calitech
asked on
Website form, make it mandatory to enter in data
I have a form on my website, and I am getting lots of hits from people just clicking submit and not entering any data. What do I need to add to my form so they have to enter there name or email before they hit submit.
I will past the code here. I don't know if that is what the code box is for but I will know for next time.
<form action="gdform.asp" method="post">
<input name="ARThankyouURL" type="hidden" id="ARThankyouURL" value="http://www.mydomain.com/thankyoufreereport.asp">
<input name="copyarresponse" type="hidden" id="copyarresponse" value="1">
<input name="custom" type="hidden" id="custom" value="1">
<input name="defaultar" type="hidden" id="defaultar" value="58357">
<input name="allowmulti" type="hidden" id="allowmulti" value="1">
<input name="showSuccessBox" type="hidden" id="showSuccessBox" value="true">
<input name="visiblefields" type="hidden" id="visiblefields" value="Name,Email1,Company ,Workphone ,Address1, City,State ,Zip">
<input name="requiredfields" type="hidden" id="requiredfields" value="Name,Email1,Company ,Workphone ,Address1, City,State ,Zip">
<input type="hidden" name="fieldname7" value="Title">
<input type="hidden" name="required7" value="1">
<p>
<label for="name">Name:</label>
<input name="name" type="text" id="name" size="30">
</p>
<p>
<label for="field7">Title:</label >
<input name="field7" type="text" size="30" id="field7">
</p>
<p>
<label for="company">Company:</la bel>
<input name="company" type="text" id="company" size="30">
</p>
<p>
<label for="address1">Address:</l abel>
<input name="address1" type="text" id="address1" size="30">
</p>
<p>
<label for="city">City:</label>
<input name="city" type="text" id="city" size="30">
</p>
<p>
<label for="state">State:</label>
<input name="state" type="text" id="state" size="30">
</p>
<p>
<label for="zip">Zip:</label>
<input name="zip" type="text" id="zip" size="30">
</p>
<p>
<label for="workphone">Workphone: </label>
<input name="workphone" type="text" id="workphone" size="30">
</p>
<p>
<label for="email1">Email:</label >
<input name="email1" type="text" id="email1" size="30" />
</p>
<p>
<input type="hidden" name="redirect" value="thankyoufreereport. asp"/>
<input type="submit" name="Submit" value="Send Me the Report" class="redbutton" style="margin-left: 90px">
</p>
</form>
I will past the code here. I don't know if that is what the code box is for but I will know for next time.
<form action="gdform.asp" method="post">
<input name="ARThankyouURL" type="hidden" id="ARThankyouURL" value="http://www.mydomain.com/thankyoufreereport.asp">
<input name="copyarresponse" type="hidden" id="copyarresponse" value="1">
<input name="custom" type="hidden" id="custom" value="1">
<input name="defaultar" type="hidden" id="defaultar" value="58357">
<input name="allowmulti" type="hidden" id="allowmulti" value="1">
<input name="showSuccessBox" type="hidden" id="showSuccessBox" value="true">
<input name="visiblefields" type="hidden" id="visiblefields" value="Name,Email1,Company
<input name="requiredfields" type="hidden" id="requiredfields" value="Name,Email1,Company
<input type="hidden" name="fieldname7" value="Title">
<input type="hidden" name="required7" value="1">
<p>
<label for="name">Name:</label>
<input name="name" type="text" id="name" size="30">
</p>
<p>
<label for="field7">Title:</label
<input name="field7" type="text" size="30" id="field7">
</p>
<p>
<label for="company">Company:</la
<input name="company" type="text" id="company" size="30">
</p>
<p>
<label for="address1">Address:</l
<input name="address1" type="text" id="address1" size="30">
</p>
<p>
<label for="city">City:</label>
<input name="city" type="text" id="city" size="30">
</p>
<p>
<label for="state">State:</label>
<input name="state" type="text" id="state" size="30">
</p>
<p>
<label for="zip">Zip:</label>
<input name="zip" type="text" id="zip" size="30">
</p>
<p>
<label for="workphone">Workphone:
<input name="workphone" type="text" id="workphone" size="30">
</p>
<p>
<label for="email1">Email:</label
<input name="email1" type="text" id="email1" size="30" />
</p>
<p>
<input type="hidden" name="redirect" value="thankyoufreereport.
