brillox
asked on
form validation blank space
Hi, pleas can anuone visit this link (is for a university coursework) and let me know how after validation java script someone is still able to add empty blogs?
Basically I do not want empty blogs, but in the blog section I must accept white spaces between words (e.g.: blabla blabla)
Please note that I am abeginner and therefore I need step by step example.
Please HELP I am having a war with an unknown user...
the link is: http://www45.brinkster.com/brillox/blogs.asp
please help me to win this war !!
Basically I do not want empty blogs, but in the blog section I must accept white spaces between words (e.g.: blabla blabla)
Please note that I am abeginner and therefore I need step by step example.
Please HELP I am having a war with an unknown user...
the link is: http://www45.brinkster.com/brillox/blogs.asp
please help me to win this war !!
ASKER
How ?
Please give me a suggestion
Please give me a suggestion
first I would use
function checkString(theForm) {
var strval = theForm.GuestName.value;
if (!testAlphaNumOnly(strval) ) {
alert("Guest Name is a required field & ONLY alphanumeric entries allowed")
theForm.GuestName.focus();
return false
}
strval = theForm.GuestSurname.value ;
if (!testAlphaNumOnly(strval) ) {
alert("Guest Surname is a required field & ONLY alphanumeric entries allowed")
theForm.GuestSurname.focus ();
return false
}
strval = theForm.Comment.value;
if (!testAlphaNumOnly(strval) ) {
alert("Comment is a required field & ONLY alphanumeric entries allowed")
theForm.Comment.focus();
return false
}
return true
}
and
<form .... onsubmit ="return checkString(this)">
notice the "this"
then in my asp I would do something like
<%
errorText = "";
If Trim(Request.Form("GuestNa me")) = "" THEN
errorText = "Please enter a valid guest name"
Elseif Trim(Request.Form("GuestSu rname")) = "" THEN
errorText = "Please enter a valid guest surname"
Elseif Trim(Request.Form("Comment ")) = "" THEN
errorText= "Please enter a Comment"
End if
If errorText = "" THEN saveForm.....
%>
function checkString(theForm) {
var strval = theForm.GuestName.value;
if (!testAlphaNumOnly(strval)
alert("Guest Name is a required field & ONLY alphanumeric entries allowed")
theForm.GuestName.focus();
return false
}
strval = theForm.GuestSurname.value
if (!testAlphaNumOnly(strval)
alert("Guest Surname is a required field & ONLY alphanumeric entries allowed")
theForm.GuestSurname.focus
return false
}
strval = theForm.Comment.value;
if (!testAlphaNumOnly(strval)
alert("Comment is a required field & ONLY alphanumeric entries allowed")
theForm.Comment.focus();
return false
}
return true
}
and
<form .... onsubmit ="return checkString(this)">
notice the "this"
then in my asp I would do something like
<%
errorText = "";
If Trim(Request.Form("GuestNa
errorText = "Please enter a valid guest name"
Elseif Trim(Request.Form("GuestSu
errorText = "Please enter a valid guest surname"
Elseif Trim(Request.Form("Comment
errorText= "Please enter a Comment"
End if
If errorText = "" THEN saveForm.....
%>
ASKER
thanks mplunjan.
Below my ASP code, can you please show me where you will add your ASP code?
<%@language="VBScript"%>
<html>
<head>
<title>Blog added, Thank you</title>
<link rel="stylesheet" type="text/css" href="pageStyle.css">
</head>
<body topmargin="200">
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider
Set myDB = Server.CreateObject("ADODB .Connectio n")
'open the database
sProvider = "Provider=Microsoft.Jet.OL EDB.4.0;"
sRootPath = Server.MapPath("\brillox\d b")
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB .Recordset ")
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa me") = Request.Form("AuthorName")
rsAddBlog.Fields("AuthorSu rname") = Request.Form("AuthorSurnam e")
rsAddBlog.Fields("BlogTitl e") = Request.Form("BlogTitle")
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
%>
<!--END of ASP code-->
<!-- start of few html line of code for page links-->
<h1 align="center"><font size="5"><b>BRILLOXWEBLOG< /b></font> </h1>
<p align="center"><b><font size="4" color="#FFFF00">Blog added, thanks</font></b></p>
<p align="center"><a title="Add a new Blog" href="AddBlog.htm">Add a new Blog</a></br></br>
<a title="Show all Blogs" href="Blogs.asp">show all blogs</a></p>
</body>
</html>
Below my ASP code, can you please show me where you will add your ASP code?
<%@language="VBScript"%>
<html>
<head>
<title>Blog added, Thank you</title>
<link rel="stylesheet" type="text/css" href="pageStyle.css">
</head>
<body topmargin="200">
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider
Set myDB = Server.CreateObject("ADODB
'open the database
sProvider = "Provider=Microsoft.Jet.OL
sRootPath = Server.MapPath("\brillox\d
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa
rsAddBlog.Fields("AuthorSu
rsAddBlog.Fields("BlogTitl
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
%>
<!--END of ASP code-->
<!-- start of few html line of code for page links-->
<h1 align="center"><font size="5"><b>BRILLOXWEBLOG<
<p align="center"><b><font size="4" color="#FFFF00">Blog added, thanks</font></b></p>
<p align="center"><a title="Add a new Blog" href="AddBlog.htm">Add a new Blog</a></br></br>
<a title="Show all Blogs" href="Blogs.asp">show all blogs</a></p>
</body>
</html>
ASKER
I also noticed that careless of my above code, someone is stilla ble to add empnty blogs. Is this because they switch off the jave script in some way or what.. I am going mad trying to stop people adding empty blogs.. they try everything... tab space, <br> &nsbp etc etc
Does not look like we have the same fieldnames...
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider, testFields
If (Trim(Request.Form("Author Name"))) ="" OR
(Trim(Request.Form("Author Surname")) ) ="" OR
(Trim(Request.Form("BlogTi tle"))) ="" OR
(Trim(Request.Form("Blog") )) ="" THEN
Response.Redirect "AddBlog.htm") ' or error page or show the form with errors
Else
Set myDB = Server.CreateObject("ADODB .Connectio n")
.
