ASP (not .net) 1.1

Discussion in 'ASP General' started by aspquerrier, Nov 22, 2008.

  1. aspquerrier

    aspquerrier Guest

    Hi, I have a question on ASP (not .NET) I need (due to a strange ASP page
    design I am modifying) to pass a value from the querystring (which is
    received from the URL calling the form) to a HTML Submit input box so that it
    will be passed on to the form itself in a secondary iteration (the form is
    used as submitting to itself with many other values in user typed input
    fields which are passed succesfully). If I try to pass the querystring to a
    variable, and read the variable, it is empty after the user clicks 'submit'.
    So the question is, how does one programmatically populate a HTML text field
    with a value from the quesrystring (URL)? or, how does one programmatically
    pass a querystring value to the form itself if it submits to itself?
    Thanks
    aspquerrier, Nov 22, 2008
    #1
    1. Advertising

  2. aspquerrier

    Jeff Dillon Guest

    You could save it into a Session variable

    Jeff

    "aspquerrier" <> wrote in message
    news:...
    > Hi, I have a question on ASP (not .NET) I need (due to a strange ASP page
    > design I am modifying) to pass a value from the querystring (which is
    > received from the URL calling the form) to a HTML Submit input box so that
    > it
    > will be passed on to the form itself in a secondary iteration (the form is
    > used as submitting to itself with many other values in user typed input
    > fields which are passed succesfully). If I try to pass the querystring to
    > a
    > variable, and read the variable, it is empty after the user clicks
    > 'submit'.
    > So the question is, how does one programmatically populate a HTML text
    > field
    > with a value from the quesrystring (URL)? or, how does one
    > programmatically
    > pass a querystring value to the form itself if it submits to itself?
    > Thanks
    Jeff Dillon, Nov 22, 2008
    #2
    1. Advertising

  3. aspquerrier

    Evertjan. Guest

    =?Utf-8?B?YXNwcXVlcnJpZXI=?= wrote on 22 nov 2008 in
    microsoft.public.inetserver.asp.general:

    > Hi, I have a question on ASP (not .NET) I need (due to a strange ASP
    > page design I am modifying) to pass a value from the querystring
    > (which is received from the URL calling the form) to a HTML Submit
    > input box so that it will be passed on to the form itself in a
    > secondary iteration (the form is used as submitting to itself with
    > many other values in user typed input fields which are passed
    > succesfully). If I try to pass the querystring to a variable, and read
    > the variable, it is empty after the user clicks 'submit'. So the
    > question is, how does one programmatically populate a HTML text field
    > with a value from the quesrystring (URL)? or, how does one
    > programmatically pass a querystring value to the form itself if it
    > submits to itself? Thanks


    <input value='<%=request.querystring("myValue")%>' name='myValue'>

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Nov 22, 2008
    #3
  4. aspquerrier

    aspquerrier Guest

    Thanks it worked beautifully.
    Still, I don't understand why just trying to use the request.querystring
    didn't work just before the submit to self part. It does work in the earlier
    part of the form but later the same statement gives a blank value. (What I
    originally tried to do was simly to do this:
    <FORM METHOD="post" ACTION="https:/website.com/page.asp?prm=" &
    request.querystring("prmname")
    I also tried to pass its value to a variable in the early part but the
    variable was empty when reaching the above code.

    But between the two statements there are alternating html and asp sections,
    perhaps variables and the querystring don't keep values between these?
    I'd prefer to do it with a variable because it seems more secure than a
    hidden textbox.

    Thanks again
    "Evertjan." wrote:

    > =?Utf-8?B?YXNwcXVlcnJpZXI=?= wrote on 22 nov 2008 in
    > microsoft.public.inetserver.asp.general:
    >
    > > Hi, I have a question on ASP (not .NET) I need (due to a strange ASP
    > > page design I am modifying) to pass a value from the querystring
    > > (which is received from the URL calling the form) to a HTML Submit
    > > input box so that it will be passed on to the form itself in a
    > > secondary iteration (the form is used as submitting to itself with
    > > many other values in user typed input fields which are passed
    > > succesfully). If I try to pass the querystring to a variable, and read
    > > the variable, it is empty after the user clicks 'submit'. So the
    > > question is, how does one programmatically populate a HTML text field
    > > with a value from the quesrystring (URL)? or, how does one
    > > programmatically pass a querystring value to the form itself if it
    > > submits to itself? Thanks

    >
    > <input value='<%=request.querystring("myValue")%>' name='myValue'>
    >
    > --
    > Evertjan.
    > The Netherlands.
    > (Please change the x'es to dots in my emailaddress)
    >
    aspquerrier, Nov 23, 2008
    #4
  5. aspquerrier

    Evertjan. Guest

    =?Utf-8?B?YXNwcXVlcnJpZXI=?= wrote on 23 nov 2008 in
    microsoft.public.inetserver.asp.general:

    > "Evertjan." wrote:
    >> <input value='<%=request.querystring("myValue")%>' name='myValue'>


    [Please do not toppost and quote signatures on usenet]

    > Thanks it worked beautifully.


