code:
response.write "<td align=left colspan=2 class=text>" & _
"<input type=text name=ProjectDescription STYLE='width:465px' value=' " & ProjectDescription &" '>" & _
"</input></td>"
The problem I have is when ProjectDescription contains a ' the data gets truncated. How can I resolve this.
i.e. ProjectDescription=doesn't
View Replies
View Related
I have created an email form in which all fields must be completed. If all the fields are not completed "submit" causes a refresh using response.redirect, Problem is allthe fields that were previously filled in are empty.How do I keep the values of the fields on refresh?
View Replies
View Related
I have a form submitted with a form field called contents. This could have loads of text in. What i need to do is scan this field for words that match the text in a database record called PAC_WORD. This could match 3 or 4 of the words put. Basically for each word picked up I want to write " This item found is not allowed
View Replies
View Related
I have a asp page that has a form that I have to submit to a third party website.if their is a way to create form values using asp to submit the secure data without having it in a hidden field where it can be seen when viewing page source?
Currently I have my asp code writing out hidden form fields using the response.write when the page loads then after everything is loaded JavaScript submits the form.
View Replies
View Related
I am creating a form that uses a postcode lookup that opens in another window to confirm an address how would I pass back the address and populate the form?
View Replies
View Related
How do I check the field for example zip code to make sure that it has 5 digits?
View Replies
View Related
I have a web form which is quite long. My first field is required. If my user submits the form the page just sits there and the do not see my validation message at the top of my page. how I can reposition teh page so they see teh message i.e.scroll back up the page?
View Replies
View Related
how to access my HTML form fields from ASP. i don't know how to access HTML form fields from ASP code.
View Replies
View Related
i wrote a script in asp/vb script that validates form fields. all works fine, apart from the fact that alerts are being shown against the empty form fields when the page loads the first time.
so, validation should not be carried out when the page loads the first time. my friend challenged me and said i can achieve this "using a hidden form field or even the submit button" and submitting the page to itself
i was more thinking of using session variables or a session cookie, but does anyone know how you could accomplish this using a hidden form field?
View Replies
View Related
Here's what I want to do ... or here's my problem. I have a 'ICQ' on my user's profile, so it's a number, now when I update the database it DOES NOT use the single quotes, so it looks like:
& "ICQ = " & Trim(FormatStr(Request.Form("ICQ"))) & ", " _
Now, the prob with it is when a user DOES NOT type anything in it, since he doesn't have a ICQ number, then it gives a syntax error because your inserting nothing without any single quotes. How do i fix it? Or how can I NOT make it update if it doesn't have anything in the text box?
View Replies
View Related
have a problem of concantenating two form fields. I have 3 text boxes,which is supposed to grab the user date of birth information. One text box for the day, the other for the month and last one for the year.
I want a situation where i can just concantenate them into one variable to be picked up by my sql query like this 04-05-1982 into an access database. Now this is my code: PHP Code:
birthday=Request.form("dd")&"-"&Request.form("mm")&"-"&Request.form("yy")
If i put the '"&birthday&"' variable in my sql query it doesn't pick up anything.
Please how can i solve this.
View Replies
View Related
I can get all fields, but how do I not get the button in the loop
Dim FormFields
Set FormFields = request.form
Dim Field
if request.form("Button2") = "Update Order" then
For each Field in FormFields
response.write Field & " = " & Request.Form(Field) & "<br>"
Next
end if
View Replies
View Related
I'm working on a form where if a client makes an entry in one field, it causes another field to become unusable. The fields most likely will be drop-down lists. The form will be filled out online then mailed to me using the post method.
View Replies
View Related
Is there an effective way to stop pages from being cached?
I've created several websites that have dynamic content and images that are managed by a client. The images are named according to the "id" generated via an Identity column of their corresponding database record (ex: 1058.jpg). The problem occurs when the client tries to change the image.
The client gets understandly confused because the old image is still displayed, due to the browser caching the image. How can I force the browser to stop caching the page/image?
All of the ASP pages already have the following:
<%Response.Expires = -1%>
<meta http-equiv="expires" content="0">
<meta http-equiv="pragma" content="no-cache">
Any ideas?
View Replies
View Related
I have a few reports that grabs +- 27 000 records from a database, does a few calculations and queries on them, and then writes the results to a text file. As you can imagine, this does take a while (half an hour if the server isn't busy) and hammers the servers resources.
I sometimes realise (after I've started the page) that I made an error in my code, or that another report is more important at the moment. The only way to stop the page if something like this happens, is to bounce the server (even closing my browser doesn't work) - which won't make me very popular .
Is it possible (at all) to stop the execution of the page after it has been started? (I know that ASP is executed on the server, and only the results are sent through, but doesn't it have some sort of event handling?
View Replies
View Related
I have a asp page which is pretty long. This consitst of various recordsets. My intention is to stop execution of a code at a cetain point and test one value prior to this point. Is there any way to do this?
View Replies
View Related
I have this asp screen (not .net just asp) where user can fill in report criteria and then when they hit the "Go" button, at which point the report page will be displayed. Sometimes the reports are quite big and may take 2 to 3 minutes to complete.
If the user realizes he makes a mistake as soon as he gets to the report page, he may hit the "Stop" button and think the server has stopped generating the report, but it's not true. The server is still running the process.
This is particularly more obvious for developers like myself cos I have the server installed on my workstation. When I hit the Stop button and then back to the report filter page and make some changes and then hit the Go again, it'll take 2 to 3 minutes before it'll show the report page this time, as if the server was trying to complete my last report first, before processing my current new request.
Question I have therefore, is, if I'm running a long server process, then how I can get the server to stop this thread (or process?) when the user hits the Stop button, or hits the Back button?
View Replies
View Related
I have created a database were you submit a job by entering the fields which is fine if it is a site visit but if it is a phone call or remote help not all the fields need to be filled in but if there not filled in it wont submit the values to the database i get data mismatch error code is below.
I either need to be able to send them blank values to the database or ideally i wont to create a option box with Phone call, Site visit and remote help which when selected takes you to the correct page which have different values in the form to fill in.
View Replies
View Related
I have a table in which I count the rows, and for each record it finds it uses that number to dynamically name the form field. i.e.
<input type=text name="FirstName<%=i%>">
I got that to work just fine. What I'm trying to do now, is post the form, and on the new page dynamically create cookies based on the number of form fields there are. For example, my desired end result would look something like this..
response.cookies("First0")=request.form("FirstName0")
response.cookies("First1")=request.form("FirstName1")
and so on. Is there a way to do this by looping, instead of hardcoding? I have my feeble attempt below....
View Replies
View Related