Stop ASP script auto-running on page load - asp-classic

I'm having a problem here. I've created a page for adding records into a database, it's working fine however the asp script is running every time the page loads, inputting a blank record to the database each time the page is loaded, this is very annoying as it messes with other scripts I have. I feel I am being very stupid but all I need is for the script to run only once the submit button has been clicked, how do I get it to do this?
<!DOCTYPE html>
<html>
<title>
Teacher Registration
</title>
<body>
<h1>
Teacher registration
</h1>
<form name="teacherReg" action="Registration.asp" method="POST">
First name:<input type="text" name="firstname"><br>
Last name:<input type="text" name="lastname"><br>
Password :<input type="password" name="password">
<input type="submit" value="submit">
</form>
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Open ="Driver={SQL Server}; Server=QuizDynamics.db.11989315.hostedresource.com; Database=QuizDynamics; Uid=QuizDynamics; Pwd=Compostheap12!;"
set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Select * from teachers", conn
sql="INSERT INTO teachers (firstname, password, lastname)"
sql=sql & " VALUES "
sql=sql & "('" & Request.Form("firstname") & "',"
sql=sql & "'" & Request.Form("password") & "',"
sql=sql & "'" & Request.Form("lastname") & "')"
on error resume next
conn.Execute sql,recaffected
if err<>0 then
Response.Write("No update permissions!")
else
Response.Write("<h3>" & recaffected & " record added</h3>")
end if
conn.close
%>
</body>
</html>

Give your submit input a name attribute - eg submitbutton - then do something like
if request.form("submitbutton") <> "" then
'put your insert code here
End if

Related

Classic ASP dropdown menus, hold values

i'm working on something. So, i go to my Database and I want to ask what type of machine they want (base on the existings at the DB)
Then, i will check the model, depending on the type.
Last, The number of palets
exampe:
machine 1 has model 2, 3 and 4
machine 2 has model 1, 2 and 3
machine 1, model 2 has 13 palets, machine 2 model 2 has 15 palets
my code:
main.asp
<!DOCTYPE html>
<html>
<head>
<link href="mystyle.css" rel="stylesheet" type="text/css"/>
<script src="javascript/jquery-1.11.3.min.js"></script>
</head>
<body>
<!--Inicialization, ...-->
<%
dim model, typee, palete
typee=""
model=""
palete=""
dim perguntas(20)
Set conn = Server.CreateObject("ADODB.Connection")
Set conn2 = Server.CreateObject("ADODB.Connection")
conn_string = "Provider=sqloledb;Server=INF0148\SQLEXPRESS;Database=#####;Uid=####;Pwd=###########"
conn.commandTimeout = 60
conn.Open conn_string
Set rs = Server.CreateObject("ADODB.Recordset")
Set rs2 = Server.CreateObject("ADODB.Recordset")
function options(value, data, select_id)
Response.Write ("<option value=""" & value & """")
if request.form(select_id) = value then
Response.Write ("selected")
end if
Response.Write(">" & data & "</option>")
end function
%>
<div id="main">
<!--choose type of machine-->
<form method="post">
<select name="maq" id="maq" onchange="this.form.submit()">
<option value="">Type of Machine:</option>
<%
conn.close
conn.Open conn_string
rs.Open "SELECT DISTINCT Type FROM models", conn
do until rs.EOF
for each x in rs.Fields
options x.value, x.value, "maq"
next
rs.MoveNext
loop
%>
</select>
</form>
<%typee=Request.Form("maq")%>
<!--Choose model-->
<form method="form">
<select name="model" id="model" onchange="this.form.submit()">
<option value="">Model:</option>
<%
conn.close
conn.Open conn_string
rs.Open "SELECT DISTINCT Model FROM models WHERE Type='"&typee&"'", conn
do until rs.EOF
for each x in rs.Fields
options x.value, x.value, "model"
next
rs.MoveNext
loop
model=Request.Form("model")
%>
</select>
</form>
<!--Number of Palets-->
<form method="post">
<%
conn.close
conn.Open conn_string
rs.Open "SELECT N_Palets FROM Models WHERE Type='"&typee&"' AND Model='"&model&"'", conn
dim temp
temp=0
do until rs.EOF
for each x in rs.Fields
if not IsNull(x.value) then
if temp=0 then
response.write("<select name=palets id=palets onchange=""this.form.submit()"";>")
response.write("<option value="">Number of Palets:</option>")
temp=1
end if
options x.value, x.value, "palets"
end if
next
rs.MoveNext
loop
paletes=Request.Form("palets")
%>
</form>
</div>
</body>
</html>
so, when i choose the type... it's ok, the page displays the right models... when i choose the model, page reload and i loose everything.
Can you help me?
Submitting a form only submits the fields that are on that form, not any of the other fields on other forms. That's why submitting one of your child forms loses everything. To fix it, add hidden fields with the necessary parent data.
<!--Choose model-->
<form method="post">
<input type="hidden" name="maq" value="<%=Request.Form("maq")%>">
<select name="model" id="model" onchange="this.form.submit()">
[...]
</select>
</form>
For the palets form, add both the machine & model as hidden fields.