    > Still, I don't understand why just trying to use the
    > request.querystring didn't work just before the submit to self part.
    > It does work in the earlier part of the form but later the same
    > statement gives a blank value. (What I originally tried to do was
    > simly to do this: <FORM METHOD="post"
    > ACTION="https:/website.com/page.asp?prm=" &
    > request.querystring("prmname")


    You are doing a form-post and a de facto form-get at the same time.
    This "works" somewhat but there is not much sense in it.

    > I also tried to pass its value to a
    > variable in the early part but the variable was empty when reaching
    > the above code.


    in sound code that is not possible,
    a serverside variable does not loose it's value just by accident.

    > But between the two statements there are alternating html and asp
    > sections, perhaps variables and the querystring don't keep values
    > between these?


    No.

    > I'd prefer to do it with a variable because it seems
    > more secure than a hidden textbox.


    Sorry, I do not understand what you mean,
    this perhaps:

    <%
    temp = request.querystring("myValue")
    %>
    <input value='<%=temp %>' name='myValue'>

    That is not more secure. If you send a variable value to the client,
    that value is NOT and NEVER secure.

    Do you bychance mean a [serverside, of course] session variable?

    If you send the value of a session variable to the client,
    also that is not secure.

    A session variable value in itself is secure on the server!

    --
    Evertjan.
    The Netherlands.
    (Please change the x'es to dots in my emailaddress)
    Evertjan., Nov 23, 2008
    #5
  6. Evertjan. wrote on 22 Nov 2008 20:18:12 GMT:

    > =?Utf-8?B?YXNwcXVlcnJpZXI=?= wrote on 22 nov 2008 in
    > microsoft.public.inetserver.asp.general:


    >> Hi, I have a question on ASP (not .NET) I need (due to a strange ASP
    >> page design I am modifying) to pass a value from the querystring
    >> (which is received from the URL calling the form) to a HTML Submit
    >> input box so that it will be passed on to the form itself in a
    >> secondary iteration (the form is used as submitting to itself with
    >> many other values in user typed input fields which are passed
    >> succesfully). If I try to pass the querystring to a variable, and
    >> read the variable, it is empty after the user clicks 'submit'. So the
    >> question is, how does one programmatically populate a HTML text field
    >> with a value from the quesrystring (URL)? or, how does one
    >> programmatically pass a querystring value to the form itself if it
    >> submits to itself? Thanks


    > <input value='<%=request.querystring("myValue")%>' name='myValue'>


    I would highly recommend not doing that. At the very least do some basic
    handling of the querystring value:

    <input value='<%=server.htmlencode(request.querystring("myValue"))%>'
    name='myValue'>

    Without the server.htmlencode call the browser can pass HTML or script code
    into the page and have it rendered within the page on the site, leaving
    visitors who follow a malicious link open to potential risk. For instance,
    with very little in the value the link could close the form and then open a
    new one, so that the form contents are sent to an entirely different server
    than the visitor expected.

    --
    Dan
    Daniel Crichton, Nov 24, 2008
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andy Elmhorst
    Replies:
    2
    Views:
    482
    Bassel Tabbara [MSFT]
    Jul 8, 2003
  2. Alek Davis
    Replies:
    15
    Views:
    7,182
    Scott M.
    Nov 12, 2009
  3. Larry Woods
    Replies:
    2
    Views:
    931
    Larry Woods
    Oct 22, 2004
  4. =?Utf-8?B?QmlsbCBNYW5yaW5n?=

    Deploy ASP.NET App -ASP.NET Not Installed

    =?Utf-8?B?QmlsbCBNYW5yaW5n?=, Nov 24, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    752
    Eric Pearson
    Dec 16, 2005
  5. Soren S. Jorgensen

    Accessing a ASP (not .NET) session from ASP.NET

    Soren S. Jorgensen, Jan 20, 2006, in forum: ASP .Net
    Replies:
    5
    Views:
    398
    Soren S. Jorgensen
    Jan 21, 2006
Loading...

Share This Page