[thelist] Possible Bug Form Validation ASP

Peter Brunone (EasyListBox.com) peter at easylistbox.com
Wed Feb 23 12:54:20 CST 2005


   You're absolutely right about carriage returns and textareas when using the querystring (i.e. don't).  What you should also remember is that input type="text" fields can have a similar problem if you don't encode special characters like spaces or tabs, to say nothing of slashes and dots.

   Any time you use any text input in a querystring, make sure you do *some* sort of encoding first.

Cheers,

Peter

 From: Rob Smith rob.smith at THERMON.com

So, you are saying that the code you posted works, but the following does
not?

That's correct. I even set up a inside the first test there.
No dice.

Don't do it. request.querysting("textarea_name") (and possibly
$_get["textarea_name"]) only retrieves the first line of material. Use
method="post" instead of method="get" when retrieving that info.

Just spent 10 minutes figuring out why an update query wasn't working when
using request.querystring("comments") and textareas. It knew that there was
more, but the information was truncated, along with the null end terminating
character. I hope that made sense. 

...unless someone can prove me wrong.

Rob
-- 


More information about the thelist mailing list