asp, oracle and server side validation

[arc]

anyone help me out here. i don't really understand what im being asked to do

Ability to input new dvd titles and associated data. (server side validation)

I've made an ASP page that connects to the database, simple web form on it to collect data and then when u hit submit it sends it to the oracle database.

That all works nicely. But what kind of server side validation can i do on it? The only kinda thing i can see as being possible would be client side validation - making the client check that the field lengths etc on the forms are correct.

The only bit of server side i can see going on is the initial DB connection where it verifys user / name password.

HELP!!!

 

[The Negotiator]

hmm, ignore my use of "validation" and "verfication" because I can't remember the difference between them...

But, can't your server side also do the same validation to ensure that the probablity of data being received incorrect is low, also use of check digits or whatever?

 

[arc]

the thing is though the server is an ASP webserver, and an oracle database server.

I can't see how i could possibly run scripts on them to validate anything

 

[moogs]

and remember quite often the people issuing briefs mightn't know the difference between server and client side. But they will have heard the term and sometimes throw it in to look special.

Anything you could do in this instance server side you might as well do client side.

 

[arc]

its for an assignment, and it does specifiy i have to do server side on one of the forms and client side on the other.

but what i'm saying is i just can't see how i can get it to even do any server side validation, ingoring wether its worth doing or not.

 

[arc]

ok, i know what i'm doing now

Basically trapping errors that oracle bounces back, then making the script take the appropiate action

 

[hmallett]

Anything you could do in this instance server side you might as well do client side.

Nooooooooooo! For web apps you can't trust the client side, only the server side (E.g. What if you validate in Javascript, and the user has javascript disabled?)
Also, the validation may be referring to things such as the characters you pass to your database insert - if you try to insert a " in the middle of a field, it may give an error unless you escape the character before the insert. (I don't know much about asp!)
H

 

[moogs]

Yeah, by client side I was referring also to the code in the page, so I suppose I should be shot for my understanding of client side. I meant after the form has been submitted but before sending to DB ie. not javascript. My bad.

 

[bulldog5046]

server side validation would be things like checking the cells contain correct data, eg.

price should be in a currency format

title should be text

length should be a time format

etc etc.

that help?

 

[arc]

yeah. thats what im tryin to do - but how do you do that in oracle / asp

 

[philbo]

one day ill know what the hell you lot are talking about

maybe

 

[arc]

anyone know much about ASP - got summit else i'm,trying to sort out now

 

[Alex]

you need to check the kind of data that the user has inputted is correct for the db fields you're updating or inserting into. Many people don't have java script enabled. Also hackers (and people like me) love sql injection, buffer overrun hacking and any other method to generally break stuff, so you need to filter out characters like ; ' and " (or escape them somehow check out oracle knowledge base on escaping special characters also do a search on the other things I mentioned)

if you want any more info PM me.

 

[bulldog5046]

as alex said SQL injection is evil :devil: very easy to perform aswell, sorry i cant help you in too much detail as i dont know ASP atall or Oracal.