.asp honeypot for contact form

I'm caught in a hard place where I am being forced to use ASP classic on some web forms. I don't want to get spammed, but I am unaware of how to create a honeypot with .asp classic.
Is this possible or will I have to use a captcha field?
Or is there a better way to prevent spam with asp classic?
Form Fields:
<div class="row">
<div class="col-md-offset-1 col-md-10">
<form class="form-horizontal" role="form" method="post" action="submit.asp">
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="text" class="form-control" name="Name" placeholder="Name" required/>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="email" class="form-control" name="Email" placeholder="Email" required/>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="tel" class="form-control" name="Phone" placeholder="Phone Number">
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<input type="text" class="form-control" name="Subject" placeholder="Subject">
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<textarea name="Info" class="form-control" rows="3" placeholder="Message"></textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-8">
<button class="btn btn-theme btn-lg btn-block"type="submit" value="Send">Send message</button>
</div>
</div>
</form>
<%
Dim EmailFrom
Dim EmailTo
Dim Subject
Dim Name
Dim Phone
Dim Email
Dim Questions
EmailFrom = "name#company.com"
EmailTo = "chad.bridges#company.com"
Subject = Trim(Request.Form("Subject"))
Name = Trim(Request.Form("Name"))
Phone = Trim(Request.Form("Phone"))
Email = Trim(Request.Form("Email"))
Questions = Trim(Request.Form("Info"))
Dim Body
Body = Body & "Name: " & VbCrLf
Body = Body & Name & VbCrLf
Body = Body & "Subject: " & VbCrLf
Body = Body & Subject & VbCrLf
Body = Body & "Phone: " & VbCrLf
Body = Body & Phone & VbCrLf
Body = Body & "Email: " & VbCrLf
Body = Body & Email & VbCrLf
Body = Body & "Questions: " & VbCrLf
Body = Body & Questions & VbCrLf
Dim ObjSendMail
Set ObjSendMail = CreateObject("CDO.Message")
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") ="10.000.00.000"
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 00
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False
ObjSendMail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
ObjSendMail.Configuration.Fields.Update
ObjSendMail.To = "chad.bridges#company.com"
ObjSendMail.Subject = "Website Request"
ObjSendMail.From = EMailFrom
ObjSendMail.TextBody = Body
ObjSendMail.Send
Set ObjSendMail = Nothing
Response.Redirect("Index.html#contact")
%>
I have had good luck with using 3 types of spam prevention on every submit page even sign in and sign up pages. Because ASP is kind of old you might want to keep it simple and only use numeric values as checks with one hidden spam bot field.
Keep the human approach.
Note: Code is just pieces of my active site, take the ideas and be creative for your site.
Email Forms: hidden field, math question and captcha.
Registration page: math question and captcha.
Login (sign in): math question.
1. Hidden field
<input type="hidden" name="email" value="" />
Maybe your code looks like this:
Response.Write("<input type=""hidden"" name=""email"" value="""" />" & vbCrLf)
2. Numeric question:
This requires a simple function and it does a very good job. We want to randomize numbers 1 to 9 so no answer is ever higher than 18 and never 0.
str1R = RandomNumber(1,9)
str2R = RandomNumber(1,9)
Session("str3") = (str1 + str2)
Function RandomNumber(LowNumber, HighNumber)
RANDOMIZE
RandomNumber = Round((HighNumber - LowNumber + 1) * Rnd + LowNumber)
End Function
HTML might look like:
<label>Question: What is <%=str1R%> + <%=str2R%> ?</label>
<div>
<div>
<input type="number" name="question" id="question" required />
<input type="hidden" name="a" id="a" value="1" />
</div>
</div>
strA = Request.Form("a")
strQuestion = Left(Request.Form("question"),2)
If IsNumeric(strQuestion) Then
'do notta
Else
strQuestion = -1
End If
If IsNumeric(Session("str3R")) Then
Session("str3R") = Trim(Session("str3R"))
Else
Session("str3R") = 0
End If
strMath = ((Session("str3R") - strQuestion) = 0) 'Now we have True or False
If (strMath = True) Then 'Do your ASP Classic Stuff.
Select Case strA
Case 1
'Sends Email
Case 2
'Submits Registration
End Select
End If
3. CAPTCHA I mean the CheckCAPTCHA() function not those "I can't ever seem to read" I've used numeric values for Captcha for 16 years and only had 2 complaints, when I tried the more complex versions so many couldn't see the letters and numbers very clearly. (ASP = OLD + Members)
Google:
Dim newBitmap(21,87) Dim vDistort(8)
In the number one slot of your google results should be the full ASP Classic Numeric Captcha code. It's old, It's Numbers, It works.
I don't think modern BOTS even detect this old bitstream. (humor)
If you need working examples just ask, takes a bit to setup a test page but if you're new to forms and need spam prevention it's best to learn more than one method.
At any "False" point of all form submissions you should know if it's Human or BOT.
I often stop code on BOT traffic with Response.End
With Humans I response with instructions and what might have gone wrong "The math question, you missed it by x much"
The Math Question can be replaced with an image "What is in this picture?" using a dog,apple, cat, something with limited possible responses.
I recommend going with the general best practices for preventing form spam. This is typically done on the client side (honeypots, captchas, etc.) so using Classic ASP (a server side technology) doesn't matter. Also, there's nothing special about Classic ASP that will help or hinder your attempts to block spam.
With that said, you'll find some good ideas in the answers to this question:
How to prevent robots from automatically filling up a
form?

