Article
Handling Submitted Data with ASP
POST Variables
I mentioned in my explanation of the previous example that forms can use one of two methods: GET or POST. The former submits values as part of the query string, while the latter submits them behind the scenes, in the body of the HTTP request. Besides the security advantage I mentioned, POST variables may also contain much more information (even the contents of an entire file!) than a URL query string would allow. There are, however, two downsides to using POST variables:
- You can’t bookmark the result of a form submission that uses the POST method, because the bookmark does not contain the submitted variables and their values. A GET method submission stores all that in the query string that is part of the URL, and thus becomes part of the bookmark.
- POST variables can only be created as a result of a form being submitted, while query string variables can be included as part of a standard link, or can be generated by a form using the GET method. With some clever JavaScript, you can create an invisible form on your page, and submit it when the user clicks on a standard link, but this is a clumsy solution at best.
On the plus side, working with POST variables in ASP is very similar to accessing query string variables. You just have to use the Form collection instead of the QueryString collection. Thus, to print the value that was typed into a form named "testvalue", you would use the following line of code:
Response.Write Request.Form("testvalue")
In some cases, however, you’ll want to be able to access the value of a variable, whether it’s submitted in the query string, as part of a form, as a cookie, or even as a server variable (like the "SCRIPT_NAME" value we used in the previous example). A convenient feature of the Request object lets you access a variable from any of these sources, simply by treating the Request object as a collection in and of itself (e.g. Request("variableName")). This short-form method of value retrieval is extremely convenient. In fact, you'll probably want to use it in every case, except those times where, for security or other reasons, you want to make sure that a variable is sent from a particular source.
As an exercise, rewrite the personalized welcome message example in the previous section, and use this shorthand notation wherever possible (there are three places in the script that it can be used).
Summary and Resources for Further Reading
In this article, you’ve learned how to use ASP to process submitted values that are provided either through a query string in a normal link, or by asking the user to submit a form. In the process, you learned some of the important built-in objects that ASP provides: Request, Response, and Server. Although we didn't have time to fully explore all of the methods, properties, and collections that these objects provide, you should now know enough to use the online documentation to learn about what else is available.
In the next article in this series, we'll learn about a two other important built-in objects: Application and Session, which allow you to build not just dynamic pages, but also complete Web applications! If you're in a hurry to get started, the online ASP documentation accompanying Microsoft IIS or PWS are good places to start; however, less experienced readers may prefer to invest in a good book. WROX Press offers several titles for different levels of experience; check out my reviews of them to find out which is best for you!