3. Differences between website and webapplication.
1) After the webapplication is compiled and run, you modify the C # code in the background. When you refresh the webpage, the content will not change. Re-compile dizzy, the content will change.
Website website. You can modify the C # code in the background, refresh the page, and the content will change. You do not need to close the browser.
2) The website does not have a namespace, And the webapplication has a namespace.
Therefore, it is better to use website for learning and webapplication for starting a project.
4. ASP. NET development based on the ashx method 1
. Aspx development, Microsoft has encapsulated a lot of functions for you, so you can easily develop them .. Ashx is the most primitive development and basic web development. Only develop based on HTTP protocol.
The input URL and the form submitted on the webpage are requests from the browser to the server. After the server finishes processing the request, it must return the processing result to the browser. This is called response.
Do not look at what you input in. aspx. After processing your input, it outputs the items before the input, in addition to the output results. He recorded these items and output them again. Like:
A written HTML page is read physically to process user input, output the processing result to a custom HTML sign that can be replaced, and output the result in other unchanged HTML fields.
Originally response. Write ("A"), then response. Write ("B"), output AB, And the last response. Write will not overwrite the previous one.
5. ASP. NET's ispostback secret
For the purpose of the request, the returned content is the same. The page is saved as an HTML template text. The template contains some placeholders to be filled in. When you first enter the page, you can directly access ashx and read the HTML template, set the placeholder to be filled in to null and output it to the browser.
To identify whether to enter the page directly for the first time or click Submit to enter the page, add a hidden field to form: <input type = "hidden" name = "ispostback" value = "true"/>. If you can read ispostback = true from the request, it means you click submit and enter ashx again, otherwise, it is the first time you enter ashx. Ispostback is a flag.
6. Differences between get and post
You can set the Form submission method. Get is URL transmission, and post is hidden in HTTP message transmission. The number of GET requests is limited, and the number of post requests is unlimited. Therefore, you can use post to transmit files.
If post is used for transmission, click the browser to refresh and a prompt for resubmit will be displayed. Refresh means repeat the last submitted content.
What are the parameters passed by get after the Server File Name? Flag. You can submit multiple key-value pairs and use & for style between them. If the URL contains Chinese characters or other symbols, the URL must be encoded.
The form field is submitted to the server only when the name is set.
7, 8, 9, 11, 12, 13, 14
Input auto-increment and Div auto-increment. The input text itself submits data to the server through a form, the server performs incremental processing, and then returns the input text to the client.
Div auto-increment. First, the user requests the page,
The value of input hidden value is a placeholder. Based on the ispostback field (in fact, the value of submit can also be used), the server determines whether to enter the page for the first time or send back. If this is the first time you enter the page, initialize the input hidden value to 0. In this case, click Submit to submit the form, increase the input hidden value, and return it to the client.
That is to say, input text can be auto-incrementing without input hidden, while Div can auto-incrementing only with input hidden. This inpt hidden is the viewstate of ASP. NET.
Viewstatedecoder2 can be used to decode the viewstate of ASP. NET pages.
15 use cookies in ASP. NET
Each request is a brand new request, which limits many interactive functions. Therefore, a cookie appears, similar to a person's medical records. Key/value of cookie key-value data, stored in JSON format for complex data; scope, different domain names, corresponding to different scopes, a. B .com and c. B .com are different domains, optimized, for images on the same web page, CSS and JS scripts, it is best to put them in different domains, which will reduce the request size. The expiration time is used to delete cookies.
For more information about cookies, see http://www.cnblogs.com/fish-li/archive/2011/07/03/2096903.html
16 ASP. NET session Principle
First, the server has a global dictionary variable used to store keys and values. The value type is object. Generates a guid for each visitor and writes the cookie to the visitor. For the second visit, the visitor performs special processing based on his guid.
Memory is occupied because it is global. It can store complex data and relatively private data.
, Verification code case description
On the user's first request page, the server uses code to generate an image with four digits, which are written into the session. The user enters four numbers and submits them to the server and session for comparison. If the number is the same, the user processes the data. If the number is different, the user also processes the data.
The verification code is used to prevent brute-force cracking.
21, 22http
Connection, request, and response.
The browser sends a connection to the server. The connection is the data transmission channel between the browser and the server. when the request is complete, the connection is closed.
Requests include get, post, and HTTP; data compression method, Gzip or deflate; languages supported by the browser, such as Chinese or English; whether to keep the connection; cookie; browser version information;
The response is sent by the server to the browser. Including response code, 200 OK, 403 forbidden access, 404 page not found, 503 too many visitors; server type; returned data type, image, CSS, JS or binary file, HTML; the length of the data content;
XSS Vulnerability
Data submitted by the user is not verified and converted to secure data. Allows the user to execute his own scripts.