Search/Results Pages

I'm using Dreamweaver CS4. I need to create a page for the user to enter a member ID. This member ID is then used to display a detail page which shows information about them. Entering the ID and submitting works perfectly:

     
<div id="docBody">
        <form method="get" action="membershipApplication2.asp" name="memRenew" id="memRenew" target="_self">
          <fieldset id="loginInfo">
            <legend class="legend">Membership — New/Renewal<span class="style1"></span></legend>
            <br />
            <span style="color: #666">
            <label for="memberID">Enter Your Member ID:</label>
            <br />
            <br />
            </span>
            <input name="memberID" type="text" id="memberID" tabindex="1" onchange="document.memRenew.memberID.value=document.memRenew.memberID.value.toUpperCase();" size="18" maxlength="8"/>
            <br />
            <br />
            <input type="submit" name="next" id="next" value="Next&gt;&gt;" tabindex="2" />
          </fieldset>
        </form>

Open in new window


However, I need to first check that a valid ID has been entered. So I reworked the form as follows:
<%
Dim conn, rs, sql, alreadyExists
If Len(Trim(Request.Form("memberID"))) = 8 Then
 set conn=Server.CreateObject("ADODB.Connection")
 conn.Provider="Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath ("..\..\DB\MEMDATA.MDB") & ";"
 conn.Open
 set rs = Server.CreateObject("ADODB.recordset")
 
 sql = "SELECT COUNT(*) FROM Members WHERE memberID = '" & Trim(Request.Form("memberID")) & "'"
 Set rs=conn.Execute(sql)
 
	If CInt(rs.Fields(0)) > 0 Then
		alreadyExists = True
	Else
		alreadyExists = False
	End If
	rs.Close

	If alreadyExists = True Then
		conn.Close
		Response.Redirect("membershipApplication2.asp?memberID=memberID ")
	Else
		Response.Write("<script>alert('You have entered an invalid Member ID.');</script>")
	End If
End If
%>

      <div id="docBody">
        <form method="post" action="membershipSelect.asp" name="memRenew" id="memRenew" target="_self">
          <fieldset id="loginInfo">
            <legend class="legend">Membership — New/Renewal<span class="style1"></span></legend>
            <br />
            <span style="color: #666">
            <label for="memberID">Enter Your Member ID:</label>
            <br />
            <br />
            </span>
            <input name="memberID" type="text" id="memberID" tabindex="1" onchange="document.memRenew.memberID.value=document.memRenew.memberID.value.toUpperCase();" size="18" maxlength="8"/>
            <br />
            <br />
            <input type="submit" name="next" id="next" value="Next&gt;&gt;" tabindex="2" />
          </fieldset>
        </form>
      </div>

Open in new window


This approach properly verifies that the member ID exists but the ID field does not get passed to the detail display page. Therefore, I get a BOF or EOF error.

Is there a better way to do this? It seems best to trap the error in the search parameter page, but then how do I pass the parameter to the results page?
slegyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason C. LevineNo oneCommented:
Is there a better way to do this? It seems best to trap the error in the search parameter page, but then how do I pass the parameter to the results page?

Why bother with the results page at all?  If you are doing all the grunt work now, why not simply add the results display to this page and use the built in server behaviors to show/hide it. If the recordset is not empty show the results div.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
To answer your question, looking at line 21
Response.Redirect("membershipApplication2.asp?memberID=memberID ")

Open in new window

You are redirecting to your membershipApplication2.asp page but the asp variable "memberID" is not defined in the code (that we can see from your sample) therefore, if you were to place the following code in your membershipApplication2.asp page:
<%="The variable memberID= "&request("memberID")&" Length of the variable memberID = "&len(request("memberID"))  %>

Open in new window


I think you will see that memberID is empty.

On line 9 you have
 sql = "SELECT COUNT(*) FROM Members WHERE memberID = '" & Trim(Request.Form("memberID")) & "'"

Open in new window


Prior to that you might want to set the variable memberID.
'****  USE THIS CODE IF memberID IS NUMERIC ****
' make sure data is numeric
dim memberID
memberID=0
if isnumeric(Trim(Request.Form("memberID"))) then
     memberID=trim(request.form("memberID"))
end if
'**********************************************


'*** USE THIS CODE IF memberID IS ALPHA NUMERIC ****
memberID=request.form("memberID")
'do basic cleaning
memberID=replace(memberID,"'","") ' get rid of single quotes
' get rid of greater than and less than
memberID=replace(memberID,"<","") 
memberID=replace(memberID,">","") 
' there is a lot more that can be done to make sure your data is not harmful, this was very basic
'**********************************************


' now you can use the variable memberID in your sql and later
' in  your Response.Redirect("membershipApplication2.asp?memberID=memberID 
sql = "SELECT COUNT(*) FROM Members WHERE memberID = '" & memberID & "'"

Open in new window

0
slegyAuthor Commented:
Thank you. I've tried a number of different things. Using the GET method and action = membershipApplication2.asp, the member ID is passed. membershipApplication2 properly recognizes the ID and retrieves the correct record.
http://localhost/membership/joinRenew/membershipApplication2.asp?memberID=FAUJO000&next=Next%3E%3E

However, this approach does not validate the ID. If the method = POST and action submits back to same page in order to execute the validate, the Response.Redirect does not send the value in memberID from the page form. Instead:
http://localhost/membership/joinRenew/membershipApplication2.asp?memberID=memberID

