Chapter 34: ASP Forms
ASP Forms and User Input.
This is exactly the lesson that comes after ASP Procedures in the W3Schools Classic ASP tutorial, and it is the heart of why people used Classic ASP in the first place: to collect data from visitors, process it on the server, and show personalized or dynamic results.
I’m going to explain it like your favorite teacher who actually built dozens of Classic ASP contact forms, login pages, and shopping carts between 2002–2008 — slowly, clearly, with many real examples, good habits, security warnings, and the exact patterns you would see in production code back then (and still in many legacy Indian business systems in 2026).
1. The Big Picture — What “ASP Forms and User Input” Really Means
In Classic ASP, user input almost always comes from HTML forms (<form> tags).
The form sends data to the server using either:
- GET → data appears in the URL (?name=Rahul&city=Hyderabad)
- POST → data is sent in the request body (hidden from URL, better for passwords, longer data)
Classic ASP reads this data through five main Request collections:
| Collection | What it contains | Most common use case |
|---|---|---|
| Request.Form(“key”) | Data from <form method=”post”> | Login, registration, contact forms |
| Request.QueryString(“key”) | Data from URL (?key=value) | Search, pagination, links |
| Request(“key”) | Looks in Form and QueryString (convenient shortcut) | Most pages use this |
| Request.Cookies(“key”) | Cookie values | Remember login, preferences |
| Request.ServerVariables(“key”) | Server info (IP, browser, etc.) | Logging, analytics |
Golden Rule #1 (write this 10 times):
|
0 1 2 3 4 5 6 |
<%= Server.HTMLEncode(Request("username")) %> |
Never print user input directly — always use Server.HTMLEncode to prevent XSS attacks.
Golden Rule #2:
Most real Classic ASP pages use the same file to show the form and process it (action=”thispage.asp”).
2. Classic Pattern — Same Page Handles Form + Processing
File: contact.asp
|
0 1 2 3 4 5 6 |
<%@ Language=VBScript %> <% Option Explicit %> <!DOCTYPE html> <html> <head> <title>Contact Us</title> </head> <body> <h2>Contact Form</h2> <% Dim submitted, name, email, message, errorMsg submitted = False errorMsg = "" ' Check if form was posted If Request.ServerVariables("REQUEST_METHOD") = "POST" Then submitted = True name = Trim(Request.Form("name")) email = Trim(Request.Form("email")) message = Trim(Request.Form("message")) ' Very basic validation If name = "" Then errorMsg = errorMsg & "Name is required.<br>" End If If email = "" Then errorMsg = errorMsg & "Email is required.<br>" End If If message = "" Then errorMsg = errorMsg & "Message is required.<br>" End If If errorMsg = "" Then ' Here you would normally send email or save to DB Response.Write "<div style='color:green; font-weight:bold; padding:15px; border:2px solid green;'>" Response.Write "Thank you, " & Server.HTMLEncode(name) & "!<br>" Response.Write "We received your message and will reply to " & Server.HTMLEncode(email) & " soon." Response.Write "</div>" Else Response.Write "<div style='color:red; font-weight:bold; padding:15px; border:2px solid red;'>" Response.Write "Please fix these errors:<br>" & errorMsg Response.Write "</div>" End If End If %> <% If Not submitted Or errorMsg <> "" Then %> <form method="post" action="contact.asp"> <label>Name:</label><br> <input type="text" name="name" value="<%= Server.HTMLEncode(name) %>" size="40"><br><br> <label>Email:</label><br> <input type="text" name="email" value="<%= Server.HTMLEncode(email) %>" size="40"><br><br> <label>Message:</label><br> <textarea name="message" rows="6" cols="50"><%= Server.HTMLEncode(message) %></textarea><br><br> <input type="submit" value="Send Message"> </form> <% End If %> </body> </html> |
Important patterns here:
- Check REQUEST_METHOD = “POST” (or Request.Form(“somefield”) <> “”) to detect submit
- Use Trim() — users often add extra spaces
- Re-fill fields with value=”<%= Server.HTMLEncode(name) %>” after error
- Show success message instead of form after success
- Always Server.HTMLEncode user data in output
3. GET vs POST — Real Example Side-by-Side
GET example (search form — data in URL)
|
0 1 2 3 4 5 6 |
<form method="get" action="search.asp"> Search: <input type="text" name="q"> <input type="submit" value="Search"> </form> <% Dim query query = Trim(Request("q")) If query <> "" Then Response.Write "<p>You searched for: " & Server.HTMLEncode(query) & "</p>" ' Here you would query database with LIKE '%" & query & "%' End If %> |
POST example (login — sensitive data)
|
0 1 2 3 4 5 6 |
<form method="post" action="login.asp"> Username: <input type="text" name="username"><br> Password: <input type="password" name="password"><br> <input type="submit" value="Login"> </form> <% If Request.Form("username") <> "" Then Dim u, p u = Request.Form("username") p = Request.Form("password") ' Never store plain passwords — this is just demo If u = "admin" And p = "secret123" Then Session("LoggedIn") = True Response.Redirect "dashboard.asp" Else Response.Write "<p style='color:red;'>Invalid login!</p>" End If End If %> |
4. Teacher Summary – ASP Forms and User Input in Classic ASP
ASP Forms and User Input means:
- HTML <form method=”post”> or “get” → sends data to server
- Read data with Request.Form(“key”), Request.QueryString(“key”), or shortcut Request(“key”)
- Most pages use same-file processing (action=”thispage.asp”)
- Always re-fill fields after validation error using value=”<%= Server.HTMLEncode(value) %>”
- Never print raw user input — always Server.HTMLEncode or Server.URLEncode
- Validate on server (client validation was rare and easy to bypass)
- Use POST for sensitive data (passwords, personal info), GET for searches/filters
This is how millions of contact forms, login pages, search boxes, and checkout flows worked in Classic ASP — and many old Indian small-business, government, and internal systems still use exactly this pattern in 2026.
Next class?
- Want a full registration + login + session example?
- Or how to upload files in Classic ASP (very common request)?
- Or compare Classic ASP forms vs Razor forms side-by-side?
- Or move to the next W3Schools topic (ASP Cookies or ASP Sessions)?
Just tell me — I’m here! 🚀🇮🇳 Keep learning strong, Webliance! 😊