.
.
EndIf
%>
<!--END of ASP code-->
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider, testFields
If (Trim(Request.Form("Author
(Trim(Request.Form("Author
(Trim(Request.Form("BlogTi
(Trim(Request.Form("Blog")
Response.Redirect "AddBlog.htm") ' or error page or show the form with errors
Else
Set myDB = Server.CreateObject("ADODB
.
.
.
EndIf
%>
<!--END of ASP code-->
ASKER
Thanks mplungjan..
Do you ahve any idea how (at the moment) users are still able to enter blank blogs. I tried myself and if I hit the tab or the enter keys or leave the fields blank, the validation works. How this user manage to add new blog. He claim that he have the "POWER" and I hate that...
any idea ... ????
Do you ahve any idea how (at the moment) users are still able to enter blank blogs. I tried myself and if I hit the tab or the enter keys or leave the fields blank, the validation works. How this user manage to add new blog. He claim that he have the "POWER" and I hate that...
any idea ... ????
ASKER
Hi mplungjan, I updated the code as below, but it doesn't work... now when I press submit without adding any value, the form has been accepted.
<script language="javascript">
function testAlphaNumOnly(formFIeld Value)
{
return /[a-z0-9]/gi.test(formFIel dValue)
}
function checkString(theForm)
{
var strval = theForm.GuestName.value;
if (!testAlphaNumOnly(strval) )
{
alert("Guest Name is a required field & ONLY alphanumeric entries allowed")
theForm.GuestName.focus();
return false
}
strval = theForm.GuestSurname.value ;
if (!testAlphaNumOnly(strval) )
{
alert("Guest Surname is a required field & ONLY alphanumeric entries allowed")
theForm.GuestSurname.focus ();
return false
}
strval = theForm.BlogTitle.value;
if (!testAlphaNumOnly(strval) )
{
alert("Blog Title is aRequired Field and tab space or blank space are NOT allowed")
theform.BlogTitle.focus();
return false
}
strval = theForm.Comment.value;
if (!testAlphaNumOnly(strval) )
{
alert("Comment is a required field & ONLY alphanumeric entries allowed")
theForm.Comment.focus();
return false
}
return true
}
</script>
.....
<form name="theForm" method=post action="AddOneBlog.asp" onsubmit ="return checkString(this)">
<script language="javascript">
function testAlphaNumOnly(formFIeld
{
return /[a-z0-9]/gi.test(formFIel
}
function checkString(theForm)
{
var strval = theForm.GuestName.value;
if (!testAlphaNumOnly(strval)
{
alert("Guest Name is a required field & ONLY alphanumeric entries allowed")
theForm.GuestName.focus();
return false
}
strval = theForm.GuestSurname.value
if (!testAlphaNumOnly(strval)
{
alert("Guest Surname is a required field & ONLY alphanumeric entries allowed")
theForm.GuestSurname.focus
return false
}
strval = theForm.BlogTitle.value;
if (!testAlphaNumOnly(strval)
{
alert("Blog Title is aRequired Field and tab space or blank space are NOT allowed")
theform.BlogTitle.focus();
return false
}
strval = theForm.Comment.value;
if (!testAlphaNumOnly(strval)
{
alert("Comment is a required field & ONLY alphanumeric entries allowed")
theForm.Comment.focus();
return false
}
return true
}
</script>
.....
<form name="theForm" method=post action="AddOneBlog.asp" onsubmit ="return checkString(this)">
ASKER
I also added your code in the ASP page as follows... but doesn't work... what Ia m doing wrong??
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider, testFields
If (Trim(Request.Form("Author Name"))) ="" OR
(Trim(Request.Form("Author Surname")) ) ="" OR
(Trim(Request.Form("BlogTi tle"))) ="" OR
(Trim(Request.Form("Blog") )) ="" THEN
Response.Redirect "AddBlog.htm") ' or error page or show the form with errors
Else
Set myDB = Server.CreateObject("ADODB .Connectio n")
'open the database
sProvider = "Provider=Microsoft.Jet.OL EDB.4.0;"
sRootPath = Server.MapPath("\brillox\d b")
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB .Recordset ")
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa me") = Request.Form("AuthorName")
rsAddBlog.Fields("AuthorSu rname") = Request.Form("AuthorSurnam e")
rsAddBlog.Fields("BlogTitl e") = Request.Form("BlogTitle")
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
End If
%>
<!--END of ASP code-->
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider, testFields
If (Trim(Request.Form("Author
(Trim(Request.Form("Author
(Trim(Request.Form("BlogTi
(Trim(Request.Form("Blog")
Response.Redirect "AddBlog.htm") ' or error page or show the form with errors
Else
Set myDB = Server.CreateObject("ADODB
'open the database
sProvider = "Provider=Microsoft.Jet.OL
sRootPath = Server.MapPath("\brillox\d
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa
rsAddBlog.Fields("AuthorSu
rsAddBlog.Fields("BlogTitl
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
End If
%>
<!--END of ASP code-->
Do you have it online somewhere
and what does your asp log tell you goes wrong. I am NOT an asp programmer so whatever I did is asp was for you to correct.
and what does your asp log tell you goes wrong. I am NOT an asp programmer so whatever I did is asp was for you to correct.
You're not checking for invalid characters or only accepting valid ones. You're only testing if the field is blank and a invisible character will not show but the field will not be blank.
First thing to do is encode the input so invisible characters are easily manipulated if you want to check for invalid characters.
This is very bad for security reasons:
rsAddBlog.Fields("AuthorNa me") = Request.Form("AuthorName")
rsAddBlog.Fields("AuthorSu rname") = Request.Form("AuthorSurnam e")
rsAddBlog.Fields("BlogTitl e") = Request.Form("BlogTitle")
rsAddBlog.Fields("Blog") = Request.Form("Blog")
BTW... I turned off javascript and tested your form and you now have another empty blog entry. (O:=
So, now let's try to fix it.
