I have code like this
<html>
<head>
<title></title>
</head>
<body>
<%
Function GetGUID()
GetGUID = CreateObject("Scriptlet.TypeLib").GUID
End Function
if Request.ServerVariables("REQUEST_METHOD") = "POST" then
if session("token") = cstr(Request.Form("csrftoken")) then
response.write("Same")
else
response.write("different")
end if
else
dim token
token = GetGUID()
session("token")=token
end if
%>
<form method="post" action="test.asp">
<input type="text" name="nama" placeholder="Input name">
<input type="submit" value="submit">
<input type="hidden" value="<%= session("token") %>" name="csrftoken">
</form>
</body>
</html>
But when I click the submit button, different always be printed. I'am very sure that those variable(session & csrftoken) have the same value, because I already check that via printing those variable.
UPDATE
Thanks all for all your help, the problem is fixed now. It's because GUID that return null-terminated string.
For reference you can see here: Link. Thanks Lankymart for the reference :)
Do not ask me WHY, but there are 2 chars at the end of your CreateObject("Scriptlet.TypeLib").GUID which are somehow lost when pushing it through as post. I will update this answer as soon as I find out more, but for now, you could just compare all the "real" chars, by making a left of the session variable by the length of the request variable. like this:
if left(session("token"), len(Request.Form("csrftoken"))) = Request.Form("csrftoken")then
Also: you can use trim instead of cstr. It implies a cstr and trims the string.
Edit:
So the "Why" part got answered in the question linked by #Lankymart. Thanks!
Related
I have to show a link(Products) in the header after user login to the application. It fail to display the link at first but if I refresh the page the link appears and it logout from the application. The problem is, initially the session variable(LoginID) were I'm using to check in the condition is null, after I refresh the page the appropriate value sets in the same. The three separate page are link in the header page, the form in login page and the codebehind in the Login.asp page. Please suggest me what I'm missing here.
header.asp
Dim qcVisible, LoginID
LoginID=Session("LoginID")
if Session("LoginID")="invaliduser" or Session("LoginID")="" Then
qcVisible = "none"
else
qcVisible = "block"
end if
<div class="menu">
<ul class="clearfix">
<li class="active">Home</li>
<li>Products</li>
<li>Contact</li>
</ul>
</div>
Mylogin.asp(Form)
<!--#include file="header.asp"-->
Session("LoginID")="validuser"
<form name="MyForm" method="post" action="Login.asp" id="loginform">
<fieldset>
<div class="field">
<input type="text" name="LoginID" placeholder="User ID" id="LoginID" />
</div>
<div class="field">
<input type="password" name="PWD" placeholder="Password" id="PWD" />
</div>
<div class="field">
<button class="field_bt" type="submit" form="loginform" name="submit1">Sign In</button>
</div>
</fieldset>
</form>
Login.asp
Login(Request.Form("LoginID"),Request.Form("PWD"))
Function Login(LoginID,Password)
Dim objRS,strSQL
Set objRS=Server.CreateObject ("ADODB.Recordset")
`strSQL = Query
objRS.Open strSQL,objconn
If not objRs.Eof and not objRS.Bof then
dim muser
muser = Mid(objRS("user_password"),1,3)
dim mpass
mpass = Mid(Password,1,3)
If trim(muser)= trim(mpass) Then
Login=True
Session("LoginID")=LoginID
Session("Password")=Password
Else
Login=False
End If
End If
objRS.Close
Exit Function
End Function
<div class="maincontent">
<object id="obj" data="Mylogin.asp" type="text/html"></object>
</div>
Before Login
After login and refresh the page, its logout and the link shows.
Any help would be appreciated. Thanks.
Edited
Based on the member suggestion I tried the following
'If Request.Form.Count > 0 Then(Another Way)
If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
if Session("LoginID")="invaliduser" or Session("LoginID")="" Then
qcVisible = "none"
else
qcVisible = "block"
end if
End If
There are a couple things wrong with your approach:
Session("LoginID") should either have no value (logged out) or a value (logged in).
You are tasking the clientside of hiding the link which can be defeated by looking in the browser's DevTools or source code.
To solve these issues:
#1: Only set Session("LoginID") when a log in is successful.
#2: Your Product-check should look like this to only generate the HTML if the user is logged in (remeber that the session should ONLY have a value if logged in):
<% If Session("LoginID") <> "" Then %><li>Products</li><% End If %>
in your code you set the visible to none if the loginID is empty string when you first load the page what do you think it is??:
if Session("LoginID")="invaliduser" or Session("LoginID")="" Then
qcVisible = "none"
Then later on you go:
<li>Products</li>
it is equilvalent to going:
<li>Products</li>
Before you actually refresh the page or login....