ADO Adding record to table only adding one value

So i'm using ADO to add data into a sql database, here's my raw code:
<!DOCTYPE html>
<html>
<body>
<h1>
Teacher registration
</h1>
<form name="teacherReg" action="http://hr-computing/public/AlexS/Tests/login.asp" method="POST">
First name:<input type="text" name="firstname"><br>
Last name:<input type="text" name"lastname">
<input type="submit" value="submit">
</form>
<%
set conn=Server.CreateObject("ADODB.Connection")
conn.Open ={ private }
set rs=Server.CreateObject("ADODB.recordset")
rs.Open "Select * from teachers", conn
sql="INSERT INTO teachers (firstname, lastname)"
sql=sql & " VALUES "
sql=sql & "('" & Request.Form("firstname") & "',"
sql=sql & "'" & Request.Form("lastname") & "')"
on error resume next
conn.Execute sql,recaffected
if err<>0 then
Response.Write("No update permissions!")
else
Response.Write("<h3>" & recaffected & " record added</h3>")
end if
conn.close
%>
</body>
</html>
It's working but only adding the value of firstname into the table, not lastname aswell, I can't see where i'm going wrong, any help guys?
Change <input type="text" name"lastname">
to
<input type="text" name="lastname">
You are missing an equals sign.

Passing a parameter from Radio Button & Check Box, to an email, using an HTML page

I have a form that is HTML, it involves a few string questions, a radio button, and a check box question. After the form is filled out, the info is then passed to an aspx page which sends out an email with the info. I am able to pass the string questions to the email, but am having trouble passing the radio button answer and the check box answers to the aspx and to then to the email. I have the code for the HTML set, I need help with the code for the ASPX page.(it is VB) Here is the code I have so far.
HTML
<form id="form" method="post" action="SendEmail.aspx" enctype="multipart/form-data" name="questions">
<div class="Qblock">Name: <input type="text" class="input" value="" name="contact_name" /></div>
<div class="Qblock">Phone #: <input type="text" class="input" value="" name="contact_phone" /></div>
<div class="Qblock">E-Mail: <input type="text" class="input" value="" name="contact_email" /></div>
<div class="Qblock">How many years have you been in this industry?<input type="text" class="input" value="" name="contact_long" /></div>
<div class="Qblock">What is your specialty?<input type="text" class="input" value="" name="contact_special" /></div>
<div class="Qblock">Do you have a cell phone?
<input type="radio" name="P1" value="Yes" /> Yes <input type="radio" name="p1" value="No" /> No <br /></div>
<div class="Qblock">Can you do any of the following? (check all that apply)<br />
<input type="checkbox" name="ckBox" value="CustSer" /> Handle Customer Service<br />
<input type="checkbox" name="ckBox" value="ReadForm" /> Read Expense Reports<br />
<input type="checkbox" name="ckBox" value="NewCust" /> Sign Up New Customers<br /></div>
ASPX
Protected Sub RetrieveValues()
Dim sTemp As String = String.Empty
sFromName = "asMark#gmail.com"
sToName = "asMarkContent#gmail.com"
sSubject = "Web - Contact Us Inquiry"
sTemp = String.Format("{0}{1}{2}", "<<< Marketing Opportunities >>>", vbCrLf, vbCrLf)
sTemp = String.Format("{0}{1}{2}{3}", sTemp, "Name: ", Request.Params("contact_name"), vbCrLf)
sTemp = String.Format("{0}{1}{2}{3}", sTemp, "Phone: ", Request.Params("contact_phone"), vbCrLf)
sTemp = String.Format("{0}{1}{2}{3}", sTemp, "Email: ", Request.Params("contact_email"), vbCrLf)
sTemp = String.Format("{0}{1}{2}{3}", sTemp, "How many years have you been in this industry? ", Request.Params("contact_long"), vbCrLf)
sTemp = String.Format("{0}{1}{2}{3}", sTemp, "What is your specialty? ", Request.Params("contact_special"), vbCrLf)
End Sub
First, let me introduce you to the StringBuilder which makes code a little easier to read.
Second, radio buttons will come over as a normal name/value pair just like regular text fields so you can process them the same way. Whatever you put in the value on the HTML side will be what's submitted and what you have is good. I would recommend that you make sure the name values both use the same case, however. On the ASPX side you should be fine but its a good practice to assume some things might be case-sensitive. (You have P1 and p1 right now.) You might also want to default one of the radio button to checked, probably the no one. If you don't and someone fills out the form without checking either the email will be empty for that field.
Checkboxes will come over as a comma-separated list so if someone checks all three options you'll get the string CustSer, ReadForm, NewCust. You might want to give the values something a little more descriptive but that's up to you. But you can treat the checkbox the same way as any other form field and just use it by name.
Protected Sub RetrieveValues()
Dim sTemp As New System.Text.StringBuilder()
sTemp.AppendFormat("{0}{1}{1}", "<<< Marketing Opportunities >>>", vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "Name: ", Request.Params("contact_name"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "Phone: ", Request.Params("contact_phone"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "Email: ", Request.Params("contact_email"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "How many years have you been in this industry? ", Request.Params("contact_long"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "What is your specialty? ", Request.Params("contact_special"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "Do you have a cell phone? ", Request.Params("P1"), vbCrLf)
sTemp.AppendFormat("{0}{1}{2}", "Can you do any of the following? ", Request.Params("ckBox"), vbCrLf)
End Sub
Lastly, I would recommend using Request.Form over Request.Params. If someone went to your page and manually added any of the form fields to the query string the form field itself would get ignored. For instance, if they navigated to Form.aspx?contact_name=Bob Dole and filled out Bob Smith in the name field you would see Bob Dole on the server side. This is because the query string is searched for before the form fields. In this case it doesn't really matter that much but in future forms some malicious website could link to your website and pass weird values to the form. I'd recommend just always using Request.Form and Request.QueryString.
Okay, the last paragraph was "lastly" so I guess this is "one more thing". The method you are using is only half of the way to ASP.Net. What you have is more of the conversion from ASP classic/PHP to .Net. It's not wrong at all but you are missing the full power of ASP.Net web controls. There's way more than I can write but to give you an idea you would replace:
<input type="text" class="input" value="" name="contact_special" />
With:
<asp:Textbox runat="server" id="contact_special" />
This would allow you to use a RequiredFieldValidator which would use both javascript and server-side code to make sure that the field was filled out:
<asp:RequiredFieldValidator runat="server" ControlToValidate="contact_special" ErrorMessage="Required" />
Don't make this change for this form probably but going forward I would encourage you to investigate the web controls.

ASP (VBscript) radio buttons not returning value

I have 2 very simple pages, an HTML page and a classic ASP page .. the html page has a form which calls (and sends) the data to the ASP form (which then prints out the data)
The problem is I'm not getting the value of the radio button, I'm simply just getting "on".
Here is the html:
<form action="form.asp" method="post">
<strong>Gender:</strong>
<input type="radio" value"male" name="gender">Man
<input type="radio" value"female" name="gender">Woman<p></p>
<strong>Size:</strong>
<input type="text" width="20" name="size" size="4"><p></p>
<strong>Color:</strong>
<select size="1" name="color">
<option>blue</option>
<option>green</option>
<option>black</option>
</select><p></p>
<input type="submit" value="Send Order">
</form>
and here is the ASP
<%
Dim strgen, strsize, strcol
strgen = Request.form("gender")
intsize = Request.form("size")
strcol = Request.form("color")
Response.write "Your gender: " & strgen & "<br />"
Response.write "Your size: " & intsize & "<br />"
Response.write "The color you ordered: " & strcol & "<br />"
%>
Like I said, all I'm getting for "strgen" is "on" ...
There's typos in your code, missing equals sign.
value"male"
should be
value="male"
Because the value was ignored it was returning the default value of "on"
Try using an html validator as www.htmlvalidator.com. This site offers a free one which is good (I'm using the professional version myself).
This will find such types immediatly (and will save you countless hours of searching).

Resources