<input type="submit" name="Submit" value="Send Me the Report" class="redbutton" style="margin-left: 90px">
</p>
</form>
I would too recommend using server side validation as client side (javascript) can be easily circumvented. Although a javascript check would be more user friendly so you can do both.
To check in ASP if for instance the name has been set you can do something like this:
if len(request.form("name")) < 5 then
'Smaller than 5 characters, probably invalid, do not put into database and return error msg.
end if
To check in ASP if for instance the name has been set you can do something like this:
if len(request.form("name")) < 5 then
'Smaller than 5 characters, probably invalid, do not put into database and return error msg.
end if
Have a look here at this demostration.
If you want something fast and easy
You can do a ClientSide JavaScript
http:Q_24334730.html?cid=236#a24224866
(Pay attention to the Form Name and OnSubmit functions.)
hth
Have a good one.
Carrzkiss
If you want something fast and easy
You can do a ClientSide JavaScript
http:Q_24334730.html?cid=236#a24224866
(Pay attention to the Form Name and OnSubmit functions.)
hth
Have a good one.
Carrzkiss
<%
formName = request.form("name")
formMail = request.form("email1")
if len(formName)>0 and len(formMail)>0 then
' User have entered both Name and Email
' Continue with the process
else
' Name and Email fields seems to be empty
' Don't proceed, and tell the user to fill out the fields
end if
%>
ASKER
This is my Gdform.asp code. Where do I add the code?
<%
Dim landing_page, host_url
Dim fso, outfile, filename, dirname, myFolder
Dim req_method, key, value
Dim bErr, errStr, bEmpty
On Error resume next
bErr = false
bEmpty = true
errStr = ""
Set fso = Server.CreateObject("Scripting.FileSystemObject")
host_url = Request.ServerVariables("HTTP_HOST")
req_method = Request.ServerVariables("REQUEST_METHOD")
dtNow = Now()
filename = Server.MapPath("\ssfm")
dirname = filename
filename = filename & "\gdform_" & DatePart("M", dtNow) & DatePart("D", dtNow) & DatePart("YYYY", dtNow) & DatePart("N", dtNow) & DatePart("S", dtNow)
Function FormatVariableLine(byval var_name, byVal var_value)
Dim tmpStr
tmpStr = tmpStr & "<GDFORM_VARIABLE NAME=" & var_name & " START>" & vbCRLF
tmpStr = tmpStr & var_value & vbCRLF
tmpStr = tmpStr & "<GDFORM_VARIABLE NAME=" & var_name & " END>"
FormatVariableLine = tmpStr
end function
Sub OutputLine(byVal line)
outfile.WriteLine(line)
end sub
if err.number = 0 then
Set outfile = fso.CreateTextFile(filename, true, false)
if err.number <> 0 then
bErr = true
errStr = "Error creating file! Directory may not be writable or may not exist.<br>Unable to process request."
else
if(req_method = "GET") then
for each Item in request.QueryString
if item <> "" then
bEmpty = false
key = item
value = Request.QueryString(item)
if(lcase(key) = "redirect") then
landing_page = value
else
line = FormatVariableLine(key, value)
Call OutputLine(line)
end if
end if
next
elseif (req_method = "POST") then
for each Item in request.form
if item <> "" then
bEmpty = false
key = item
value = Request.form(item)
if(lcase(key) = "redirect") then
landing_page = value
else
line = FormatVariableLine(key, value)
Call OutputLine(line)
end if
end if
next
end if
outfile.close
end if
if(bEmpty = true) AND errStr = "" then
bErr = true
errStr = errStr & "<br>No variables sent to form! Unable to process request."
end if
if(bErr = false) then
if (landing_page <> "") then
response.Redirect "http://" & host_url & "/" & landing_page
else
response.Redirect "http://" & host_url
end if
else
Response.Write errStr
end if
set fso = nothing
else
Response.Write " An Error Occurred creating mail message. Unable to process form request at this time."
end if
%>
(It has been 12 days, hopefully he is still around)
Here are a few links.