Instead you might want to try:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
//Do your styles in here
}else{
qcVisible = "block";
}
Usually when you load a webpage a GET request is sent, and if you refresh it or click submit the request you specified on your form will be sent in your case POST, so when the user did not enter anything you want to display product hence it will be in the else statement..... Otherwise you want to check if it is valid or not... :)
I'm working on a classic asp application ( I know, not by choice).
I have a button in my form that is supposed to do a Search based on criteria that user enters it.
To give a basic structure here's what it looks like:
<form action="IncidentMain.asp" method="post" name="frmAdd" onSubmit="return checkform( this )">
<input TYPE="image" SRC="Include/Search.gif" ALT="Search" VALUE="submit" id="IMAGE4" name="IMAGE2" onclick="javascript: document.frmAdd.txtaction.value = 'search';" >
</form>
Upon clicking on the button, as can be seen in the form action ="IncidentMain.asp", On submit I call a function, which actually gets called properly.
function checkform ( form )
{
if (form.txtIncidentNumber.value == "") {
alert( "Please Enter Incident Number" );
form.txtIncidentNumber.focus();
return false ;
}
alert("IM HERE");
return true ;
}
So it definitely gets through this function, then I have my last piece of code to actually do the search which is this:
<%
IF Request.Form("txtaction") = "search" THEN
'IT NEVER GETS HERE
'SeLECT DATA FROM SQL SERVER
End if
%>
I do not understand why it happens like that. IT basically looks like it does not want to communicate with the server, it stops short somewhere. Is there any reason why this code would not work?
EDIT:
<form method="post" action="Incident.asp" name="frmuser" onsubmit="return checkform( this )">
<input type="submit" value="Save / Submit" name="btnSubmit"
id="SaveButton" >
</form>
this code here doesn't hit the checkform(this) function but it gets to my VB code which starts like this:
<%
if Request.Form("btnSubmit") ="Save / Submit" THEN
The approach could be a lot simpler if you just want to check that a search has been submitted you could use;
Dim is_submit: is_submit = (Len(Request.Form & "") > 0)
If is_submit Then
'We have a POST form submission do something.
End If
or even;
Dim request_method: request_method = LCase(Request.ServerVariables("REQUEST_METHOD") & "")
If request_method = "post" Then
'We have a POST request (likely a form submission).
End If
Storing hidden input values just clutters the HTML and in a lot of cases is unnecessary, when you also have to update them using event handlers in the page you add an extra layer of unnecessary complexity.
However for any of this to work you have to have something to contain the search, the very simplest of forms should look something like;
<form action="IncidentMain.asp" method="post">
<input type="text" name="txtIncidentNumber" value="" />
<input type="image" name="IMAGE2" src="Include/Search.gif" alt="Search" value="submit" />
</form>
Add a hidden txtaction input field into the form.
The form is missing the hidden field "txtaction". Add the field and enter the value="search".
And remove the javascript that should have done that.
I'm using sinatra as my web framework and right now I have
<p><%= #sentence %></p>
<form action='/' method='POST'>
<button type='submit'>Save Story</button>
</form>
in my erb file. The variable at #sentence changes at refresh. When I hit the save Story button I want it to create a param in the post method that is equal to #sentence so that I can save #sentence to the main page. Is there anyway to do this without javascript?
ANSWERED
I used
`<div class="row">
<form action='/' method='POST'>
<input id="sentence" type="hidden" name="sentence" value= "<%= #sentence %>" >
<button type='submit'>Save Story</button>
</form>
</div>`
its still only taking the first word on one of the 4 pages but there must be something else going on there.
You need to create a hidden input field with the value set to w.e #sentence is
<p><%= #sentence %></p>
<form action='/' method='POST'>
<input type="hidden" name="sentence" value="<%= #sentence %>" />
<button type='submit'>Save Story</button>
</form>
This will give the form something to pass that you can grab with post elsewhere, hope that helps, just put your variable where the ... is and be sure to tell it the language, here is a php example on how to add a varaible to a value.
value="<?php echo $state; ?>"
Here I'm basically telling the browser to echo(print) the state variable between the " and " using php start and end to initiate the language and end it, The hidden type input field is invisible to users and they cannot edit it, its a background trick you can use to pass information, it acts as a text field.
Information on hidden fields:
http://www.blooberry.com/indexdot/html/tagpages/i/inputhidden.htm
When you select an answer, please edit your main post to display ANSWERED and the updated code so users can see what you decide to use.
