ASP.NET Basics (Part 7): Command and Control - The Last Action Hero

(Page 2 of 7 )

HTML forms are typically used to obtain information from visitors to a Web site - things like their name, mailing address, phone number, and the like- and this information is then processed in a variety of different ways. Some sites store it in a database; others email it to the webmaster; and still other simply redirect it to the trash basket. By using ASP.NET and C# to process a form, you can write simple code snippets that accomplish all of these actions.

Let's begin with a simple example.

<html>

<head>
<basefont face="Arial">
</head>

<body>

<center>
<form method="GET" action="sanctum.aspx">
<table cellspacing="5" cellpadding="5" border="0">

<tr>
<td>
<font size="1">Who dares to disturb the Council?</font>
</td>
<td align="left">
<input type="text" name="name" size="10">
</td>
</tr>

<tr>
<td colspan="2" align="center">
<input type="submit">
</td>
</tr>

</table>
</form>

</center>
</body>

</html>

The most critical line in this entire page is the <form> tag.

<form method="GET" action="sanctum.aspx">
...
</form>

As you probably already know, the ACTION attribute of the <FORM> tag specifies the name of the server-side script - "sanctum.aspx" in this case- that will process the information entered into the form, while the METHOD attribute specifies the manner in which the information will be passed.

Once the form has been submitted, the script "sanctum.aspx" is called upon to parse the data entered into the form. At this point, the script simply reads the name entered into the form, and displays a message containing that name; however, at a later point, it will be modified to grant or deny access based on the name entered.

<html>
<head>
<basefont face="Arial">
</head>

<body>
<center>
<script language="c#" runat="server">
void Page_Load()
{   

    // sanctum.aspx

    // define the variables
    string fname;

    // assign values
    fname = Request.QueryString["name"];

    // print the details
    Response.Write("Welcome to the Inner Sanctum, " + fname + "!");

} 
</script>
</center>
</body>
</html>

And now, if you enter some data into the form (say, "joe"), this is what you should see:

Welcome to the Inner Sanctum, joe!

An explanation is in order here. As always, the first step is to define the variables that will be used throughout the script - in this case, the variable "fname".

<%
    // define the variables 
    string fname;
%>

Next, the value of the form variable "name" has to be assigned to the C# variable "fname" - this is accomplished with the use of the "QueryString" property of the Request object, which accepts the name of a form control (in this case, the solitary text field in the form) as a parameter and returns the value entered into that control.

<%
    // assign values
    fname = Request.QueryString["name"];
%>

Unlike many other objects in C#, the Request object is an "implicit" object, so called because you do not need to explicitly create an instance of the object when you want to use it. The "QueryString" property is just one of the many properties available in this object - I'll be exploring some of the others as well in this tutorial.

Once the value of a form variable has been assigned to a C# variable, it can be treated in exactly the same manner as other C# variables. In the example above, the Write() method of the Response object handles the task of printing the welcome message, with the name incorporated into it.

<%
    // print the details
    Response.Write("Welcome to the Inner Sanctum, " + fname + "!"); %> 

You can also use the POST method (which offers greater security and reliability) to process form data - simply alter the HTML form so that the METHOD used is POST.

<form method="POST" action="sanctum.aspx">
...
</form>

You'll also need to update the ASP.NET script "sanctum.aspx" to use POST data instead of the URL GET method. This update consists of using the Request object's "Form" property instead of the "QueryString" property, as illustrated below:

<html>
<head>
<basefont face="Arial">
</head>

<body>
<center>
<script language="c#" runat="server">
void Page_Load()
{   
    // sanctum.aspx

    // define the variables
    string fname;

    // assign values
    fname = Request.Form["name"];

    // print the details
    Response.Write("Welcome to the Inner Sanctum, " + fname + "!");

} 
</script>
</center>
</body>
</html>

You can add a conditional test to deny access to all but the most favoured:

<html>
<head>
<basefont face="Arial">
</head>
<body>
<center>
<script language="c#" runat="server">
void Page_Load()
{   

    // sanctum.aspx

    // define the variables used 
    string fname;

    // assign values
    fname = Request.Form["name"];

    // print the details
    if (fname == "thomson")
    {
        Response.Write("Welcome to the Inner Sanctum, Commander Thomson!");
    }
    else
    {
        Response.Write("Get lost, loser, before we beat you to a pulp!");
    }

} 
</script>
</center>
</body>
</html>

Next: Requesting More >>
 

More ASP.NET Articles
More By Harish Kamath (c) Melonfire

Comments On: ASP.NET Basics (Part 7): Command and Control

>>> Be the FIRST to comment on this article!