See if you can get this to fail:
I tested it with javascript enabled and disabled but I haven't completely looked at SQL injection although currently it's not tied to a database.
http://kiddanger.com/lab/validcharacters.asp
First thing to do is encode the input so invisible characters are easily manipulated if you want to check for invalid characters.
This is very bad for security reasons:
rsAddBlog.Fields("AuthorNa
rsAddBlog.Fields("AuthorSu
rsAddBlog.Fields("BlogTitl
rsAddBlog.Fields("Blog") = Request.Form("Blog")
BTW... I turned off javascript and tested your form and you now have another empty blog entry. (O:=
So, now let's try to fix it.
See if you can get this to fail:
I tested it with javascript enabled and disabled but I haven't completely looked at SQL injection although currently it's not tied to a database.
http://kiddanger.com/lab/validcharacters.asp
ASKER
Hi mplugjan,
you can see the web at http://www45.brinkster.com/brillox/blogs.asp
however now I uploaded the old version of the data validation ( but apparently does not work with java script disabled). with your code, I didn't had any error, the form was justa ccepted with all the field blank.
you can see the web at http://www45.brinkster.com/brillox/blogs.asp
however now I uploaded the old version of the data validation ( but apparently does not work with java script disabled). with your code, I didn't had any error, the form was justa ccepted with all the field blank.
ASKER
Hi Kiddanger,
I appreciate your help, at the moment I changed my table in access database and now the blog fields are required and null value are not accepted, therefore also with javascript disabled blank blogs are not accepted. However in this case I receive of these orrible error messages from access database.
I know that I can use a try catch, but because I am new to this kind of thinks I do not know exactly how to personalize it. ABove you will find a copy of my code. Do you think that this will be a good solution?
I appreciate your help, at the moment I changed my table in access database and now the blog fields are required and null value are not accepted, therefore also with javascript disabled blank blogs are not accepted. However in this case I receive of these orrible error messages from access database.
I know that I can use a try catch, but because I am new to this kind of thinks I do not know exactly how to personalize it. ABove you will find a copy of my code. Do you think that this will be a good solution?
The link does not provide your code, only the client-side can be seen. It helps when you show the error. Have you tested the link I provided to see if you can make it fail? I'll see if I can enter another blank entry in your blog.
The error you're getting is a javascript error, line 17.
BTW... You shouldn't post that you've solved the issue until this is actually fixed. I just made another blank entry. (O:= You must have posted right after mine.
Just to make sure you were posting when I did, since you don't show the time posted, I tried again. You now have two blank entries.
ASKER
You are right !!
but if I try to add an empty blog I get this (after changing access db table)
Microsoft JET Database Engine error '80040e21'
Field 'Blogs.AuthorName' cannot be a zero-length string.
/brillox/AddOneBlog.asp, line 46
So How you are able to add new blog?
but if I try to add an empty blog I get this (after changing access db table)
Microsoft JET Database Engine error '80040e21'
Field 'Blogs.AuthorName' cannot be a zero-length string.
/brillox/AddOneBlog.asp, line 46
So How you are able to add new blog?
ASKER
By the way..
I cancell empty blogs ( I can accept that the user that I am in war with see another EMPTY BLOG!!)
Please help
I cancell empty blogs ( I can accept that the user that I am in war with see another EMPTY BLOG!!)
Please help
ASKER
I tested your link ad works, but to br really honest... I do not know how to adapt to my code... I am a very very beginner !!
ASKER
typos... " I cancelled empny blogs ( I can NOT accept...."
ASKER
Basically (kiddanger) what I do not understand of your code (form) is
document.getElementById (where "ById" came from?)
and the way that you design textfields it looks like is not really html)
Please note that this means that is me that I do not understand, not that your code is not clear.
document.getElementById (where "ById" came from?)
and the way that you design textfields it looks like is not really html)
Please note that this means that is me that I do not understand, not that your code is not clear.
No need to change your script to use document.getelement. it will fail in older browsers
You need to remove the extra
<script language="javascript">
you have in front of
String.prototype.trim = function()
I get
Error: syntax error
Source File: http://www45.brinkster.com/brillox/AddBlog.htm
Line: 18
Source Code:
<script language="javascript">
You need to remove the extra
<script language="javascript">
you have in front of
String.prototype.trim = function()
I get
Error: syntax error
Source File: http://www45.brinkster.com/brillox/AddBlog.htm
Line: 18
Source Code:
<script language="javascript">
brillox...
You're not looking at my server-side code. Don't worry about the javascript. That's just there to keep the server from taking hits. You still have to validate on the server-side. I'm going to make my server-side code available so you can see it. All I'm doing it validating the database because the connection to the database, which I don't have in my code. I used FF and turned off javascript and tested it the same way I'm able to put blank entries in your blog and it fails on mine, which is what we want.
Ok, go back here:
http://kiddanger.com/lab/ss_validcharacters.asp
There is a link at the bottom on the left to view the source.
You're not looking at my server-side code. Don't worry about the javascript. That's just there to keep the server from taking hits. You still have to validate on the server-side. I'm going to make my server-side code available so you can see it. All I'm doing it validating the database because the connection to the database, which I don't have in my code. I used FF and turned off javascript and tested it the same way I'm able to put blank entries in your blog and it fails on mine, which is what we want.
Ok, go back here:
http://kiddanger.com/lab/ss_validcharacters.asp
There is a link at the bottom on the left to view the source.
Sorry.. that's a direct link.
http://kiddanger.com/lab/validcharacters.asp is the form. The other link just saves a step.
http://kiddanger.com/lab/validcharacters.asp is the form. The other link just saves a step.
