asked on
Validation of a Form ?
In Dreamweaver CS3 - I have created a page full of ASP fields in a form, plus a submit button - so as to capture data into a database. (initially using the Insert Wizard - but then modified quite a lot). It all works fine and puts data in there.
I now want to Validate the form - but when I follow the various help and tutorials - Select Behaviours etc.. - The 'Validate Form' option is greyed out !! I've tried clicking on Form tag; submit button, everything...
Any ideas ??
I would also like to Default the current date and time into a field that is sent back to the database - can't work out how to do that - any help appreciated.
Thanks
Phil
I now want to Validate the form - but when I follow the various help and tutorials - Select Behaviours etc.. - The 'Validate Form' option is greyed out !! I've tried clicking on Form tag; submit button, everything...
Any ideas ??
I would also like to Default the current date and time into a field that is sent back to the database - can't work out how to do that - any help appreciated.
Thanks
Phil
Adobe Dreamweaver
Last Comment
PhilAJones
If you just want to use Dreamweaver to validate your form, I have found the easiest way is to use an extension from WebAssist. Go to http://www.webassist.com and look for the form validator
here is the link... it is called Validation Toolkit. Basically it is an extension that installs into Dreamweaver allowing you to use dreamweaver to validate form fields. Validation is so important to prevent spoofing and it must be done server-side. It is very easy for hackers to bypass Javascript validation because all you have to do is disable javascript in your browser. http://www.webassist.com/professional/products/productdetails.asp?PID=33
ASKER
Thanks rbudi - I'll look into that tomorrow.
ANy ideas as to why the inbuilt Validation doesn't work ?
Phil
ANy ideas as to why the inbuilt Validation doesn't work ?
Phil
The built in Dreamweaver form validation will work but I believe it uses javascript. Again, spoofers can easily bypass this and use your server to send spam email.
ASKER
I understand what you are saying - but my query is that it DOESNT work - the option is greyed out !!
Hi PhilAJones,
There may be a couple of reasons why this is.
1) Are you using pages built from a DW Template? If so, check to see if the form tags are in an editable region.
2) Is the form tag heavily modified with ASP code or other javascript?
3) If you create a new form on the page, with just plain old fields, can you apply the validation behavior to it?
There may be a couple of reasons why this is.
1) Are you using pages built from a DW Template? If so, check to see if the form tags are in an editable region.
2) Is the form tag heavily modified with ASP code or other javascript?
3) If you create a new form on the page, with just plain old fields, can you apply the validation behavior to it?
Hi Phil
The reason why the option is greyed out is that the form is modified. As soon as you alter any portion of a page that would usually be generated by DW, DW stops cooperating and leaves it all up to you. Sadly DW will only ever do the basics, after that you've got to get stuck into coding yourself!
The form validation you require really needs to be done server-side. This is safer than client-side anyway because asrbudj says, spoofers can disable javascript and then launch an attack on your code logic.
With ASP (and I presume PHP too) form collection and validation can be a pain depending on the extent you want to go to. I code my form validation myself, and the easiest way is to do something like this (I will use simple text values to check against because I can't see your form). Save this page as savepage.asp then in your form page, set the FORM METHOD attribute to point to this page (seperating the form and save logic simplifies things a little):
The reason why the option is greyed out is that the form is modified. As soon as you alter any portion of a page that would usually be generated by DW, DW stops cooperating and leaves it all up to you. Sadly DW will only ever do the basics, after that you've got to get stuck into coding yourself!
The form validation you require really needs to be done server-side. This is safer than client-side anyway because asrbudj says, spoofers can disable javascript and then launch an attack on your code logic.
With ASP (and I presume PHP too) form collection and validation can be a pain depending on the extent you want to go to. I code my form validation myself, and the easiest way is to do something like this (I will use simple text values to check against because I can't see your form). Save this page as savepage.asp then in your form page, set the FORM METHOD attribute to point to this page (seperating the form and save logic simplifies things a little):
<html>
<body>
<%
' ROUCHIE'S VALIDATION LOGIC...
' 1. Gather form values into ASP variables
Dim var1 ' this must be text and not blank (checked later)
Dim var2 ' this must be numeric and not blank (checked later)
Dim var3 ' this must be a date and not blank (checked later)
Dim errorText ' holds error details
var1 = Trim(Request.Form("myField1"))
var2 = Trim(Request.Form("myField2"))
var3 = Trim(Request.Form("myField3"))
errorText = "" ' clear errorText variable
' 2. Check values
IF var1 = "" THEN
errorText = errorText & "<li>Field 1 cannot be blank!</li>"
END IF
IF var2 = "" OR NOT IsNumeric(var2) THEN
errorText = errorText & "<li>Field 2 cannot be blank and must be a number!</li>"
END IF
IF var3 = "" OR NOT IsDate(var3) THEN
errorText = errorText & "<li>Field 3 cannot be blank and must be a valid date!</li>"
END IF
' 3. SQL Injection Protection - replace any single quotes with 2 single quotes (for text values)
var1 = Replace(var1, "'", "''")
' 4. If errors have occurred provide a message, or otherwise save to database
IF errorText <> "" THEN
%>
<p>Errors where found in the form submission. Please check the following errors and retry:</p>
<ul>
<%=errorText%>
</ul>
<%
ELSE ' no errors - save to database
' database code
' goes here
' to save form to database
%>
<p>The data was saved successfully.</p>
<%
END IF
%>
</body>
</html>
ASKER
Thanks Rouchie - thats a great respose which I accept and understand.
Just 1 thing - How does DW 'know' that you have modified the form - it must have something set somewhere that I could manually unset !!
Phil
Just 1 thing - How does DW 'know' that you have modified the form - it must have something set somewhere that I could manually unset !!
Phil
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
>> How does DW 'know' that you have modified the form
Javascript functions in the config directory scan your files looking for patterns. If you heavily modify or incorporate dynamic elements into otherwise plain HTML tags, the regex function will fail to recognize things.
If you use DW to write the Insert/Update/Delete scripts and then modify those, DW will no longer "recognize" the behavior and display it in the Panels...
Javascript functions in the config directory scan your files looking for patterns. If you heavily modify or incorporate dynamic elements into otherwise plain HTML tags, the regex function will fail to recognize things.
If you use DW to write the Insert/Update/Delete scripts and then modify those, DW will no longer "recognize" the behavior and display it in the Panels...
ASKER
I know understand the reasons for the proble I had...Thanks to all....
Phil
Phil