Saturday, June 6, 2026 Sign InRegister FREE My Account Help
FDN Portal
FDN » ASP & VBScript » Server-Side Form Validation

Server-Side Form Validation

ASP & VBScript code_sample asp Updated June 5, 2026 8 views

Server-Side Form Validation

Always validate form input on the server, even if you also validate with JavaScript on the client. This code sample shows a complete validation pattern in ASP.

Registration Form with Validation

<%@ Language="VBScript" %>
<%
Option Explicit

Dim strUsername, strEmail, strPassword, strConfirm
Dim arrErrors()
Dim intErrorCount
intErrorCount = 0

If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
    strUsername = Trim(Request.Form("username"))
    strEmail    = Trim(Request.Form("email"))
    strPassword = Request.Form("password")
    strConfirm  = Request.Form("confirm")

    ' Validate username
    If Len(strUsername) < 3 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Username must be at least 3 characters."
    End If

    ' Validate email (basic check)
    If InStr(strEmail, "@") = 0 Or InStr(strEmail, ".") = 0 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Please enter a valid email address."
    End If

    ' Validate password
    If Len(strPassword) < 8 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Password must be at least 8 characters."
    End If

    ' Confirm password match
    If strPassword <> strConfirm Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Passwords do not match."
    End If

    ' If no errors, process the registration
    If intErrorCount = 0 Then
        ' Insert into database, create session, redirect...
        Response.Redirect "welcome.asp"
    End If
End If
%>

<html>
<head><title>Register</title></head>
<body>
<h1>Create an Account</h1>

<% If intErrorCount > 0 Then %>
<div style="color:red;border:1px solid red;padding:8px;margin-bottom:12px;">
  <strong>Please fix the following errors:</strong>
  <ul>
  <% Dim e : For Each e In arrErrors %>
    <li><%= Server.HTMLEncode(e) %></li>
  <% Next %>
  </ul>
</div>
<% End If %>

<form method="post" action="register.asp">
  <p>Username:<br>
    <input type="text" name="username"
           value="<%= Server.HTMLEncode(strUsername) %>"></p>
  <p>Email:<br>
    <input type="text" name="email"
           value="<%= Server.HTMLEncode(strEmail) %>"></p>
  <p>Password:<br>
    <input type="password" name="password"></p>
  <p>Confirm:<br>
    <input type="password" name="confirm"></p>
  <p><input type="submit" value="Register"></p>
</form>
</body>
</html>

Key Principles

  • Always HTMLEncode output: Use Server.HTMLEncode() when echoing user input back to the page to prevent XSS attacks.
  • Validate on the server: Client-side JavaScript validation improves UX but can be bypassed. Server-side validation is the security boundary.
  • Preserve form values: On validation failure, re-populate the form fields with the submitted values so the user does not have to retype everything.
  • Use parameterized queries: When inserting validated data into the database, always use ADODB.Command with parameters — never concatenate user input into SQL strings.
« Previous Database Access with ADO
Next » ASP Fundamentals
More in ASP & VBScript
« Back to ASP & VBScript « Back to FDN
FlameNet Weekly: the best of the forum, freshest listings, top Q&A — delivered every Sunday.
13 members · 0 new today · 0 online now · 787 posts in last 24h