In sinatra you can do this:
<p><%= #sentence %></p>
<form action='/' method='POST'>
<input type="hidden" name="sentence" value="<%= #sentence %>" />
<button type='submit'>Save Story</button>
</form>
I have a very simple drop down menu:
<select name="sNumR" id="sNumR" onChange="addTable()">
<option value=1>1</option>
<%For i=2 to 10
Response.write("<option value="&i&">"&i&"</option>")
Next%>
</select>
All I'm trying to do is access the selected value, whether it be the default value of 1 or otherwise. Please don't list a jQuery or javascript solution as I already know how to do that and am not concerned about that at all.
The simple: Request.Form("sNumR") doesn't work. I've tried it, many times...
What is it I'm missing? Is this even possible with vbscript/asp? I prefer a method that is simple as I believe this task should be but at this point I'm willing to take whatever I can get.
Request.Form() collection can only be accessed once data has been submitted, you do this either using client-side code to trigger a form submit or using an <input type="submit" />
This whole mechanic relies on the fact that your <select> and <input> tags are wrapped inside a <form> tag. The form has specific attributes you have to set to to access the Request.Form() collection.
action - Specifies URL you are submitting the form to, empty string will submit to the current page.
method - Either GET (to populate the Request.QueryString() collection) or POST (to populate the Request.Form() collection.
A simple HTML form example would like this;
<html>
<head>
<title>Sample Form</title>
</head>
<body>
<form action="" method="post">
<input type="submit" name="submit" value="Submit Form" />
</form>
</body>
</html>
This will do a form POST to the current page (assuming it's called example.asp)
POST /example.asp HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 20
submit=Submit%20Form
You can then insert ASP anywhere in that page to access the Request.Form() collection for example, placing this code above the HTML in example.asp
<%
Dim is_submit
'Have we submitted the form?
is_submit = (Request.Form("submit") = "Submit Form")
Response.Write "Form submitted: " & is_submit
%>
Will produce Form submitted: False before submission and Form submitted: True after submission.
Try wrapping your value attribute value with double quotes.
<option value="1">1</option>
Other than that, check your variable names.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”
I am just learning PHP and I keep getting an Undefined Index error. The book I'm learning from has an HTML form and a PHP page that processes the form, using the following format:
<!-- The form fields are all set up something like this -->
<input type="text" id="howlong" name="howlong" /><br />
// The PHP starts with one line like this for each of the form fields in the HTML
$how_long = $_POST ['howlong'];
// And there is one line for each one like this to output the form data:
echo ' and were gone for ' . $how_long . '<br />';
The example I'm working with has about 12 form fields.
What's odd is that not all of the variables throw this error, but I can't see a pattern to it.
I've checked that all HTML fieldnames match up with the PHP $_POST variable name I entered, and I've made certain that when I fill out the form and submit it that all fields are filled in with something. Interestingly, the completed code that can be downloaded for the book also throws this error.
I realize this code may not reflect best practices, it's from the first chapter of the book and obviously I am a noob :)
In case it makes a difference, I am using PHP 5.3.5 on XAMPP 1.7.4 with Windows 7 Home Premium.
Remember to set the method to POST on the form tag...
heres the code i used to try yours, and it worked to me:
in a file named test.php:
<html>
<body>
<form method="POST" action="testProc.php">
<input type="text" id="howlong" name="howlong" /><br/>
<input type="submit" value="submit"/>
</form>
</body>
</html>
and in testProc.php:
<?php
if (isset($_POST)) {
if (isset($_POST["howlong"])){
$howlong = $_POST['howlong'];
echo ' and were gone for ' . $howlong . '<br />';
}
}
?>
Just as an advise, to make display manipulation with stylesheets i recommend to put forms within a table, like this:
<html>
<body>
<form method="POST" action="testProc.php">
<table>
<tbody>
<tr>
<th>
<label for="howlong">How long? :</label>
</th>
<td>
<input type="text" id="howlong" name="howlong" />
</td>
</tr>
<tr>
<input type="submit" value="submit"/>
</tr>
</tbody>
</table>
</form>
</body>
</html>
Hope you can use this...
you need to check that form is submitted and then you can try to use $_POST array, so you should put this code above:
if(isset($_POST['send'])) {
where "send" is name of submit button
You can test to see if a variable is set using the isset() function.
Also, not all HTML form elements will post a value in all cases. The common example is the checkbox; an unchecked checkbox doesn't form part of the the data posted back to the server. Therefore the $_POST element you're expecting to be set won't be.