The Form collection is indexed by the names of the parameters in the request body. The value of Request.Form(element) is an array of all the values of element that occur in the request body. You can determine the number of values of a parameter by calling Request.Form(element).Count. If a parameter does not have multiple values associated with it, the count is 1. If the parameter is not found, the count is 0.
To reference a single value of a form element that has multiple values, you must specify a value for the index parameter. The index parameter may be any number between 1 and Request.Form(element).Count. If you reference one of multiple form parameters without specifying a value for index, the data is returned as a comma-delimited string.
When you use parameters with Request.Form, the Web server parses the HTTP request body and returns the specified data. If your application requires unparsed data from the form, you can access it by calling Request.Form without any parameters.
.gif "Note") Note: |
|---|
When using ASP and posting large amounts of data more than 100 KB,
Request.Form cannot be used. If your application requires posting data greater than this limit, a component can be written that uses the Request.BinaryRead method.
|
You can iterate through all the data values in a form request. For example, if a user filled out a form by specifying two values, Chocolate and Butterscotch, for the FavoriteFlavor element, you could retrieve those values by using the following script.
<%
For i = 1 To Request.Form("FavoriteFlavor").Count
Response.Write Request.Form("FavoriteFlavor")(i) & "<BR>"
Next
%>
The preceding script would display the following.
You can use this technique to display the parameter name, as shown in the following script:
<%
For i = 1 to Request.Form("FavoriteFlavor").count %>
Request.Form(FavoriteFlavor) = <%= Request.Form("FavoriteFlavor")(i)_
%> <BR>
<% Next %>
This script displays the following in the browser.
Request.Form(FavoriteFlavor) = Chocolate
Request.Form(FavoriteFlavor) = Butterscotch
Example Code
Consider the following HTML form:
<FORM ACTION = "/scripts/submit.asp" METHOD = "post">
<P>Your first name: <INPUT NAME = "firstname" SIZE = 48>
<P>What is your favorite ice cream flavor: <SELECT NAME = "flavor">
<OPTION>Vanilla
<OPTION>Strawberry
<OPTION>Chocolate
<OPTION>Rocky Road</SELECT>
<P><INPUT TYPE = SUBMIT>
</FORM>
| Note: |
|---|
If your form includes multiple objects with the same name (for example, HTML
SELECT tags), the item in the form collection will be a comma-delimited list of all the selected values.
|
From that form, the following request body could be sent:
firstname=James&flavor=Rocky+Road
The following script can then be used:
Welcome, <%= Request.Form("firstname") %>.
Your favorite flavor is <%= Request.Form("flavor") %>.
The following output is the result:
Welcome, James. Your favorite flavor is Rocky Road.
.gif "Caution note") Caution: |
|---|
In the example above, the user's input is echoed without validation, which could pose a security risk.
|
For more information, see MS Press - Writing Secure Code
If the following script is used:
The unparsed form data is: <%= Request.Form %>
The output would be:
The unparsed form data is: firstname=James&flavor=Rocky+Road