ASKER
OK Kiddanger, but Do I have to change my form design with yours ( code below)
<form name="blogform" method="post" action="" onsubmit="return isvalid()">
<table>
<tr><td class="labels">First Name:</td><td class="values"><input id="blogFirst" name="blogFirst" type="text" value="<%=strFirst%>" /></td></tr>
<tr><td class="labels">Last Name:</td><td class="values"><input id="blogLast" name="blogLast" type="text" value="<%=strLast%>" /></td></tr>
<tr><td class="labels">Subject:</t d><td class="values"><input id="blogSubject" name="blogSubject" type="text" value="<%=strSubject%>" /></td></tr>
<tr><td class="labels">Blog:</td>< td class="values"><textarea id="blogText" name="blogText" rows="5" cols="40"><%=strText%></te xtarea></t d></tr>
<input name="postback" type="hidden" value="postback" />
<tr><td></td><td><input type="submit" value="Blog" /><input type="reset" /></td></tr>
</table>
</form>
THIS IS MY FORM..
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t d>
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">   ;
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
<form name="blogform" method="post" action="" onsubmit="return isvalid()">
<table>
<tr><td class="labels">First Name:</td><td class="values"><input id="blogFirst" name="blogFirst" type="text" value="<%=strFirst%>" /></td></tr>
<tr><td class="labels">Last Name:</td><td class="values"><input id="blogLast" name="blogLast" type="text" value="<%=strLast%>" /></td></tr>
<tr><td class="labels">Subject:</t
<tr><td class="labels">Blog:</td><
<input name="postback" type="hidden" value="postback" />
<tr><td></td><td><input type="submit" value="Blog" /><input type="reset" /></td></tr>
</table>
</form>
THIS IS MY FORM..
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">  
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
ASKER
GUYS I AM TOTALLY CONFUSED NOW!!
I really need examples with my code. I apologize, but for me as beginner is very hard to adapt someelse code.. can any of you give a working example with my code?
I really need examples with my code. I apologize, but for me as beginner is very hard to adapt someelse code.. can any of you give a working example with my code?
ASKER
THANKS MPLUNGJAN !!
I could not believe it that I had two times <script language="javascript">
at least now the code is working... but the question is always.. WHAT IF JAVASRIPT IS TURNED OFF ?
and for this I need a clear example with my code, therefore below the LAST VERSION of the code at the moment;
THIS IS THE CODE OF http://www45.brinkster.com/brillox/AddBlog.htm
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> Add a new blog</title>
<meta name="keywords" content=" weblog, Dundee University log, Dundee blog, students blogs">
<meta name="description" content=" this is Massimo Brillante weblog assignment for Dundee University 2nd year">
<meta name="author" content=" Massimo Brillante">
<meta name="copyright" content="Copyright © 2005-2010 Massimo Brillante and ... All Rights Reserved">
<link rel="stylesheet" type="text/css" href="pageStyle.css">
<script language="javascript">
function testAlphaNumOnly(formFIeld Value)
{
return /^[a-z0-9 ]+$/gi.test(formFIeldValue )
}
String.prototype.trim = function()
{
return( (ar=/^\s*([\s\S]*\S+)\s*$/ .exec(this )) ? ar[1] : "" );
}
function checkString()
{
document.form.AuthorName.v alue = document.form.AuthorName.v alue.trim( );
document.form.AuthorSurnam e.value = document.form.AuthorSurnam e.value.tr im();
document.form.BlogTitle.va lue = document.form.BlogTitle.va lue.trim() ;
document.form.Blog.value = document.form.Blog.value.t rim();
var strval = document.form.AuthorName.v alue;
if (!testAlphaNumOnly(strval) )
{
document.form.AuthorName.f ocus();
alert(" Author name is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.AuthorSurnam e.value;
if (!testAlphaNumOnly(strval) )
{
document.form.AuthorSurnam e.focus();
alert("Author Surname is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.BlogTitle.va lue;
if (!testAlphaNumOnly(strval) )
{
document.form.BlogTitle.fo cus();
alert("Blog Title is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.Blog.value;
if (!testAlphaNumOnly(strval) )
{
document.form.Blog.focus() ;
alert("Blog is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
return true
}
</script>
</head>
<body >
<noscript>Your browser does not support JavaScript!</noscript>
<table ALIGN="center" border="0" width="90%">
<tr>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" alt="add a new blog" align="left"></font></td>
<td bgcolor="#000000">
<h1 align="center">BRILLOX WEB-LOG</h1>
</td>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" align="right" alt="add a new blog"></font></td>
</tr>
</table>
<table align="center" border="1" width="90%">
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h1 align="center">YOU ARE IN "<font color="#FFFF00">ADD A NEW BLOG</font>"
SECTION</h1>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h2><font color="#FFFFFF">(Fill in all the form and click on
submit)</font></h2>
</td>
</tr>
<tr>
<td bgcolor="#C0C0C0" nowrap valign="top" align="left">
<p><font size="4" color="#800000">NAVIGATION </font></p >
<p><a title="back to the home page" href="index.htm"> Home page</a></p>
<p><a title="Show all Blogs" href="blogs.asp">Show all Blogs</a></p>
<p>Add Blog</p>
<p><a title="Add a comment" href="CommentSelect.asp">A dd a Comment</a></p>
<p><a title="Administration area" href="loginAdmin.htm">Admi n area</a></p>
<p><a title="Contact us info" href="contactInfo.htm">con tact us </a></p>
<p><a title="EMAIL US NOW" href="mailto:mbrillante@co mputing.du ndee.ac.uk ">email us</a></p>
</td>
<td align="left" valign="top" bgcolor="#FFFFFF" width="81%">
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t d>
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">   ;
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#C0C0C0">Webmaste r: Massimo Brillante :
<font color="#FFFFFF"> <a title="EMAIL US NOW" href="mailto:mbrillante@co mputing.du ndee.ac.uk ">mbrillan te@computi ng.dundee. ac.uk</a>< /font></td >
</tr>
</table>
</body>
</html>
I could not believe it that I had two times <script language="javascript">
at least now the code is working... but the question is always.. WHAT IF JAVASRIPT IS TURNED OFF ?