In my research I also keep finding that POST cannot be used with Response.Redirect. So, I'm very confused. All I need to do is figure out how to get the Response.Redirect to send the actual value in the field.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
Here is one option.  I have added '****** to show my edits.
<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
Dim conn, rs, sql, alreadyExists
If Len(Trim(Request.Form("memberID"))) = 8 Then
 set conn=Server.CreateObject("ADODB.Connection")
 conn.Provider="Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath ("..\..\DB\MEMDATA.MDB") & ";"
 conn.Open
 set rs = Server.CreateObject("ADODB.recordset")
 
 
 ' *** WARNING ****
 ' Do not trust request.form("memberID") enough to place it in yo ur sql without first making sure the data is what you expect.  
 sql = "SELECT COUNT(*) FROM Members WHERE memberID = '" & Trim(Request.Form("memberID")) & "'"
 '**********************
 Set rs=conn.Execute(sql)
 
	If CInt(rs.Fields(0)) > 0 Then
		alreadyExists = True
		' **************
		' create a varialbe memberID equal to the recordset ID. 
		memberID=rs("memberID") ' or whatever you use for the member id
	Else
		alreadyExists = False
	End If
	rs.Close

	If alreadyExists = True Then
		conn.Close
		Response.Redirect("membershipApplication2.asp?memberID="&memberID)
	Else
	' ********* 
	 ' for another question, You may be better off using a modal 
		Response.Write("<script>alert('You have entered an invalid Member ID.');</script>")
		
	' *************	
	End If
End If
%>

      <div id="docBody">
        <form method="post" action="membershipSelect.asp" name="memRenew" id="memRenew" target="_self">
          <fieldset id="loginInfo">
            <legend class="legend">Membership — New/Renewal<span class="style1"></span></legend>
            <br />
            <span style="color: #666">
            <label for="memberID">Enter Your Member ID:</label>
            <br />
            <br />
            </span>
            <input name="memberID" type="text" id="memberID" tabindex="1" onchange="document.memRenew.memberID.value=document.memRenew.memberID.value.toUpperCase();" size="18" maxlength="8"/>
            <br />
            <br />
            <input type="submit" name="next" id="next" value="Next&gt;&gt;" tabindex="2" />
          </fieldset>
        </form>
      </div>

Open in new window

0
Jason C. LevineNo oneCommented:
I also keep finding that POST cannot be used with Response.Redirect

This is true.  POST only works when a form is submitted.  If you submit a form via post then invoke a redirect, the POST array is lost.  Storing the values you need in a cookie or session or writing out the value from POST to Response.Redirect's query string and using GET on the results page to look up the member is the way to go.

That being said, this is why I recommended NOT moving the user to a new page.  Submit the form to itself, do your validation, and then show or hide the results based on the validation using the same file and forget about redirection.  Sending the user to a new page (where they presumably will have to back up to run a new search) is not a stellar UI/UX design.
0
Scott Fell, EE MVEDeveloper & EE ModeratorCommented:
....and using Jason1178's idea

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<%
Dim conn, rs, sql, alreadyExists,memberID,errMessg

memberID="" ' set memberID to nothing
errMessg="Please enter a Member ID"

If Len(Trim(Request.Form("memberID"))) = 8 Then
 set conn=Server.CreateObject("ADODB.Connection")
 conn.Provider="Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath ("..\..\DB\MEMDATA.MDB") & ";"
 conn.Open
 set rs = Server.CreateObject("ADODB.recordset")
 
 
 ' *** WARNING ****
 ' Do not trust request.form("memberID") enough to place it in yo ur sql without first making sure the data is what you expect.  
 sql = "SELECT COUNT(*) FROM Members WHERE memberID = '" & Trim(Request.Form("memberID")) & "'"
 '**********************
 Set rs=conn.Execute(sql)
 
	If CInt(rs.Fields(0)) > 0 Then
		alreadyExists = True
		' **************
		' create a varialbe memberID equal to the recordset ID. 
		memberID=rs("memberID") ' or whatever you use for the member id
		errMessg=""
	Else
		alreadyExists = False
		errMessg="You must enter a good Member ID"
	End If
	rs.Close
' ********** REMOVE **************
'	If alreadyExists = True Then
'		conn.Close
'		Response.Redirect("membershipApplication2.asp?memberID="&memberID)
'	Else
	

'		Response.Write("<script>alert('You have entered an invalid Member ID.');< /script>")
		
' ***************************
	End If
End If
%>
<%
if errMessg<>"" then
%>
<div id="errMessg"><%=errMessg%></div>
<%
end if
%>
<%
if memberID="" then ' we do not know the member
%>
      <div id="docBody">
        <form method="post" action="membershipSelect.asp" name="memRenew" id="memRenew" target="_self">
          <fieldset id="loginInfo">
            <legend class="legend">Membership — New/Renewal<span class="style1"></span></legend>
            <br />
            <span style="color: #666">
            <label for="memberID">Enter Your Member ID:</label>
            <br />
            <br />
            </span>
            <input name="memberID" type="text" id="memberID" tabindex="1" onchange="document.memRenew.memberID.value=document.memRenew.memberID.value.toUpperCase();" size="18" maxlength="8"/>
            <br />
            <br />
            <input type="submit" name="next" id="next" value="Next&gt;&gt;" tabindex="2" />
          </fieldset>
        </form>
      </div>
    <%
	else
	
	%>
	<div id="MemberArea">
    <!-- place your member info here -->
    
    </div>
    
    
    
    <%end if%>

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
slegyAuthor Commented:
Got it. It's all working. Thank you very much.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Adobe Dreamweaver

From novice to tech pro — start learning today.