ASP code Writing Standard

Standard

Common source code formatting rules
1.1 Development tools

It is recommended that you use the Microsoft Visualinterdev to write your ASP code, write HTML code using Macromedia's Dreamweaver, or use development tools such as UltraEdit, ASPEdit2000, and so on.

1.2 Indent spaces

Indented spaces are two to four spaces at each level. Do not leave the tab character in the source code because the tab character represents a different width depending on the different user settings and different resource management tools (print, document, version control, and so on).

1.3 Data legality Check

All form submission pages, the form must fill in the project and fill out the illegal input of the project in the page using JavaScript on the client to judge, if you have to compare server-side data to determine whether the entry is correct not in this case.
All submitted information (get mode and post method) must be verified on the server side for data validation and filter illegal characters (&; ' \ "|*?~<>^ () []{}$\n\r), for example, replace" ' "with" "(two single quotes) Number (the work of the replacement string will use the common checkinputstring (str) function uniformly), and for numeric variables, check that the data entered is all numbers (using Isfinite or isNaN in JavaScript). Use IsNumeric in VBScript).

1.4 Parameter Pass

It is recommended that you use the Post method instead of the Get method.
Do not use Get method, session or other way to pass the SQL statement;
Prohibit the use of get way to pass a large number of query strings, especially the Chinese characters, HTTP Protocol transfer form field is more efficient than query string, and with a large query string page in some browsers will be invalidated;
Prohibit the use of sessions, cookies to pass the necessary parameters during a non session.

1.5URL

Contains header files, page links, submitted pages, used pictures, if the reference is such as "include", "image" and other public parts, you must use absolute path, that is, the virtual root directory "/" to start the path to improve operational efficiency. For example:

6.4 Use the simplest cursor type and record locking method

There are four different types of cursors defined in ADO:
L Dynamic Cursors (adopenforwardonly)-for viewing additions, changes, and deletions made by other users, and for various types of movement in a bookmark-independent recordset. Bookmarks can be used if the provider supports them.
L-Keyset cursor (adOpenKeyset)-behaves like a dynamic cursor, except that it prevents viewing of records added by other users and prevents access to records deleted by other users, and changes to data made by other users will remain visible. It always supports bookmarks, so it allows various types of movement in the recordset.
L static cursor (adopendynamic)-Provides a static copy of a collection of records to find data or generate reports. It always supports bookmarks, so it allows various types of movement in the recordset. Additions, changes, or deletions made by other users will not be visible. This is the only cursor type that is allowed when the client (ADOR) Recordset object is opened.
L A forward-only cursor (adopenstatic)-behaves like a dynamic cursor except that it only allows scrolling forward in a record. This can improve performance when you need to move one way in the recordset.

Set the CursorType property to select the cursor type before opening the recordset, or use the open method to pass the CursorType parameter. All cursor types are not supported by partial providers. Please check the documentation for the provider. If you do not specify a cursor type, ADO opens the forward-only cursor by default.

There are four different types of cursors defined in ADO:
ladlockreadonly-default value, read only. Unable to change data.
ladlockpessimistic-Conservative record Locking (article-by-article). The provider performs the necessary actions to ensure that the record is successfully edited, typically by locking the record of the data source immediately when editing.
ladlockoptimistic-Open Record Lock (article by article). The provider uses optimistic locking to lock records only when the Update method is invoked.
ladlockbatchoptimistic-Open batch update. Batch update mode to reverse the immediate update mode.

Set the LockType property before opening the recordset to specify the type of locking that the provider should use when opening. Read this property to return the type of locking that is being used on the open Recordset object. The LockType property is read/write when the recordset closes and is read-only when it is opened.

You should use the simplest cursor types and record locking methods that are appropriate for processing tasks during the actual use process. For example:

Open only a static recordset and output:
rs.opensql,conn,0,1 ' Adopenforwardonly,adlockreadonly
Fields in the open Recordset have the text type:
rs.opensql,conn,1,1 ' Adopenkeyset,adlockreadonly

6.4SQL String Filter

All string input boxes must be checked by a string filter function when submitting queries to the database, inserting, deleting, or modifying a record, namely:
Character type: "'", "" "in the content of the replication submission (checkinputstring () with the public function). and check to see if the string is too long.
Numeric type: Use IsNumeric () to determine whether the input is a number.
Integer: Use int (), Fix (), Round () to intercept its integral value.
Date type: Use the IsDate () function to determine if the correct date is entered.

6.5SQL Transaction Execution

Transactions to a database operation should generally be performed using SQL stored procedures. For database operations that need to be performed in an ASP page, all inserts, deletes, and modifies the database must not use the Recordset object, and the use of the Connect object is required to execute with the SQL statement, and the recordset is used only when executing the query. All operations that retrieve the database prohibit the use of "Select*from ..." and use "select field one, field two, field three,... From ... ".

Closing of 6.6ADO objects

In all connected database pages, ADO objects such as connect and recordset must be closed immediately after use, and then the objects will be released (set***=nothing).

Seven, Cookies
Scope of the 7.1Cookies

The path attribute of the cookie specifies the specific path of the cookie to return to the server. In order for cookies to work throughout the entire site, the domain attribute should be set to: "/",
The domain properties of cookies limit the place where cookies can be served by the browser. In order for cookies to work in all subsites of the site, the domain attribute should be set to: ". yourdomain.com". The value is placed as a constant cookie_domain in the public file of the site. That

Response.Cookies ("UserName"). Path= "/"
Response.Cookies ("UserName"). Domain=cookie_domain

The validity period of 7.2Cookies

The Expires property of cookies Sets the end time for cookies. You must not set this property if you want to create a session of cookies that you want to expire after the customer has finished browsing.

7.3Cookies of security

The sensitive information inside the cookie must be encrypted, which is defined in the Public key function library.

1.5URL
Contains header files, page links, submitted pages, used pictures, if the reference is such as "include", "image" and other public parts, you must use absolute path, that is, the virtual root directory "/" to start the path to improve operational efficiency. For example:
<ahref= "/index.asp" >


Within a relatively independent module, you can use relative paths to improve portability. However, the use of ".." is prohibited. Return to the previous directory, which is prohibited from using a similar "... /images/logo.gif "URL. The relative path is written as follows: