carrying variables over more than 1 ASP page

[JulieS]

HI, I'm an ASP beginner, and have hit a snag.

I am trying to retain my position in a recordset (in my database) from one asp page to the next.

I have 3 pages:
1. an HTML page where the user enters her username and password.
2. an asp page which finds the user based on the username and password in the database. on this page, there is an option for the user to change their address.
3. a second asp page which changes the address.

the problem is this third page - when referring to request.form("variable&quot, i can only reference the immediate previous page (and i can't check the password all over again because the page is set so the password erases when the user clicks submit.

Any help would be greatly appreciated!!

Thanks,
Julie

 

[culshaja]

Use Session variables. these persist for the lifetime of the users session (which is usuallu up to 20 minutes after they leave the site!)

e.g.

Session("password") = 'letmein'

James James Culshaw
jculshaw@active-data-solutions.co.uk

http://www.active-data-solutions.co.uk

http://www.brainbench.com/transcript.jsp?pid=193305

 

[spacehawk]

You can also use hidden inputs in your form.

<%
password=request.querystring(&quot;password&quot
%>

<input type=&quot;hidden&quot; name=&quot;password&quot; value=&quot;<%=password%>&quot;>

As long as there is a form on each successive page, this works fine.
This is really an html solution to the problem.

 

[palbano]

Julie,

I prefer spacehawk's technique over the session method. However I would NOT forward the 'password' value. Instead I would do whatever lookup for the ID or whatever you need in the second page and forward that using a hidden variable to the third page.

1. an HTML page where the user enters her username and password.
2. an asp page which finds the user based on the username and password in the database. Generate hidden form variables on the page containing the index lookup information needed to find the users address record. on this page, there is an option for the user to change their address.
3. a second asp page which changes the address by looking up the users address by filtering the data based on the hidden form variables created by 'page2.asp'

&quot;But, that's just my opinion... I could be wrong&quot;.
-pete

 

[swilliams]

What I have done before (and I am not saying that this is the best way, or indeed a good way, it is just what I thought of at the time) is have the login page as you say.
When this is submitted do your lookup and if successful, get the userid, which is an auto number field in the database. Then on any subsequent page request, I pass the userid and the user name in the url (instead of in hidden form fields - don't ask me why) and on the requested page, the first thing I do is a check to see if the userid matches the user name. If it does not match then I redirect to a &quot;sorry&quot; page.

Doing this, someone trying to hack the site and bypass the login (if they do not want to guess the password for a known user) has to know that the variables are passed on the url, and guess the database generated auto number id for a particular user name. Also, the checking can be split out into an Include file which does the redirecting to the &quot;sorry&quot; page, so you do not have to code this over and over again - but that can be said for any repeated checking that you choose to implement.

Simon