ASP in-depth encryption (I)

I. Basic ASP knowledge

1. asp is short for Active Server Pages and is an interpreted script language environment;
2. To run ASP, Windows OS is required. PWS must be installed in 9x, and Internet Information Server (IIS) must be installed in NT/2000/XP );
3. The ASP and JSP script labels are "<%>", and PHP can be set to multiple;
4. The ASP annotator is "'".
5. Use additional components to extend ASP functions.

Example:

Helloworld_1.asp
<% = "Hello, world" %>

Effect:
Hello, world

Helloworld_2.asp
<%
For I = 1 to 10
Response. Write "Hello, world"
Next
%>

Effect:
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world
Hello, world

Note: ASP is case-insensitive. variables can be easily converted without definition. syntax check is loose.

Ii. Use of ASP built-in objects:

You can use any of the following ASP built-in objects without having to declare them in ASP scripts.

1. Request:

Definition: This object can be used to access the request information sent from a browser to the server.

Set:
Cookies: The value containing the browser cookies
Form: contains values in HTML form fields.
Querystring: the value that contains the query string.
Servervariables: contains values in the header and environment variables.

Example:

Request_url.asp
<%
'Get user input and store the variable
User_id = request. querystring ("user_id ")
User_name = request. querystring ("user_name ")

'Determine whether user input is correct
If user_id = "" then
Response. Write "user_id is null, please check it"
Response. End
End if
If user_name = "" then
Response. Write "user_name is null, please check it"
Response. End
End if

'Print the variable
Response. Write user_id & "<br>"
Response. Write user_name
%>

Effect:
When accessing http: // 10.1.43.238/Course/request_url.asp? User_name = J:
User_id is null, please check it
When accessing http: // 10.1.43.238/Course/request_url.asp? User_name = J & user_id = my_id:
My_id
J

Thinking: How do variables be transmitted in URLs and obtained by ASP pages?

Request_form.htm
<Style type = "text/CSS">
<! --
. Input {background-color: # ffffff; border-bottom: Black 1px solid; border-left: Black 1px solid; border-Right: Black 1px solid; border-top: black 1px solid; color: #000000; font-family: Georgia; font-size: 9pt; color: midnightblue ;}
A: link {color: # 1b629c; text-Decoration: None}
A: hover {color: # ff6600; text-Decoration: underline}
A: visited {text-Decoration: None}
-->
</Style>

<Center>
<Form name = "Course" Action = "request_form.asp" method = "Post">
User_id: <input type = "text" name = "user_id" maxlength = "20" class = "input"> <br>
User_name: <input type = "text" name = "user_name" maxlength = "30" class = "input">
</Form>
<Br>
<A href = "javascript: Document. Course. Submit ();"> submit </a>
</Center>

Request_form.asp
<%
'Get user input and store the variable
User_id = request. Form ("user_id ")
User_name = request. Form ("user_name ")

'Determine whether user input is correct
If user_id = "" then
Response. Write "user_id is null, please check it"
Response. End
End if
If user_name = "" then
Response. Write "user_name is null, please check it"
Response. End
End if

'Print the variable
Response. Write user_id & "<br>"
Response. Write user_name
%>

Note: The action of form points to request_form.asp and request_url.asp inSource code?

2. Response:

Definition: used to send a message back to the browser. This object can be used to send an output from the script to the browser.

Set:
Cookies: Add a cookie to the browser.

Method:
End: End Script Processing
Redirect: directs the browser to a new page.
Write: Send a string to the browser

Attribute:
Buffer: cache an ASP
Cachecontrol: the cache is controlled by the proxy server.
Contenttype: specifies the content type of the response.
Expires: the browser uses relative time to control the cache.
Expiresabsolute: the browser uses absolute time to control the cache.

Example:

Response_redirect.asp
<%
'Go to Google.
Response. Redirect "http://www2.google.com ";
Response. End
%>

Response_cookies.asp
<%
'Set and read cookies
Response. Cookies ("time_now") = now ()
Response. Write Request. Cookies ("time_now ")
%>

Effect:
When you access http: // 10.1.43.238/Course/response_cookies.asp:
2002-9-1 16:20:40

Response_buffer.asp
<% 'Response. Buffer = true %>
<A href = "A"> A </a>
<% Response. Redirect "request_form.htm" %>

Effect:
①. An error occurred while accessing this page when the buffer function of IIS is disabled
A
Incorrect reply object 'asp 0156: 66661'
Header error
/Course/response_buffer.asp, Row 3
The HTTP header has been written to the client browser. Any HTTP header must be modified before the page content is written.
②. When the buffer function of IIS is disabled and the comment on the first line of the file is removed, the page redirection is successful.
③ When the buffer function of IIS is enabled, page redirection is successful no matter whether or not the comment on the first line of the file is removed.

3. Server

Definition: You can use different entity functions on the server. For example, you can control the script execution time before the time arrives. You can also create other objects.

Method:
Createobject: Create an object instance
Htmlencode: converts a string to a special HTML character.
Mappath: converts a virtual path to a physical path.
Urlencode: converts a string into a URL encoded string.
Scripttimeout: the number of seconds that a script can run before it is terminated

Example:

Server_htmlencode.asp
<%
'Html encode
Response. Write server.html encode ("A" "time_now ")
%>

Effect:
A "time_now
Displayed as a "time_now" when viewing the source file

Think: Why is it not a "" time_now? What happened to the source file?

Server_mappath.asp
<%
'Mapath
Response. Write server. mappath ("server_mappath.asp ")
%>

Effect:
G: \ asp_www \ test \ course \ server_mappath.asp

Thinking: how to get the actual path of the site root directory? How do I obtain the actual path of a directory?

Server_urlencode.asp
<%
'Url encode
Response. Write server. urlencode ("A \ time_now ")
%>

Effect:
A % 5 ctime % 5 fnow

4. Application

Definition: used to store and read user-shared applicationsProgramInformation. If you can use this object to transmit information between users on the website, the information is lost after the server is restarted.

Method:
Lock: prevents other users from accessing the application set.
Unlock: allows other users to access the application set.

Event:
Onend: triggered by terminating the network server and changing the global. Asa file.
Onstart: triggered by the application's first request for a webpage

Example:

Application_counter.asp
<%
'A simple counter created using the application
Application. Lock
Application ("clicks") = Application ("clicks") 1
Application. Unlock

Response. Write "you are the first guest on this site" & Application ("clicks! "
Response. Write "<br> you are from" & request. servervariables ("remote_addr ")
%>

Effect:
You are the site's 1st guest!

You are from 10.1.43.238

Thinking: what is the role of lock and unlock in this example?

5. Session

Definition: stores and reads the conversation information of a specific user. For example, you can store the Website access information, and the information is lost after the server is restarted.

Method:
Abandon: ends a user session after processing the current page.

Attribute:
Timeout: user session duration (minutes)

Event:
Onend: Beyond the Session Timeout time, the user no longer applies for a page to trigger this event
Onstart: triggered when a user applies for a webpage for the first time.

Example:

Session_counter.asp
<%
'A simple counter created using session
Session ("clicks") = SESSION ("clicks") 1

Response. Write "you are the first guest on this site" & SESSION ("clicks! "
Response. Write "<br> you are from" & request. servervariables ("remote_addr ")
%>

Effect:
You are the site's 1st guest!

You are from 10.1.43.238

Thinking: since both sessions and applications can count, what is the difference between them? If you want to achieve full 100, how can we re-start counting?

3. Use ASP to operate databases:

1. What is the difference between using ODBC or OLE connection?

There are two ways to connect to the database. On the one hand, you can use ODBC to generate a connection that is compatible with any database with an ODBC drive (that is, basically all databases on the market); on the other hand, you can use the original ole db provider to create a connection.

Which provider should I use? Use the original ole db Provider whenever possible because it provides more effective access to data. Microsoft is gradually replacing the ODBC standard with ole db, and ODBC should be used only when there is no original ole db Provider.

(1). Use ODBC to connect to SQL Server:
1. Configure ODBC
②. ConnectionCode:
Conn_odbc.asp
<%
Set conn = server. Createobject ("ADODB. Connection ")
'Conn. Open "DSN = course_dsn; uid = course_user; Pwd = course_password; database = course"
Conn. Open "course_dsn", "course_user", "course_password"
%>
Note: When configuring mydsn, If you specify the default database as course, the above Code works the same way. Otherwise, the connection method in the second row is more flexible. You can specify a connection to a database (of course, the premise is that course_user has operation permission on this database ).

(2). Use OLE to connect to SQL Server:
Conn_ole.asp
<%
Set conn = server. Createobject ("ADODB. Connection ")
Conn. Open "provider = sqloledb; Data Source = 10.1.43.238, 2433; uid = course_user; Pwd = course_password; database = course"
%>

2. operate databases: Connection and recordset

Use connection and recordset together to operate the database, or use connection only to operate the database.

