[Just spent 10 minutes figuring out why an update query wasn't working when using request.querystring("comments") and textareas.] Thats because a URL is limited to 1024 bytes, this used to be exploited using the ISAPI buffer overlfow hack whereby you could take control of an (IIS(older)) server by sending code in an URL which exceedes that limitation(eventually it would get run). w -----Original Message----- From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org]On Behalf Of Rob Smith Sent: 23 February 2005 18:37 To: 'thelist at lists.evolt.org' Subject: RE: [thelist] Possible Bug Form Validation ASP <snip author="Matt Warden"> So, you are saying that the code you posted works, but the following does not? <% if not request.form("submit") = "" then ... end if %> <html> <form method="post" action="add.asp"></form> </html> </snip> That's correct. I even set up a <%="Hello?"%> inside the first test there. No dice. <tip type="Mixing Textareas and Method=get"> Don't do it. request.querysting("textarea_name") (and possibly $_get["textarea_name"]) only retrieves the first line of material. Use method="post" instead of method="get" when retrieving that info. Just spent 10 minutes figuring out why an update query wasn't working when using request.querystring("comments") and textareas. It knew that there was more, but the information was truncated, along with the null end terminating character. I hope that made sense. ...unless someone can prove me wrong. </tip> Rob -- * * Please support the community that supports you. * * http://evolt.org/help_support_evolt/ For unsubscribe and other options, including the Tip Harvester and archives of thelist go to: http://lists.evolt.org Workers of the Web, evolt !