My Account Subscribe Help About
Sign In | Register FREE
Tuesday, April 14, 2026
Former Nato chief warns UK security 'in peril' as he accuses Starmer of 'corrosive complacency'US blockade of Iranian ports explained in two minutesWe will name police and social workers unless action taken, Southport families lawyer saysGreek police using masked migrants to forcibly push other migrants back across borderChalamet thanked by Royal Ballet and Opera boss for boosting ticket salesWhat's changed since Harry and Meghan last visited Australia in 2018?Watchdog investigates 11 police officers over handling of Wimbledon school crashWhy doctors' strikes can actually lead to shorter waiting times and what it costsTeenager charged over Primrose Hill stabbingJorginho withdraws criticism of Chappell RoanTitanic rescue hero's gold watch could go for £100kLebanon seeks peace, but Hezbollah needs to be convinced firstOil prices ease on hopes of new US-Iran peace talksIsraelis war-weary but most oppose Iran ceasefire, poll suggestsTracking the ships crossing the Strait of HormuzOasis among record number of British acts entering Rock & Roll Hall of FameChris Mason: How Lammy and Vance's unlikely friendship is being utilisedAdam Peaty on his return to the pool, LA 2028 and Gordon Ramsay's wedding speechHow Trump’s Jesus-like image and feud with the Pope are sparking backlashHospital at centre of child HIV outbreak caught reusing syringes in undercover filmingI was minutes from dying - then I heard the lifeboat crewman's voiceWhy one school has banned phones for some pupils - but not othersIrish musician Moya Brennan dies aged 73Al Fayed enablers 'must face accountability', survivors sayRetrial over death of Argentina legend Maradona to beginSouth Korea jails 90-year-old woman for laundering son's drug moneyBBC News appAmericanswers... on 5 Live! Donald Trump vs Pope Leo on IranThe "Systemic Failures" Before The Southport AttackJeers and defensive crisis - Carrick facing first big Man Utd test
FDN » ASP & VBScript » Server-Side Form Validation

Server-Side Form Validation

ASP & VBScript code_sample asp 2 views

Server-Side Form Validation

Always validate form input on the server, even if you also validate with JavaScript on the client. This code sample shows a complete validation pattern in ASP.

Registration Form with Validation

<%@ Language="VBScript" %>
<%
Option Explicit

Dim strUsername, strEmail, strPassword, strConfirm
Dim arrErrors()
Dim intErrorCount
intErrorCount = 0

If Request.ServerVariables("REQUEST_METHOD") = "POST" Then
    strUsername = Trim(Request.Form("username"))
    strEmail    = Trim(Request.Form("email"))
    strPassword = Request.Form("password")
    strConfirm  = Request.Form("confirm")

    ' Validate username
    If Len(strUsername) < 3 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Username must be at least 3 characters."
    End If

    ' Validate email (basic check)
    If InStr(strEmail, "@") = 0 Or InStr(strEmail, ".") = 0 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Please enter a valid email address."
    End If

    ' Validate password
    If Len(strPassword) < 8 Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Password must be at least 8 characters."
    End If

    ' Confirm password match
    If strPassword <> strConfirm Then
        intErrorCount = intErrorCount + 1
        ReDim Preserve arrErrors(intErrorCount - 1)
        arrErrors(intErrorCount - 1) = "Passwords do not match."
    End If

    ' If no errors, process the registration
    If intErrorCount = 0 Then
        ' Insert into database, create session, redirect...
        Response.Redirect "welcome.asp"
    End If
End If
%>

<html>
<head><title>Register</title></head>
<body>
<h1>Create an Account</h1>

<% If intErrorCount > 0 Then %>
<div style="color:red;border:1px solid red;padding:8px;margin-bottom:12px;">
  <strong>Please fix the following errors:</strong>
  <ul>
  <% Dim e : For Each e In arrErrors %>
    <li><%= Server.HTMLEncode(e) %></li>
  <% Next %>
  </ul>
</div>
<% End If %>

<form method="post" action="register.asp">
  <p>Username:<br>
    <input type="text" name="username"
           value="<%= Server.HTMLEncode(strUsername) %>"></p>
  <p>Email:<br>
    <input type="text" name="email"
           value="<%= Server.HTMLEncode(strEmail) %>"></p>
  <p>Password:<br>
    <input type="password" name="password"></p>
  <p>Confirm:<br>
    <input type="password" name="confirm"></p>
  <p><input type="submit" value="Register"></p>
</form>
</body>
</html>

Key Principles

  • Always HTMLEncode output: Use Server.HTMLEncode() when echoing user input back to the page to prevent XSS attacks.
  • Validate on the server: Client-side JavaScript validation improves UX but can be bypassed. Server-side validation is the security boundary.
  • Preserve form values: On validation failure, re-populate the form fields with the submitted values so the user does not have to retype everything.
  • Use parameterized queries: When inserting validated data into the database, always use ADODB.Command with parameters — never concatenate user input into SQL strings.
« Back to ASP & VBScript « Back to FDN