Whats going wrong

[andyc209]

i want to make sure a value posted from a form field is numeric so I can do some maths on it.

I am trying to use cast but keep getting the error

Microsoft VBScript compilation error '800a03ee'

Expected ')'

line 19


the code at that line is

b_capital=CAST(request("adjcapital") as numeric (18, 2))

thsnks for any help

 

[gmmastros]

Cast is a SQL Server function. Since you are using ASP, you need to use ASP functions.

ASP has an IsNumeric function that works pretty well. Specifically, you pass it a string and it returns a boolean indicating whether the string CAN be converted to ANY number data type.

I have a couple of specialty VB6 functions that should work in ASP with very few modifications.

Public Function IsPositiveInteger(ByVal Value As String) As Boolean

    If Trim(Value) = "" Then
        IsPositiveInteger = False
    Else
        IsPositiveInteger = IsNumeric("-" & Value & ".0e0")
    End If

End Function

Public Function IsInteger(ByVal Value As String) As Boolean
    
    If Trim(Value) = "" Then
        IsInteger = False
    Else
        IsInteger = IsNumeric(Value & ".0e0")
    End If
    
End Function

-George

"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom

 

[DotNetGnat]

I would suggest using a simple javascript validation function that implements regular expression to check the input of the form field...that way are making sure that user always enters numbers before reaching to the point where you can do request("myfield")...

-DNG

 

[gmmastros]

I thought javascript runs client side, which makes cross-site scripting vulnerabilities possible. I thought it was better to rely on server-side only code to validate request data. I mean... the client side javascript code is fine to 'also' have, but you should still validate server side also.

Am I wrong?

-George

"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom

 

[DotNetGnat]

client-side validation is much faster and saves round-trip to server...it also reduces the amount of work the server has to do...

-DNG

 

[gmmastros]

That doesn't really answer my question, does it?

If you rely on client-side validation ONLY, you open yourself up to cross-site scripting vulnerabilities.

-George

"The great things about standards is that there are so many to choose from." - Fortune Cookie Wisdom

 

[vicvirk]

you are correct, George, you should do server side validation...do the client side to make it run faster (i.e. the user can't submit unless the form validates) and then use the isNumeric() function in ASP to validate again on the server.

I don't know about cross-site scripting vulnerabilities but if you only check the input on the client it's easy for the user to get around it - all they have to do is turn off their javascript and your client side script becomes useless.

TIP: trying googling the answer before posting, you'll find that more times than not someone else somewhere has had the same request and posted an answer online.
----
I have recently been semi-converted to ensuring all my code (well most of it) works in both javascript and non-javascript enabled browsers

 

[DotNetGnat]

I agree George, server-side validation is a must. Client side validation is just an add-on.

-DNG