Retrieving text box values & Request.QueryString()

If you use the GET method when you create the form, you will need to use the Request.QueryString () method to process or collect the data from the form. With this method you can basically access any of the form fields such as text boxes, password boxes, check boxes, radio buttons, etc. However, the GET method is not recommended when you request the user to enter a lot of information or for personal information because this information will be added to the URL. The concern is that someone looking at the URL may learn about the personal data the user submitted or it may just make the URL very long. In fairness, remember the POST method does not add any extra security measures to protect the data that the user submits; instead, it only does not add the data to the URL.

Let's work with an example to show you how the GET method works. We will use the following HTML code to create a form:

<form method="GET">
First name: <input type="text" name="first_name"><br />
Last name: <input type="text" name="last_name">
<input type="submit" value="Submit Name">
</form>

The first line starts our form and specifies that we want to use the GET method. The <input> tags create our text boxes and the submit button. The name attribute is very important and make sure that you use a descriptive and relvant name to what you are asking the user to enter. Avoid names like text_box1, text_box2, etc. to avoid any possible confusion. Also, make sure the name you use is unique. We use the value of the name attribute to retrieve the value for that particular form element (in this case a text box).

This shows what our form looks like:

First name:
Last name:
Note
The information you submit with this form is not stored or validated! The output of your submission is shown below!

The following shows the ASP code to process our form:

<%
response.write "<h6>You entered......</h6>"
response.write "First name: " & Request.QueryString ("first_name")
response.write "<br>Last name: " & Request.QueryString ("last_name")
%>

In this code, we are using the response.write () object to send the output to the browser. The Request.QueryString () object, however, does the opposite: it collects the form data from the browser. The Request.QueryString ("first_name") says get the value of a form field called "first_name". Similarly, the Request.QueryString ("last_name") gets us the value for "last_name" field. Submit the form shown above to see the output here:

Output
You entered......
First name:
Last name:

Here are few things to note for this example. First of all, notice how the URL changes after the form is submitted. Specifically, prior to you submit the form, the URL of this page is http://www.scriptingmaster.com/asp/GET-method-retrieving-text-box-values.asp. However, after the form has been submitted it becomes something like:

Thus after a form is submitted, the "?" character and the field names (i.e., "first_name") and their respective values are added to the end of URL.

The second thing to note for this example is that the processing of our form is executed even when the user has not yet submitted the form! So how do we make sure that we execute our form processing scripts only after the form has been submitted? One of the ways to accomplish this is to execute our code only if we know the user has activated (i.e., by clicking or pressing enter key) the submit button. In the example, we add the name and value attributes to the submit button and this will help us determine whether or not the user has submitted the form:

<form method="GET">
Your Age: <input type="text" name="age" size="5" />
<input type="submit" value="Submit Age" name="SubmitAge" />
</form>

In this example, our submit button is named SubmitAge and the value for this button is Submit Age. When we process our form, will use this information to determine if the form has been submitted; specifically,:

<%
if request.QueryString("SButtonAge") <> "" then
response.write "The value of our submit button is "
response.write "<b>" & request.QueryString("SButtonAge") & "</b>"
response.write "<br>You submitted your age is "
response.write "<b>" & request.QueryString("age") & "</b>"
end if
%>

In this code we use a conditional IF statement to check the value of the submit button. If the value of this button is not empty, we know the button was activated thus the form has been submitted! Thus we will execute the form-processing code. If, however, our condition is not met (i.e., the value of ("SButtonAge" is empty or non-existence in the IF request.QueryString("SButtonAge") <> "" then)), we won't execute the form-processing code.

The following shows what our form looks like:

Your Age:
Note
Your input is not stored or validated! The output of your submission is shown below!