Forms - how to handle error processing

Results 1 to 5 of 5

Thread: Forms - how to handle error processing

  1. #1
    Jim Cruff Guest

    Default Forms - how to handle error processing

    Question about processing and editing forms:<BR><BR>As I see it, there are two ways to do edit checking within forms. Have a user enter data into a form in program A. When the user presses Submit, send the user to program B to edit the data. If there are errors, send the user back to program A to fix the data. If there are no errors, send the user to program C. <BR><BR>This makes for a lot of ASP pages but it’s pretty simple to follow. But, then you have the problem of passing data from program B to program C because in Program B, you are doing a Response.Redirect so you can’t pass Form variables, only QueryString variables, which can be a security issue.<BR><BR>The second way is to do edit checking with the same program that contains the form. In other words, the Action method send the form to itself and do the editing within the same program.<BR><BR>The more I write forms, the less that I am convinced that the first option is the best option. I know that this is very subjective and there is no set answer, but I&#039d like to hear how other programmers are process and editing forms.<BR><BR>Thanks for your views,<BR>Jim

  2. #2
    Join Date
    Dec 1969
    Posts
    293

    Default RE: Forms - how to handle error processing

    I agree with the second option. The error processing I use the most is sending the user back to the same page they entered the information and check for errors.

  3. #3
    Nathen Grass Guest

    Default RE: Forms - how to handle error processing

    I perform form-validation using client-side scripts. If the user submits a form and a field is left empty or a date is entered incorrectly I try to make sure it doesn&#039t go to the server at all. I feel that you shouldn&#039t make the server do what you can already do on the client. In addition if you make your validation scripts as generic as possible you can easily migrate them to any and all forms that you create.

  4. #4
    Paul Mutton Guest

    Default NEVER validate with client-side script!

    I strongly disagree with the idea of using client-side scripting as the only method of form validation.<BR><BR>For simple purposes, it is ok, but for truly robust and secure applications, you should never use client-side scripting as the only method of validation.<BR><BR>The reason for this is that the user is able download the page and alter the client-side script and hence have the potential to submit invalid data using the form.<BR><BR>The ideal solution is to have client-side script for simple validation and also have validation in the ASP file that the data is sumbitted to. This way, most users will have the client-side script tell them that they have made an error. On the other hand, any &#039hackers&#039 who try to manipulate the client-side script will be foiled by the validation on the ASP page.<BR><BR>paul_merton@hotmail.com


  5. #5
    Nathen Grass Guest

    Default RE: NEVER validate with client-side script!

    I guess I can understand where you&#039re coming from with not using client-side script to validate forms, but I believe it is redundant to have the server do what can be done on the client. If you have a site that is processing millions of requests a day you&#039re going to need every bit of processing power your server(s) can muster to handle server-specific functions. The notion of validating forms on the client is to help reduce network traffic as well as shave off some time that the server actually processes the form. Granted the time saved may be a second or less but multiply that by a million requests and you have yourself quite a bit time saved.<BR><BR>And, yes, it is possible for a &#039hacker&#039 to modify your client-side code if he downloads your page, but what is the &#039hacker&#039 really accomplishing here. He&#039ll be able to submit a form and get an error that tells him that the database can only accept 8 characters for a field instead of the 12 he entered. The validation is to make sure the fields are proper but also to provide a user-friendly way of saying a field was entered incorrectly without putting the load on the server. You can also put a check in your ASP form processing script to make sure that the request came from your domain, or better yet, from the proper URL of the form. If a hacker changed your code he would have to submit the form from his web site and the URL check would ensure anything coming from an URL not specifed in the script would not be processed. If the hacker hacked your web site and had complete access to the files then it wouldn&#039t matter what method you used to validate because he could change any file.<BR><BR>I&#039m not trying to say what you do is wrong, because it&#039s not. One thing I&#039ve learned from working in the industry is everyone has their own style of programming. I just think that the situation dictates what method you use.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •