General ASP development specifications (personal standards)

To standardize program code writing, improve code readability, reduce post-maintenance costs, and improve office efficiency, we recommend that you write programs in the future according to the following specifications:

I. Unify VBScript and ASP programming specifications:

(1) variable naming rules:

Because no variables need to be declared in ASP and VBScript, and the types of variables cannot be declared at the same time, to improve code readability, develop a good development habit, the unified naming rules for variables developed by the system are as follows:

1. Declare variables using dim, public, and private;

Example: dim istudentnum

2. Expression of variable types:

A. Integer variable: It starts with a lowercase letter I, followed by a variable identifier, and the first letter of an English word is capitalized.

For example, the following statement specifies the number of variables recorded in a database.

Dim iresordsetnumber

B. Single-precision entity variable: starts with a lowercase letter F, followed by a variable identifier, and the first letter of an English word is capitalized.

C. double-precision entity variable: starts with a lowercase letter D, followed by a variable identifier. The first letter of an English word must be in uppercase.

D. Character variables: Start With lowercase letter S;

E. boolean variable: it must start with a lowercase letter B;

F. array variables: array type + "_" + "array" + "_" + "variable identifier"

For example, define an array for storing student scores (storing Single-precision object type variables)

Dim f_array_studentmark

3. The variable identifier must comply with the identifier standard and be easy to understand. Use English words instead of abbreviations or abbreviations.

For example, the string variable for storing the alumni address book is defined:

Dim sschoolfellowaddresslist;

Although this definition is troublesome during input, it greatly improves the readability of the program and can be seen in its variable name. It is also convenient to search for variables. Speed and performance are always different. To facilitate the latter, we only sacrifice the speed.

4. Add a comment on the variable function definition after the variable definition.

(2) constant naming rules:

The Type representation is the same as the above. The difference is that all the identifiers following it are capitalized, for example:

Define the constant type of a storage language:

Const slanguage_type = "Chinese"

(3) functional functions and process naming rules:

1. Use Function to declare a function and sub to declare the process;

2. The first letter of the function name or process name is capitalized, and the first letter of each word is capitalized.

For example:

Function checkvalidityofinput (sstuentmark)

'Write code here

............

End Function

3. The function name or process name must be easy to read and clear.

4. Add a comment before the function to describe the function, parameter description, creation date, modification date, modification reason, creator, modifier, and other related information.

(4) code indent standard:

To improve the appearance and ease of coding, the layout format of code writing is presented here: the interval and interval are separated by a <tab>.

For example:

'*************************************** ********************

'Function: Checks single quotes in the input string. If yes, the original single quotes are converted into two

'Single quotes, two into four, and so on, to avoid SQL statement execution errors.

'Created by: xxxx

'Creation time: 2002-7-6

'Modification time:

'Reason for modification:

'Modifier:

'Input parameter description: sinputstring: string for single quotes Detection

'*************************************** ********************

Function checkvalidityofinput (sinputstring)

Dim icirculationcontrol 'controls the loop

Dim sapartstring 'separator character Detection

Dim ilenofinput 'input character Length

Ilen = Len (TRIM (sinputstring ))

For icirculationcontrol = 1 to ilen

If mid (sinputstring, icirculationcontrol, 1) <> "'" Then

Sapartstring = sapartstring &_

Mid (TRIM (sinputstring), icirculationcontrol, 1)

Else

Sapartstring = sapartstring &"''"

End if

Next

Checkvalidityofinput = sapartstring

End Function

Ii. Unified JavaScript programming specifications:

The naming rules of JavaScript are the same as most of the above. The only difference is that the variable is declared using VAR and ended with a semicolon (;) after the declaration ends.

The code of the function requires a clear hierarchy. Write the code in the next line as far as possible. Do not complete all the code in the next line. This does not seem easy and it takes a lot of time to check for errors.

When writing a function, remember to add comments so that you can quickly understand the program functions during future maintenance.

The following is a javascript program:

<Script language = "JavaScript">

//************************************** *********************************

// Function: the text, password, and textarea objects in form are processed in single quotes.

// System error.

// Created by: xxxx

// Creation Time: 2002-7-8

// Modification time:

// Reason for modification:

// Modifier:

//************************************** ********************************

Function checkelement ()

{

VaR sneedcheck = ""; // check the content of the input label.

VaR icontrolinput = 0; // control loop

VaR ilocationinput = 0; // control the location

VaR ilengthinput = 0; // store the string length

VaR scheckinginput = ""; // characters being detected

VaR sreplaceinput = ""; // Replace the character

VaR shavecheckinput = ""; // detected characters

VaR objinput; // stores the input object;

VaR objtextarea; // stores textarea objects

VaR icontroltextarea = 0;

VaR ilocationtextarea = 0;

VaR ilengthtextarea = 0;

VaR scheckingtextarea = "";

VaR sreplacetextarea = "";

VaR shavechecktextarea = "";

// Check single quotes in text and password objects on the page

For (I = 0; I <document. All. Tags ('input'). length; I ++ ){

Objinput = Document. All. Tags ('input') [I];

If (objinput. type = 'text' | objinput. type = 'Password '){

Sneedcheckinput = obj. value;

Ilengthinput = sneedcheckinput. length;

For (iControl = 0; iControl <ilength; iControl ++ ){

Scheckinginput = sneedcheckinput. charat (iControl );

If (scheckinginput = "'")

Sreplaceinput = "''";

Else

Sreplaceinput = scheckinginput;

Shavecheckinput = shavecheckinput + sreplaceinput;

}

}

Objinput. value = shavecheckinput;

}

// Check single quotes in the textarea object on the page

For (I = 0; I <document. All. Tags ('textarea '). length; I ++ ){

Objtextarea = Document. All. Tags ('textarea ') [I];

If (objtextarea. type = 'text' | objtextarea. type = 'Password '){

Sneedchecktextarea = obj. value;

Ilengthtextarea = sneedchecktextarea. length;

For (iControl = 0; iControl <ilength; iControl ++ ){

Scheckingtextarea = sneedchecktextarea. charat (iControl );

If (scheckingtextarea = "'")

Sreplacetextarea = "''";

Else

Sreplacetextarea = scheckingtextarea;

Shavechecktextarea = shavechecktextarea +

Sreplacetextarea;

}

}

Objtextarea. value = shavechecktextarea;

}

}

</SCRIPT>

Iii. Improved system performance and code specifications:

1. on the ASP page, all objects created using creageobject () (such as COM and recordset) should be released at the end of the page:

Set object variable name = nothing

2. When the database is not used after it is opened (usually at the end of this page), you need to close the connection;

3. for SQL statements and stored procedures, try to avoid using * to retrieve all fields. For ease of coding, all SQL keywords must be in upper case and the fields must be in lower case.

For example:

Select name, age, birthday, telephone, address from schoolfellow. Address where name = 'xxxx' order by birthday DESC

4. all attribute values on the ASP page should be enclosed in double quotation marks as much as possible, especially values with attribute values. Do not remove double quotation marks because of time saving. (although some values can be removed, the program will not see errors, however, removing double quotation marks in some places will lead to more trouble .)

For example:

<Input type = "text" id = "classid" name = "classid" value = "<% = sclassid %>">

In this example, if the single quotation mark of the value property value is removed, if the value in the database has spaces, there are values after spaces, and the result shows only the content before spaces, the subsequent content will be lost. This is only one of the cases. There are many other unknown cases.

5. pairing tags: For tags such as <A> </a>, check whether the matching BITs have an ending sign.

6. to enter a string and use an SQL statement, you must use single quotes to call/include/checkq. two methods in ASP (one is client processing, and the other is server processing, which can be called as needed. In most cases, the server is used for processing where security requirements are high .) .

7. To improve security, you can use ASP to write code and run it on the server to prevent users from seeing the code.

8. for areas with high security requirements, we recommend that you use a three-tier structure: use VB or Delphi to write the commercial logic layer code (COM), and try to encapsulate the database connection part into the component to improve security performance, communicate with the database through components.

9. For website security, good fracture scanning software should be used to check the open fracture of the website and close the unsafe fracture.

4. develop the habit of writing development documents:

For each page design (front-page, back-to-page), including function description, page design, Page name, storage location, and so on, corresponding documents should be recorded. The original part (comment or backup) needs to be retained for the location where the backup file is stored, the Change Time, And the modifier.

For the program part, there should be a corresponding design process. During the change, you also need to design the change flowchart for later comparison, and find the problem location, as well as the problem severity analysis.