and for this I need a clear example with my code, therefore below the LAST VERSION of the code at the moment;
THIS IS THE CODE OF http://www45.brinkster.com/brillox/AddBlog.htm
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> Add a new blog</title>
<meta name="keywords" content=" weblog, Dundee University log, Dundee blog, students blogs">
<meta name="description" content=" this is Massimo Brillante weblog assignment for Dundee University 2nd year">
<meta name="author" content=" Massimo Brillante">
<meta name="copyright" content="Copyright © 2005-2010 Massimo Brillante and ... All Rights Reserved">
<link rel="stylesheet" type="text/css" href="pageStyle.css">
<script language="javascript">
function testAlphaNumOnly(formFIeld
{
return /^[a-z0-9 ]+$/gi.test(formFIeldValue
}
String.prototype.trim = function()
{
return( (ar=/^\s*([\s\S]*\S+)\s*$/
}
function checkString()
{
document.form.AuthorName.v
document.form.AuthorSurnam
document.form.BlogTitle.va
document.form.Blog.value = document.form.Blog.value.t
var strval = document.form.AuthorName.v
if (!testAlphaNumOnly(strval)
{
document.form.AuthorName.f
alert(" Author name is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.AuthorSurnam
if (!testAlphaNumOnly(strval)
{
document.form.AuthorSurnam
alert("Author Surname is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.BlogTitle.va
if (!testAlphaNumOnly(strval)
{
document.form.BlogTitle.fo
alert("Blog Title is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.Blog.value;
if (!testAlphaNumOnly(strval)
{
document.form.Blog.focus()
alert("Blog is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
return true
}
</script>
</head>
<body >
<noscript>Your browser does not support JavaScript!</noscript>
<table ALIGN="center" border="0" width="90%">
<tr>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" alt="add a new blog" align="left"></font></td>
<td bgcolor="#000000">
<h1 align="center">BRILLOX WEB-LOG</h1>
</td>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" align="right" alt="add a new blog"></font></td>
</tr>
</table>
<table align="center" border="1" width="90%">
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h1 align="center">YOU ARE IN "<font color="#FFFF00">ADD A NEW BLOG</font>"
SECTION</h1>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h2><font color="#FFFFFF">(Fill in all the form and click on
submit)</font></h2>
</td>
</tr>
<tr>
<td bgcolor="#C0C0C0" nowrap valign="top" align="left">
<p><font size="4" color="#800000">NAVIGATION
<p><a title="back to the home page" href="index.htm"> Home page</a></p>
<p><a title="Show all Blogs" href="blogs.asp">Show all Blogs</a></p>
<p>Add Blog</p>
<p><a title="Add a comment" href="CommentSelect.asp">A
<p><a title="Administration area" href="loginAdmin.htm">Admi
<p><a title="Contact us info" href="contactInfo.htm">con
<p><a title="EMAIL US NOW" href="mailto:mbrillante@co
</td>
<td align="left" valign="top" bgcolor="#FFFFFF" width="81%">
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">  
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#C0C0C0">Webmaste
<font color="#FFFFFF"> <a title="EMAIL US NOW" href="mailto:mbrillante@co
</tr>
</table>
</body>
</html>
ASKER
AND THIS IS THE CODE OF http://www45.brinkster.com/brillox/AddOneBlog.asp
<%@language="VBScript"%>
<html>
<head>
<title>Blog added, Thank you</title>
<link rel="stylesheet" type="text/css" href="pageStyle.css">
</head>
<body topmargin="200">
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider
Set myDB = Server.CreateObject("ADODB .Connectio n")
'open the database
sProvider = "Provider=Microsoft.Jet.OL EDB.4.0;"
sRootPath = Server.MapPath("\brillox\d b")
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB .Recordset ")
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa me") = Request.Form("AuthorName")
rsAddBlog.Fields("AuthorSu rname") = Request.Form("AuthorSurnam e")
rsAddBlog.Fields("BlogTitl e") = Request.Form("BlogTitle")
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
%>
<!--END of ASP code-->
<!-- start of few html line of code for page links-->
<h1 align="center"><font size="5"><b>BRILLOXWEBLOG< /b></font> </h1>
<p align="center"><b><font size="4" color="#FFFF00">Blog added, thanks</font></b></p>
<p align="center"><a title="Add a new Blog" href="AddBlog.htm">Add a new Blog</a></br></br>
<a title="Show all Blogs" href="Blogs.asp">show all blogs</a></p>
</body>
</html>
<%@language="VBScript"%>
<html>
<head>
<title>Blog added, Thank you</title>
<link rel="stylesheet" type="text/css" href="pageStyle.css">
</head>
<body topmargin="200">
<!--start of ASP code-->
<%
Dim myDB, sRootPath, sPath, sProvider
Set myDB = Server.CreateObject("ADODB
'open the database
sProvider = "Provider=Microsoft.Jet.OL
sRootPath = Server.MapPath("\brillox\d
sPath = "Data Source=" & sRootPath & "\Blog.mdb;"
myDB.Open sProvider & sPath
Const adOpenKeyset = 1
Const adLockOptimistic = 3
Dim rsAddBlog
Set rsAddBlog = Server.CreateObject("ADODB
'Initialise the strSQL variable with an SQL statement to query the database with
strSQL = "SELECT Blogs.AuthorName, Blogs.AuthorSurname, Blogs.BlogTitle, Blogs.Blog, Blogs.GuestSurname, Blogs.GuestName, Blogs.Comment FROM Blogs"
'Open the recordset with the SQL query
rsAddBlog.Open strSQL, myDB, adOpenKeyset, adLockOptimistic
'Tell the recordset we are adding a new record to it
rsAddBlog.AddNew
'Add a new record to the recordset
rsAddBlog.Fields("AuthorNa
rsAddBlog.Fields("AuthorSu
rsAddBlog.Fields("BlogTitl
rsAddBlog.Fields("Blog") = Request.Form("Blog")
'Write the updated recordset to the database
rsAddBlog.Update
'Reset server variables
rsAddBlog.Close
Set rsAddBlog = Nothing
myDB.close
Set myDB = Nothing
'Redirect to the AddBlog.htm page
'Response.Redirect "AddBlog.htm"
%>
<!--END of ASP code-->
<!-- start of few html line of code for page links-->
<h1 align="center"><font size="5"><b>BRILLOXWEBLOG<
<p align="center"><b><font size="4" color="#FFFF00">Blog added, thanks</font></b></p>
<p align="center"><a title="Add a new Blog" href="AddBlog.htm">Add a new Blog</a></br></br>
<a title="Show all Blogs" href="Blogs.asp">show all blogs</a></p>
</body>
</html>
I will let Kid handle that.
brillox...