(Serverside is the best way to go with this one)
http://www.haneng.com/lessons_13.asp
http://www.aspwebpro.com/aspscripts/forms/basicformvalidation.asp
There are a lot more as well.
But they are 2 of the easest ones to implement and quick.
Good Luck
Carrzkiss
Here are a few links.
(Serverside is the best way to go with this one)
http://www.haneng.com/lessons_13.asp
http://www.aspwebpro.com/aspscripts/forms/basicformvalidation.asp
There are a lot more as well.
But they are 2 of the easest ones to implement and quick.
Good Luck
Carrzkiss
By the way.
Whack
>> CGI Scripting
This is not CGI. This is ASP (or) Javascript.
Have a good one.
Carrzkiss
Whack
>> CGI Scripting
This is not CGI. This is ASP (or) Javascript.
Have a good one.
Carrzkiss
> .. What do I need to add to my form so they have to enter there name or email before they hit submit.
as already suggested: using client side scripting (JavaScript, ActiveX, etc.) is the onle way to do it, but it is unreliable too as it can be circumvented
The only reliable method is that your receiving script checks the values.
as already suggested: using client side scripting (JavaScript, ActiveX, etc.) is the onle way to do it, but it is unreliable too as it can be circumvented
The only reliable method is that your receiving script checks the values.
ahoffmann
I am sorry, but you are incorrect on this being "Clientside" Only.
The links that I provided in the post above http:#a24333518
And this link here
http://www.asp101.com/articles/hojjat/formvalidation/default.asp
code
http://www.asp101.com/articles/hojjat/formvalidation/formvalidation.zip
Clientside is simple, but if they do not have Javascript enabled, then it is not going to work.
As well as reverse engineering, and bypass is pretty simple to do.
(Of which I am going to be taking down my demo from my post above, as it is Javascript)
Carrzkiss
I am sorry, but you are incorrect on this being "Clientside" Only.
The links that I provided in the post above http:#a24333518
And this link here
http://www.asp101.com/articles/hojjat/formvalidation/default.asp
code
http://www.asp101.com/articles/hojjat/formvalidation/formvalidation.zip
Clientside is simple, but if they do not have Javascript enabled, then it is not going to work.
As well as reverse engineering, and bypass is pretty simple to do.
(Of which I am going to be taking down my demo from my post above, as it is Javascript)
Carrzkiss
Seems the script tests empty fields already
if(bEmpty = true) AND errStr = "" then
bErr = true
errStr = errStr & "<br>No variables sent to form! Unable to process request."
end if
if(bEmpty = true) AND errStr = "" then
bErr = true
errStr = errStr & "<br>No variables sent to form! Unable to process request."
end if
> .. but you are incorrect ..
may be, but show one example without client side scripting sending a reuest where the form is filled (except the form variables have been preset by a tag's value= attribute)
There may be solutions using CSS, I didn't check ...
may be, but show one example without client side scripting sending a reuest where the form is filled (except the form variables have been preset by a tag's value= attribute)
There may be solutions using CSS, I didn't check ...
This for one.
http://www.haneng.com/lessons_13.asp
There is no way that a user can reverse engineering this code.
Unless they were to some how get their hands on the source.
Run the demo. All you see is HTML code. There is nothing else to allow the user to do anything else.
But, to fill out the form and submit it to the Server for processing.
Have a good one.
Carrzkiss
http://www.haneng.com/lessons_13.asp
There is no way that a user can reverse engineering this code.
Unless they were to some how get their hands on the source.
Run the demo. All you see is HTML code. There is nothing else to allow the user to do anything else.
But, to fill out the form and submit it to the Server for processing.
Have a good one.
Carrzkiss
carrzkiss, don't know what you're talking/complaining about
The questions is:
> need to add to my form so they have to enter there name or email before they hit submit.
And that's not possible without client side scripting. None of your links check it on the client side, all do it server side, hence *after* the submit.
Please correct me if I'm wrong.
The questions is:
> need to add to my form so they have to enter there name or email before they hit submit.
And that's not possible without client side scripting. None of your links check it on the client side, all do it server side, hence *after* the submit.
Please correct me if I'm wrong.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> .. which WILL force the user to have javascript ..
mplungjan, I guess we both know that there're infinite ways to submit automated without javascript too (unless the form uses unique session tokens ;-)
mplungjan, I guess we both know that there're infinite ways to submit automated without javascript too (unless the form uses unique session tokens ;-)
Not if there is no action
are you talking about "monkey forms"? they are submitted to the page URL itself, where is the problem (except with non-w3c-conform browsers)?
The code I posted will not submit to the gdform unless it was run in a browser(-like) environment
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
@carrzkiss, @mplungjan
no offense meant at all
Said this, I state that there is no way to protect a page in a way without using sophisticated javascript (or any other client side scripting) submitting an empty form from within a browser. Though, I've to admit that I never tried CSS for that, it might work in modern browsers.
If any doubt, please feel free to post the HTML code I can use with lynx ;-)
And i.g. it is impossible to protect the application from receiving empty forms, it's always possible to script such requests.
@calitech, sorry for some (probably) off-topic discussion.
In short words: reliable solutions are always server side
no offense meant at all
Said this, I state that there is no way to protect a page in a way without using sophisticated javascript (or any other client side scripting) submitting an empty form from within a browser. Though, I've to admit that I never tried CSS for that, it might work in modern browsers.
If any doubt, please feel free to post the HTML code I can use with lynx ;-)
And i.g. it is impossible to protect the application from receiving empty forms, it's always possible to script such requests.
@calitech, sorry for some (probably) off-topic discussion.
In short words: reliable solutions are always server side
@Carrzkiss, no offence taken - I did not visit the link given.
the code I provided here works with the form given in this question and verifying server side what is sent is always a good idea - something it SEEMS the gdform.php is doing if the settings are correct
the code I provided here works with the form given in this question and verifying server side what is sent is always a good idea - something it SEEMS the gdform.php is doing if the settings are correct
Yes, I agree we should finish it in one question
I gave 2 complete CLIENT-SIDE solutions in http:Q_24353611.html?cid=2 38#a243337 46 and http:Q_24353611.html?cid=2 38#a243337 58
and you got server side versions here too from carrzkiss
I gave 2 complete CLIENT-SIDE solutions in http:Q_24353611.html?cid=2
and you got server side versions here too from carrzkiss
I agree with mplungjan, this does need to be taken care of here and not in another post.
The link that is covered in my post as well do what is needed on the server side.
It is complete and works like a charm. And if hack proof.
http:Q_24353611.html?cid=238#a24334723
calitech,
If you feel over-whelmed with the information that is provided here.
Just simply spend a little time and go through each indivisual EE's post and see what better suits you.
Did not bother with the post here that I made http:Q_24353611.html?cid=238#a24230778
As it is Client Side validation, and I no longer use them methods, as they are not hack proof.
Good Luck
Carrzkiss
The link that is covered in my post as well do what is needed on the server side.
It is complete and works like a charm. And if hack proof.
http:Q_24353611.html?cid=238#a24334723
calitech,
If you feel over-whelmed with the information that is provided here.
Just simply spend a little time and go through each indivisual EE's post and see what better suits you.
Did not bother with the post here that I made http:Q_24353611.html?cid=238#a24230778
As it is Client Side validation, and I no longer use them methods, as they are not hack proof.
Good Luck
Carrzkiss
Erm, the recommendation from BOTH experts was to NOT close but to FINISH this question by IMPLEMENTING our suggestions
I'm not familiar with asp, but if you attach the file, you'll probably find someone that can help.