This is the real meat of the demonstration !!
If you are serious about this matter, I believe that it is important that you look at and understand every line of code in all of the several files mentioned in here.
If you do not understand anything, please feel free to ask and I will try to explain.
showscript.asp?fn=do_dataInputPage.src will show the source for do_dataInputPage.asp .
- A block of "INCLUDE" files
The Include files are common to both of the major files - the details of them can be seen at webprot-8.asp
We will go through them in detail later.
- General Security Housekeeping
The "Functions" used in this block can be found in the included "general_functions.asp" file.
Note that the PageRef is "Checked" - if it is wrong, the "checking" function will terminate the page with an Error Message.
- Receiving Input Data from the submitting page
This creates local data variables from the "Form" data.
- Validating Input Data
This block does a bit of "pre-formatting" of the data.
The validating is done in the "Functions" - this means that if extra bits of validation are found to be necessary, it just means a change to an included file and not to lots of individual Active Server Pages !!
You may also want to look at emailaddresses.htm to understand my views on the subject of EMail Addresses.
- Check before adding to database table
This checks that a similar record has not already been added to the database.
If the "EMailAddress" is already in the database, then an Error Message will be sent and processing will stop.
You will also note that Error Messages are displayed by a "Function".
The Error Messages are stored in a database table - this means that Standard Messages are used for Standard Errors.
It also means that the words in a message can be changed quickly and simply.
- Add to database table
This adds a record in the database table which contains the data from the previous page.
The "Replace" technique is necessary to get Apostrophies into the record for example in the name "O'Rielly"
It also helps to avoid "SQL Injection" attacks.
Please also note the "your_info" data item - it contains information collected by the "SubscrText" function.
When a Hacker/Attacker gets past all our good script (and they will) it really is useful to know as much about them as you can !!
Well that is the second page over - it was not too difficult was it ??