I was doing this with one file. You're doing it with two. Do you want to keep it as a 2 page process?
I was doing this with one file. You're doing it with two. Do you want to keep it as a 2 page process?
ASKER
The less I have to change the less mess I'll made !!! (sorry for my english, I am italian)
ASKER
However I now have another version of addblog.html.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> Add a new blog</title>
<meta name="keywords" content=" weblog, Dundee University log, Dundee blog, students blogs">
<meta name="description" content=" this is Massimo Brillante weblog assignment for Dundee University 2nd year">
<meta name="author" content=" Massimo Brillante">
<meta name="copyright" content="Copyright © 2005-2010 Massimo Brillante and ... All Rights Reserved">
<link rel="stylesheet" type="text/css" href="pageStyle.css">
<script language="javascript">
function testAlphaNumOnly(formFIeld Value)
{
return /^[a-z0-9 ]+$/gi.test(formFIeldValue )
}
String.prototype.trim = function()
{
return( (ar=/^\s*([\s\S]*\S+)\s*$/ .exec(this )) ? ar[1] : "" );
}
function checkString()
{
document.form.AuthorName.v alue = document.form.AuthorName.v alue.trim( );
document.form.AuthorSurnam e.value = document.form.AuthorSurnam e.value.tr im();
document.form.BlogTitle.va lue = document.form.BlogTitle.va lue.trim() ;
document.form.Blog.value = document.form.Blog.value.t rim();
var strval = document.form.AuthorName.v alue;
if (!testAlphaNumOnly(strval) )
{
document.form.AuthorName.f ocus();
alert(" Author name is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.AuthorSurnam e.value;
if (!testAlphaNumOnly(strval) )
{
document.form.AuthorSurnam e.focus();
alert("Author Surname is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.BlogTitle.va lue;
if (!testAlphaNumOnly(strval) )
{
document.form.BlogTitle.fo cus();
alert("Blog Title is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.Blog.value;
if (!testAlphaNumOnly(strval) )
{
document.form.Blog.focus() ;
alert("Blog is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
return true
}
</script>
</head>
<body >
<noscript>Your browser does not support JavaScript!</noscript>
<table ALIGN="center" border="0" width="90%">
<tr>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" alt="add a new blog" align="left"></font></td>
<td bgcolor="#000000">
<h1 align="center">BRILLOX WEB-LOG</h1>
</td>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" align="right" alt="add a new blog"></font></td>
</tr>
</table>
<table align="center" border="1" width="90%">
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h1 align="center">YOU ARE IN "<font color="#FFFF00">ADD A NEW BLOG</font>"
SECTION</h1>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h2><font color="#FFFFFF">(Fill in all the form and click on
submit)</font></h2>
</td>
</tr>
<tr>
<td bgcolor="#C0C0C0" nowrap valign="top" align="left">
<p><font size="4" color="#800000">NAVIGATION </font></p >
<p><a title="back to the home page" href="index.htm"> Home page</a></p>
<p><a title="Show all Blogs" href="blogs.asp">Show all Blogs</a></p>
<p>Add Blog</p>
<p><a title="Add a comment" href="CommentSelect.asp">A dd a Comment</a></p>
<p><a title="Administration area" href="loginAdmin.htm">Admi n area</a></p>
<p><a title="Contact us info" href="contactInfo.htm">con tact us </a></p>
<p><a title="EMAIL US NOW" href="mailto:mbrillante@co mputing.du ndee.ac.uk ">email us</a></p>
</td>
<td align="left" valign="top" bgcolor="#FFFFFF" width="81%">
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t d>
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">   ;
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#C0C0C0">Webmaste r: Massimo Brillante :
<font color="#FFFFFF"> <a title="EMAIL US NOW" href="mailto:mbrillante@co mputing.du ndee.ac.uk ">mbrillan te@computi ng.dundee. ac.uk</a>< /font></td >
</tr>
</table>
</body>
</html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title> Add a new blog</title>
<meta name="keywords" content=" weblog, Dundee University log, Dundee blog, students blogs">
<meta name="description" content=" this is Massimo Brillante weblog assignment for Dundee University 2nd year">
<meta name="author" content=" Massimo Brillante">
<meta name="copyright" content="Copyright © 2005-2010 Massimo Brillante and ... All Rights Reserved">
<link rel="stylesheet" type="text/css" href="pageStyle.css">
<script language="javascript">
function testAlphaNumOnly(formFIeld
{
return /^[a-z0-9 ]+$/gi.test(formFIeldValue
}
String.prototype.trim = function()
{
return( (ar=/^\s*([\s\S]*\S+)\s*$/
}
function checkString()
{
document.form.AuthorName.v
document.form.AuthorSurnam
document.form.BlogTitle.va
document.form.Blog.value = document.form.Blog.value.t
var strval = document.form.AuthorName.v
if (!testAlphaNumOnly(strval)
{
document.form.AuthorName.f
alert(" Author name is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.AuthorSurnam
if (!testAlphaNumOnly(strval)
{
document.form.AuthorSurnam
alert("Author Surname is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.BlogTitle.va
if (!testAlphaNumOnly(strval)
{
document.form.BlogTitle.fo
alert("Blog Title is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
strval = document.form.Blog.value;
if (!testAlphaNumOnly(strval)
{
document.form.Blog.focus()
alert("Blog is aRequired Field & ONLY Aplhanumeric Entries Allowed")
return false
}
return true
}
</script>
</head>
<body >
<noscript>Your browser does not support JavaScript!</noscript>
<table ALIGN="center" border="0" width="90%">
<tr>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" alt="add a new blog" align="left"></font></td>
<td bgcolor="#000000">
<h1 align="center">BRILLOX WEB-LOG</h1>
</td>
<td bgcolor="#000000"><font color="#FFFFFF">
<img border="0" src="images/tablet.jpg" width="193" height="160" align="right" alt="add a new blog"></font></td>
</tr>
</table>
<table align="center" border="1" width="90%">
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h1 align="center">YOU ARE IN "<font color="#FFFF00">ADD A NEW BLOG</font>"
SECTION</h1>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#000000" align="center">
<h2><font color="#FFFFFF">(Fill in all the form and click on
submit)</font></h2>
</td>
</tr>
<tr>
<td bgcolor="#C0C0C0" nowrap valign="top" align="left">
<p><font size="4" color="#800000">NAVIGATION
<p><a title="back to the home page" href="index.htm"> Home page</a></p>
<p><a title="Show all Blogs" href="blogs.asp">Show all Blogs</a></p>
<p>Add Blog</p>
<p><a title="Add a comment" href="CommentSelect.asp">A
<p><a title="Administration area" href="loginAdmin.htm">Admi
<p><a title="Contact us info" href="contactInfo.htm">con
<p><a title="EMAIL US NOW" href="mailto:mbrillante@co
</td>
<td align="left" valign="top" bgcolor="#FFFFFF" width="81%">
<form name="form" method=post action="AddOneBlog.asp" onsubmit ="return checkString();">
<table border="1" width="100%" bordercolor="#000000" >
<tr>
<td nowrap bgcolor="#C0C0C0">Author Name: </td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorName" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Author Surname:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="AuthorSurname" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog Title:</td>
<td bgcolor="#C0C0C0">
<input type="text" name="BlogTitle" maxlength="50" size="30"></td>
</tr>
<tr>
<td nowrap bgcolor="#C0C0C0">Blog:</t
<td bgcolor="#C0C0C0"> <textarea name="Blog" rows="4" cols="50"> </textarea></td>
</tr>
</table>
<p align="center">
<input type="submit" name="Submit Form" value="Submit">  
<input type="reset" name=" Reset Form" value="Reset">
</p>
</form>
</td>
</tr>
<tr>
<td colspan="2" bgcolor="#C0C0C0">Webmaste
<font color="#FFFFFF"> <a title="EMAIL US NOW" href="mailto:mbrillante@co
</tr>
</table>
</body>
</html>
ASKER
what do you think... Obviously this is thanks to another member of this beautifull website
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Kiddanger,
I really appreciate your answer and I now realize how it would be more easy to have the db ASP code in the same page of the form ( at Univesrity where I am suggested to split into 2 pages...)
I think that I solved my problem ( I also added a redirection in case of javascript switched off).
However I'll keep your code and if I'll find ANOTHER EMPTY BLOG, I will test your code .
For the effort that you made in writing the WHOLE code, I'll give you my points.
Thanks very much !!
I really appreciate your answer and I now realize how it would be more easy to have the db ASP code in the same page of the form ( at Univesrity where I am suggested to split into 2 pages...)
I think that I solved my problem ( I also added a redirection in case of javascript switched off).
However I'll keep your code and if I'll find ANOTHER EMPTY BLOG, I will test your code .
For the effort that you made in writing the WHOLE code, I'll give you my points.
Thanks very much !!
Thank you Brillox. BTW I can still make blank entries. You have to control this on the server-side. I can always beat client-side scripting, including META REFRESH. (O:=
ASKER
Thank god that is you that added blank entry... I was ready to go at Uni and have a fight with the guy ( I know who is) tahta dd empty blogs without writing how he made it...
Last question I ehard about invisible chararcter that could be added with javascript on. Do you think that this is my case and if so which are the blank characters ??
BTW do youa dded empty blogs with Javascript off ?? (I hope)
Last question I ehard about invisible chararcter that could be added with javascript on. Do you think that this is my case and if so which are the blank characters ??
BTW do youa dded empty blogs with Javascript off ?? (I hope)
The regular expression in the VB server side should filter out all bogus characters.
Michel
Michel
ASKER
thanks mplungjan,
If I receive anu other empty blogs I will post another HELP appeal here. Thanks to all of you
Massimo
If I receive anu other empty blogs I will post another HELP appeal here. Thanks to all of you
Massimo
I actually entered the blank entries with javascript on and off. You just have more open than you realize. Perhaps your ghost blogger is not aware of all that can be done and that's a good thing. Unless you've changed your server-side you're probably also open to SQL injection.
ASKER
so kiddanger,
Sorry kiddanger, I did not understand what really you mean... ( not because you are not clear, but because my emglish is not so good) can you please explait to me ?
Do you mean that I am still open to EMPTY BLOGS ??
I do not want to change all my code again, but I relly would like to be ghost-blogger proof
Sorry kiddanger, I did not understand what really you mean... ( not because you are not clear, but because my emglish is not so good) can you please explait to me ?
Do you mean that I am still open to EMPTY BLOGS ??
I do not want to change all my code again, but I relly would like to be ghost-blogger proof
Il mio italiano non è che buon così orso con me.
Realmente ho fornito le entrate in bianco con il Javascript in funzione e a riposo. Vi fate appena realizzare più aperti. Forse il vostro blogger del fantasma non è informato di tutto che possa essere fatto e che sia una buona cosa. A meno che cambiate il vostro lato del server siete probabilmente egualmente aperti all'iniezione di SQL.
Ora sto usando un attacco di XSS (luogo trasversale che scripting) per fare le entrate in bianco.
Realmente ho fornito le entrate in bianco con il Javascript in funzione e a riposo. Vi fate appena realizzare più aperti. Forse il vostro blogger del fantasma non è informato di tutto che possa essere fatto e che sia una buona cosa. A meno che cambiate il vostro lato del server siete probabilmente egualmente aperti all'iniezione di SQL.
Ora sto usando un attacco di XSS (luogo trasversale che scripting) per fare le entrate in bianco.
I just repeated what I already said in the previous comment and to tell him I was using cross site scripting to make the blank entries. I'll post English and Italian then if he has trouble understanding what I'm saying anymore.
ASKER
ALl my compliments for your ITALIAN kiddanger, however I do not have any empty blog
http://www45.brinkster.com/brillox/blogs.asp
and btw what I can do to defend my blog from SQL injection ( which I do not know what they are !!)?
I realized that my problem is not the English, is that I do not have a clou ( clou ??) about what you guys are talking about...
SQL injection... cross site scripting...
for me is abstarct
http://www45.brinkster.com/brillox/blogs.asp
and btw what I can do to defend my blog from SQL injection ( which I do not know what they are !!)?
I realized that my problem is not the English, is that I do not have a clou ( clou ??) about what you guys are talking about...
SQL injection... cross site scripting...
for me is abstarct
Clue, abstract ;)
What the Kid means is if you are too permissive or use to evaluate the statements, you can get statements like
' INSERT "CRAP" INTO ALL FIELDS WHERE NAME="Massimo"
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.unixwiz.net/techtips/sql-injection.html
What the Kid means is if you are too permissive or use to evaluate the statements, you can get statements like
' INSERT "CRAP" INTO ALL FIELDS WHERE NAME="Massimo"
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.unixwiz.net/techtips/sql-injection.html
ASKER
Ok ....
but I am still totally confused. Please bare in mind that I just STARTED to program and what is very easy for you to understand is quite hard form me, therefore can you provide an example of what I should change in my code for this matter. This i snot for me to copy and paste in my code, but is for me to study your solution and understand what it does.
but I am still totally confused. Please bare in mind that I just STARTED to program and what is very easy for you to understand is quite hard form me, therefore can you provide an example of what I should change in my code for this matter. This i snot for me to copy and paste in my code, but is for me to study your solution and understand what it does.
Looking at your code I do not see great risks. Perhaps Kid can
brillox...
If you have not modified your server-side code, then you still have issues. You never said if you changed it since this started. You have been more concerned with the client-side which in my view is useless re: security. Client-side validation is only to save some hits on the server, so it's for performance reasons.
You are now not allowing javascript to be disabled, ON your site. However, if the form is not submitted from your site, then there's nothing you can do about it. That's why client-side script is pointless when it comes to security.
You must cleanse the input data and you must do bounds checking and verification on the server-side to be successful. If you show your latest server-side I can point out what I see. I have already offered you server-side script but I have no idea what you're currently using. If you stated you have changed it, I missed it.
If you have not modified your server-side code, then you still have issues. You never said if you changed it since this started. You have been more concerned with the client-side which in my view is useless re: security. Client-side validation is only to save some hits on the server, so it's for performance reasons.
You are now not allowing javascript to be disabled, ON your site. However, if the form is not submitted from your site, then there's nothing you can do about it. That's why client-side script is pointless when it comes to security.
You must cleanse the input data and you must do bounds checking and verification on the server-side to be successful. If you show your latest server-side I can point out what I see. I have already offered you server-side script but I have no idea what you're currently using. If you stated you have changed it, I missed it.
ASKER
Hi Kiddanger,
No I did not ues your code yet..... I am revsiing for 3 exams within next 2 weeks and I stopped to bother about the weblog, however I am more than happy to have your help. Do you want me to copy and paste the code of the addblogform.htm and addblog.ASP ?
BTW there is a way toa ttach files here instead of paste it ??
No I did not ues your code yet..... I am revsiing for 3 exams within next 2 weeks and I stopped to bother about the weblog, however I am more than happy to have your help. Do you want me to copy and paste the code of the addblogform.htm and addblog.ASP ?
BTW there is a way toa ttach files here instead of paste it ??
ASKER
PS if you want to chat with me I am on MSN messenger [*** email removed *** EE Page editor]
ASKER
On top of this please note that we had ONLY 3 lessons in ASP at UNI and I am not supposed to know all this.
What I mean is that the weblog is a coursework and I am supposed to know what my code does.... If I use something for me that I do not understand I feel like I just copy and paste (and this is not my target).
I appreciate your concern, and I know that the ghost blogger is more advanced than me ( he started to program when he was 14...) I started last year !! There are SO MANY things to learn that sometimes I do not know where to concentrate.
What I mean is that the weblog is a coursework and I am supposed to know what my code does.... If I use something for me that I do not understand I feel like I just copy and paste (and this is not my target).
I appreciate your concern, and I know that the ghost blogger is more advanced than me ( he started to program when he was 14...) I started last year !! There are SO MANY things to learn that sometimes I do not know where to concentrate.
brillox...
Just so you know. It's not a good idea to put your email address on the web anywhere. It will increase the amount of spam you get. I'll help you get your site secured. Just let me know when you're ready. I'm going to give you some links to articles that you should read that will show you what can be done and what to do to protect yourself. It won't show you how but I can do that.
Your blog pest may have started when he was 14 but I started before MSFT existed. We might have a slight edge.
Just so you know. It's not a good idea to put your email address on the web anywhere. It will increase the amount of spam you get. I'll help you get your site secured. Just let me know when you're ready. I'm going to give you some links to articles that you should read that will show you what can be done and what to do to protect yourself. It won't show you how but I can do that.
Your blog pest may have started when he was 14 but I started before MSFT existed. We might have a slight edge.
ASKER
thanks kiddanger...
I am ready now...
however the email above is the uni email (their server can get some spam (they deserve that...))
I am ready now...
however the email above is the uni email (their server can get some spam (they deserve that...))
brillox...
I didn't grab the email when you listed it so I made a simple form where you can submit your name and email so I can contact you.
http://kiddanger.com/asp/contacts.asp
It doesn't notify me yet if an entry has been made so you will have to let me know here for now.
I didn't grab the email when you listed it so I made a simple form where you can submit your name and email so I can contact you.
http://kiddanger.com/asp/contacts.asp
It doesn't notify me yet if an entry has been made so you will have to let me know here for now.
ASKER
Thanks kiddanger,
I submitted the form with my email address
Massimo
I submitted the form with my email address
Massimo
But you really need to test in your ASP too since anyone can turn JS off or copy the form to another page and remove the javascript