Asp. NET--server of commonly used built-in objects

Brief introduction

The server object is an instance of HttpServerUtility and a property of the context object that provides a helper method for handling Web requests.

Common Members

One, Server.MapPath () method

Method signature: public string MapPath (string path)

Description: Specifies a virtual path that is passed in to return the physical path on the Web server that corresponds to the virtual path. Equivalent to the Request.mappath () method.

Second, Server.Execute () method

Method signature: public void Execute (string path)

Description: Executes the handler for the specified virtual path in the context of the current request, and then executes the page returned to the calling it.

Popularly speaking, that is, the current page called the Server.Execute method to execute a specified path of the page, the content is nested in the current page, you can achieve an iframe similar effect.

Example plots:

WEBFORM2.APX content:

<%@ Page Language="C #"AutoEventWireup="true"codebehind="WebForm2.aspx.cs"Inherits="Webapplication2.webform2" %><!DOCTYPE HTML><HTMLxmlns= "http://www.w3.org/1999/xhtml"><Headrunat= "Server"><Metahttp-equiv= "Content-type"content= "text/html; charset=utf-8"/>    <title></title></Head><Body>    <formID= "Form1"runat= "Server">    <Div>        <%Response.Write ("I am page 2"); %>    </Div>    </form></Body></HTML>

Let's take a look at a picture to see how it works:

From the view of the source code of the Web page, it can be seen that the Execute method will specify the path of the page execution output, as part of the page to display, this technology can achieve an IFRAME-like function, the parent page nested a sub-page

Third, Server.Transfer () method

Method signature: public void Tarnsfer (string path)

Description: Terminates execution of the current page for the current request (the current page) and executes a new page based on the incoming URL.

In fact, the Server.Transfer () method can be seen as an internal redirect, which is taken over by the server's internal resources,

The browser is unaware of the request, and the HTPP message cannot be found. Also note that the method redirects the requested page resource to be internal to the server and cannot redirect the external Web site.

Example plots:

The address bar of the browser does not change after execution, because it is internal, the browser does not know, so the address bar or the URL of the page before the transfer

Vulgar Solution:

Server.Transfer is like a bus station, a 596 bus with a group of passengers to the site, said, to change another driver,

The new driver was on the bus, followed by a new driver and a new passenger, and continued to drive the 596 bus. The URL of the page is unchanged, and the URL is like a bus line number (596) that has not changed.

Note: It is also important to note that the method cannot be redirected to Ashx's generic handler page, otherwise it will report a "subquery error"

Iv. differences between Server.Execute (), Server.Transfer () and Response.Redirect ()

1. The core of the three methods can be seen from the literal meaning of the three, then a simple summary according to the keywords:

Server.Execute (): Execute. Executes the page corresponding to the path on the current page, as part of the page, based on the specified path passed in.

SERVER.TRANSFE (): Transfer. At the execution of the method, end the contents of the current request output, transfer to a specified page, and output the contents of the new page.

Response.Redirect (): Re-send. After the client request is executed, the method is returned to the browser 304 status code, allowing the browser to request the redirect () method to specify the path of the page once the HTTP request is made.

2. The common denominator of the three:

You can specify a path parameter, and then, based on this path, implement the page that corresponds to the execution path of the jump.

3. The difference between the address bar:

After the Server.Execute () and Server.Transfer () methods perform the output, the address bar of the browser does not change, or the address of the current request.

However Response.Redirect () will tell the browser to send an HTTP request together, the final address bar will send a change, the address bar is the address of the Redirect () method parameter path.

4.server.execute () and Server.Transfer () differences:

The two are very similar on the surface, the address bar does not change after execution, and the execution results are similar. In fact, the two are essentially different,

Server.Execute () actually executes a page, executes the output in the current page, and the lower part of the current page is also output.

However, the Server.Transfer () method executes, the request output of the current page is interrupted, transferred to another page, and the next section shows the contents of another page.

The difference between 5.server.transfer () and Response.Redirect ():

Both are formally the same, and are redirected to another resource. After the Response.Redirect () method executes, it returns a 304 status code to the browser,

The browser sends an HTTP request in accordance with the specified path. If the requested page executes the Response.Redirect () method, you can actually see the relevant clues in the HTTP message.

Then Server.Transfer () is an internal redirect, and the browser is unaware of its operation, and no clues can be seen in the HTTP message.

Another thing is that redirect can pass an external address and redirect the external Web site, however transfer can only qualify that the incoming path resource must be inside the server. The redirect method is relatively flexible.

V. Server.HTMLEncode () method

Method signature: public string HtmlEncode (string s)

Description: A string content if it contains HTML tags, then the output to the client browser will parse into an HTML tag,

If we do not want this string containing HTML content to be output as a label, but instead to output the string content, then using the Server.HTMLEncode () method can be implemented.

Example Image:

Note: The original mode outputs the string content instead of parsing it into an HTML tag, and the Encode () method actually replaces those with HTML characters with special escape characters.

Server.HTMLEncode () method actual application Situation 1

Suppose we have a comment function in the project, this time if the user reviews the content, is a special meaning of the JavaScript script, if the smooth execution of the save into the database,

And just read the comment page to the server response to the context. Response.ContentType = "text/html"; this form,

Then when the user reads this comment, the script executes, and we are likely to have a risk that the script is intentionally disrupting the system's operation.

At this point, we can use the Server.HTMLEncode () method to comment on the content to be processed, just let the parameter is purely a string representation of the content.

Server.HTMLEncode () Practical Example Scenario 2:

Requirements: A programmer's community that needs to share code exchange, providing the ability to submit comments and read comments accordingly

Interface:

When the backend server receives this parameter, the. NET platform will report an error,

This shows that. NET has a test barrier for the parameters submitted by the client, but according to the functional design, the script code submitted here is considered safe, so it is necessary to close the. NET barrier.

How to close:

Set the Requestvalidationmode in the HttpRuntime tab in the configuration file to 2.0

Second, this page instruction set set ValidateRequest property is False (here is only for WebForm program settings, other applications refer to https://msdn.microsoft.com/en-us/ Library/hh882339.aspx)

In this way, the server can save the content of the code meaning to the database, when reading the comment, we use the Server.HTMLEncode () method to the content of the code meaning, and then respond to the browser, the browser can display this contains the meaning of the code string, Why use the Server.HTMLEncode () method when reading it because the default Response.Write () Ken will escape the content to the browser, the browser will execute this code script.

Vi. Server.htmldecode () method

Method signature: public string HtmlDecode (string s)

Description: Parses a string containing the meaning of HTML content into an HTML label output to the browser

Example Image:

Based on the Encode () method Reasoning, the Encode () method actually displays the characters in the string that have HTML meanings instead of the special escape characters, so the HtmlDecode () method can also parse the string that means the escape character into an HTML tag.

Note: The server calls the context. The Response.Write () method outputs a string, if the string is HTML meaning,

Then the server defaults to using the Server.htmldecode () method output to the browser, of course, this also depends on the settings of the Context.Response.ContentType property

Vii. Server.URLEncode () method and Server.urldecode () method

Server.URLEncode (): Pass a URL format string, encode the URL, popular understanding for encryption

Server.urldecode (): Decodes the Server.URLEncode () encoded URL and restores the original

Example plots:

Conclusion: The characteristics of two methods, we can request some important pages, the use of encoding and decoding method to improve the security of the request URL address.

The above knowledge points according to the study, unceasingly realizes after the knowledge unceasingly anatomy

Asp. NET--server of commonly used built-in objects