We can use the following code to check if these are correct. If an error does
occur, we add the error message to strError
.
Dim strError
'validate the form
'check if a username has been entered
If Request.Form("username") = "" Then strError = strError
& "- Please enter a username<br>" & vbNewLine
'check if a password has been entered
If Request.Form("password") = "" Then strError = strError
& "- Please enter a password<br>" & vbNewLine
'check if the passwords are the same... but don't display it if the password
field is blank.
If Request.Form("password") <> Request.Form("password_confirm")
_
And Request.Form("password") <> ""
Then _
strError = strError & "-
Your passwords do not match<br>" & vbNewLine
Once we have performed the validation, we check to see if strError contains any text. If it does, an error has occured, and we display a message. Otherwise, we can continue:
If strError = "" Then
'continue
End If
If strError <> "" Then
'output the error message
'add extra HTML...
strError = "<p><font color=""#FF0000"">The
following errors occured:</font><br>" & vbNewLine &
strError
End If
You may wonder why we haven't condensed this code into an If... Then...
Else
statement. This is because strError may well be filled inside the
continue block, so we want to check to see if it isn't empty again.
Now, we need to add some extra ASP code in order to display the validation error that occured, and also remember any text the user has inputted. For example,
<input type="text" maxlength=20 name="username">
becomes
<input type="text" maxlength=20 name="username"
value="<%=Server.HTMLEncode(Request.Form("username"))%>">
Note |
You can see the rest of the code we add in the final version of register.asp. For now, we'll move on to creating the user's entry into the database (and checking if the username has been taken or not). At this stage, we need to include the database connection code:
<!--#include file="inc-dbconnection.asp"-->
and now we can execute an SQL statement to create the new record:
On Error Resume Next
sSQL = "INSERT INTO members (username,password) VALUES " & _
"('" & fixQuotes(Request.Form("username"))
& "','" & _
fixQuotes(Request.Form("password")) & "')"
cConn.Execute sSQL
Note |
Once this statement has been executed, we need to check if an error has occured; if it has, there is probably a conflict with an existing entry in the database (ie the username is already in use)
If Err.Number = -2147217900 Then 'ATTENTION: this error number needs to be changed depending on the database format you are using
strError = "- That username is already in use. Please
choose another<br>" & vbNewLine
ElseIf Err.Number <> 0 Then
strError = "- An error occured. " & Err.Number
& " : " & Err.Description & "<br>" &
vbNewLine
Else
'restore standard error handling
On Error Goto 0
'record created... redirect
Response.Redirect "login.asp?msg=" & _
Server.URLEncode("Thank
you for registering. Please log in using your new username and password")
Response.End
End If
'restore standard error handling
On Error Goto 0
And that's it! Our registration form is complete. Now we can move on to create our login form.
Comments