Registration Form (2)
We can use the following code to check if these are correct. If an error does
occur, we add the error message to strError.
Dim strError
'validate the form
'check if a username has been entered
If Request.Form("username") = "" Then strError = strError
& "- Please enter a username<br>" & vbNewLine
'check if a password has been entered
If Request.Form("password") = "" Then strError = strError
& "- Please enter a password<br>" & vbNewLine
'check if the passwords are the same... but don't display it if the password
field is blank.
If Request.Form("password") <> Request.Form("password_confirm")
_
And Request.Form("password") <> ""
Then _
strError = strError & "-
Your passwords do not match<br>" & vbNewLine
Once we have performed the validation, we check to see if strError contains
any text. If it does, an error has occured, and we display a message. Otherwise,
we can continue:
If strError = "" Then
'continue
End If
If strError <> "" Then
'output the error message
'add extra HTML...
strError = "<p><font color=""#FF0000"">The
following errors occured:</font><br>" & vbNewLine &
strError
End If
You may wonder why we haven't condensed this code into an If... Then...
Else statement. This is because strError may well be filled inside the
continue block, so we want to check to see if it isn't empty again.
Now, we need to add some extra ASP code in order to display the validation
error that occured, and also remember any text the user has inputted. For example,
<input type="text" maxlength=20 name="username">
becomes
<input type="text" maxlength=20 name="username"
value="<%=Server.HTMLEncode(Request.Form("username"))%>">
|
Note
Although in most instances,
<input type="text" maxlength=20 name="username"
value="<%=Request.Form("username")%>">
would be perfectly sufficient, we add the Server.HTMLEncode command
to ensure that any 'funny' characters the user has entered (such as < and
") are still displayed correctly.
|
You can see the rest of the code we add in the final version of register.asp.
For now, we'll move on to creating the user's entry into the database (and checking
if the username has been taken or not). At this stage, we need to include the
database connection code:
<!--#include file="inc-dbconnection.asp"-->
and now we can execute an SQL statement to create the new record:
On Error Resume Next
sSQL = "INSERT INTO members (username,password) VALUES " & _
"('" & fixQuotes(Request.Form("username"))
& "','" & _
fixQuotes(Request.Form("password")) & "')"
cConn.Execute sSQL
|
Note
You will notice that within the SQL statement, we call a fixQuotes procedure.
This procedure replaces all occurrances of ' with '' in the username
and password fields. If we didn't do this, an error would occur when
a user entered a ' within the username or password field.
|
Once this statement has been executed, we need to check if an error has occured;
if it has, there is probably a conflict with an existing entry in the database
(ie the username is already in use)
If Err.Number = -2147217900 Then 'ATTENTION: this error number needs to be changed depending on the database format you are using
strError = "- That username is already in use. Please
choose another<br>" & vbNewLine
ElseIf Err.Number <> 0 Then
strError = "- An error occured. " & Err.Number
& " : " & Err.Description & "<br>" &
vbNewLine
Else
'restore standard error handling
On Error Goto 0
'record created... redirect
Response.Redirect "login.asp?msg=" & _
Server.URLEncode("Thank
you for registering. Please log in using your new username and password")
Response.End
End If
'restore standard error handling
On Error Goto 0
And that's it! Our registration form is complete. Now we can move on to create
our login form.