Know in ASP that it is the first time calling.

[Eitan]

Hello,
I want to know, wheter an asp (that call itself in "get" method, has passed
any parameter to itself).

i.e :
in the asp : test_asp.asp :
.....

<html>
<body>
<form action="test_asp.asp" method="get">
num : <input type="text" name="my_num" size="3"> <br>
<input type="submit" value="Submit">
</form>
<%
response.write("this is my input : " & Request.QueryString("my_num"))
' ... but I want the above will write the input also if it is empty = ""
' ... and also I want to check, whether it is the first time running the asp
(there is no queryString (count of it = 0))
' .... , so How can I do that ?
%>
</body>
</html>

....
Thanks

 

[CJM]

w3schools.com

 

[Roland Hall]

in message : Hello,
: I want to know, wheter an asp (that call itself in "get" method, has
passed
: any parameter to itself).
:
: i.e :
: in the asp : test_asp.asp :
: ....
:
: <html>
: <body>
: <form action="test_asp.asp" method="get">
: num : <input type="text" name="my_num" size="3"> <br>
: <input type="submit" value="Submit">
: </form>
: <%
: response.write("this is my input : " & Request.QueryString("my_num"))
: ' ... but I want the above will write the input also if it is empty = ""
: ' ... and also I want to check, whether it is the first time running the
asp
: (there is no queryString (count of it = 0))
: ' .... , so How can I do that ?
: %>
: </body>
: </html>

How about name for that form? How can one write empty input? You can test
if it is the first time by setting a session variable and testing for it, a
hidden form element and posting and testing for that, etc.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[larrybud2002]

Hello,
I want to know, wheter an asp (that call itself in "get" method, has passed
any parameter to itself).

i.e :
in the asp : test_asp.asp :
....

<html>
<body>
<form action="test_asp.asp" method="get">
num : <input type="text" name="my_num" size="3"> <br>
<input type="submit" value="Submit">
</form>
<%
response.write("this is my input : " & Request.QueryString("my_num"))
' ... but I want the above will write the input also if it is empty = ""
' ... and also I want to check, whether it is the first time running the asp
(there is no queryString (count of it = 0))
' .... , so How can I do that ?
%>

Put a hidden field in the form. If that field has a value (of whatever
value you set it to in the form), you know the form got posted.
Why use GET in the first place, however?

 

[Eitan]

....
How can I put a hidden field in the form.
Give me some sample code, please.

Thanks

 

[Sven Pernils]

Put something like <input type="hidden" name="postback" value="true"> in
your form

and on the script section of your file check for:

If Request.Form("postback") Then
'here goes your code if this page was posting to itself
End If

Regards
Sven

 

[larrybud2002]

Put something like <input type="hidden" name="postback" value="true"> in
your form

and on the script section of your file check for:

If Request.Form("postback") Then
'here goes your code if this page was posting to itself
End If

Eitan, also know that since you're using a GET, someone could spoof the
value of postback in the URL. You really should use a POST.

 

[Dave Anderson]

Eitan, also know that since you're using a GET, someone could spoof
the value of postback in the URL. You really should use a POST.

Are you suggesting that POST cannot be spoofed?



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.

 

[Sven Pernils]

Well spoofing the post method is a lot harder as it can't be seen in the URL
Secondly, you can put a lot more data in the post method

Conclution, everything can be spoofed, if there's a reason to spoof

Sven Pernils

 

[Roland Hall]

in message
: Well spoofing the post method is a lot harder as it can't be seen in the
URL
: Secondly, you can put a lot more data in the post method
:
: Conclution, everything can be spoofed, if there's a reason to spoof
:
: Sven Pernils

But you can have code to catch their attempts and redirect them.
http://kiddanger.com/lab/rejected.asp

If you post from my site, I respond with a message.
If you post this form from another site, I respond with a different message.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Dave Anderson]

Well spoofing the post method is a lot harder as it can't be seen in
the URL Secondly, you can put a lot more data in the post method

Any application that depends on client-side security is already broken.

Conclution, everything can be spoofed, if there's a reason to spoof

Try spoofing a one-time pad sometime.
http://www.ciphersbyritter.com/GLOSSARY.HTM#PerfectSecrecy



--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms. Please do not contact
me directly or ask me to contact you directly for assistance. If your
question is worth asking, it's worth posting.