Example:

(1). Joint Use of connection and recordset to operate databases

Use_db_1.asp
<%
Set conn = server. Createobject ("ADODB. Connection") 'create an object to connect to the database
Conn. Open "course_dsn", "course_user", "course_password" 'use this object to connect to the database
Set rs = server. Createobject ("ADODB. recordset") 'creates a record set object
Rs. Open "select * From user_info", Conn, 'use record set object to open the database
If Rs. recordcount> 0 then' has a record
Response. Write "user_id user_name <br>"
For I = 1 to Rs. recordcount 'read all records cyclically
Response. Write RS ("ID") & "& RS (" user_name ") &" <br>"
'Output record fields to the browser
Rs. movenext the pointer moves down a row.
If Rs. EOF then exit for 'exit the loop if it reaches the bottom of the record set
Next
End if
%>

Effect:
User_id user_name
1 ahyi
3 Test

(2). Only use connection to operate the database:

Use_db_2.asp
<%
Set conn = server. Createobject ("ADODB. Connection") 'create an object to connect to the database
Conn. Open "course_dsn", "course_user", "course_password" 'use this object to connect to the database
Conn.exe cute "delete from user_info"
%>

Effect:
All data in the user_info table is deleted.

Thinking: There are two ways to get rid of it? /P>

3. How to Use transaction processing, stored procedures, and views?

(1). Use stored procedures

1. Define the Stored Procedure

Create procedure [output_1]
@ Sid int output
As
Set @ SID = 2

Create procedure [return_1]
(@ User_name varchar (40), @ password varchar (20 ))
As
If exists (select ID from user_info where user_name = @ user_name and Password = @ password)
Return 1
Else
Return 0

Create procedure [user_info_1]
(@ User_name varchar (40), @ password varchar (20 ))
As
Select ID from user_info where user_name = @ user_name and Password = @ Password

Create procedure [user_info_2]
(@ User_name varchar (40), @ password varchar (20 ))
As
Set xact_abort on
Begin transaction
Delete from user_info where user_name = @ user_name and Password = @ Password
Commit transaction
Set xact_abort off

Create procedure [user_info_3]
Select * From user_info

②. Call in ASP

Use_proc.asp
<! -- # Include virtual = "/adovbs. Inc" -->
<%
Set conn = server. Createobject ("ADODB. Connection ")
Conn. Open "course_dsn", "course_user", "course_password"

'use recordset to call a stored procedure with two input parameters and a returned record set
'create procedure [user_info_1]
'(@ user_name varchar (40 ), @ password varchar (20)
'as
'select ID from user_info where user_name = @ user_name and Password = @ password
response. write "common call method:
"
set rs = server. createobject ("ADODB. recordset ")
SQL =" user_info_1 '"& request. querystring ("user_name") & "','" & request. querystring ("password") & "'"
Rs. open SQL, Conn, 1, 1
response. write RS ("ID") & "
"
Rs. close

'Use recordset to call the stored procedure of a record set without any input parameter. You can use attributes such as recordcount.
'Create procedure [user_info_3]
'Select * From user_info
Response. Write "<br> return the record set. You can use attributes such as recordcount :"
SQL = "Exec user_info_3"
Rs. Open SQL, Conn, 1, 1
For I = 1 to Rs. recordcount
Response. Write "<br>" & RS ("user_name ")
Rs. movenext
Next
Rs. Close
Set rs = nothing

'Use command to call the stored procedure with output parameters
'Create procedure [output_1]
'@ Sid int output
'As
'Set @ SID = 2
Response. Write "<br> call the stored procedure with output parameters: <br>"
Set cmd = server. Createobject ("ADODB. Command ")
Cmd. activeconnection = Conn
Cmd. commandtext = "output_1"
Cmd. Parameters. append cmd. createparameter ("@ Sid", adinteger, adparamoutput)
CMD ("@ Sid") = 10
Cmd.exe cute ()
Bbb = cmd ("@ Sid ")
Response. Write BBB & "<br>"
Set cmd = nothing

'Use command to call a stored procedure with two input parameters and return values
'Create procedure [return_1]
'(@ User_name varchar (40 ))
'As
'If exists (select ID from user_info where user_name = @ user_name)
'Return 1
'Else
'Return 0
Response. Write "<br> call a stored procedure with two input parameters and return values: <br>"
Set cmd = server. Createobject ("ADODB. Command ")
Cmd. activeconnection = Conn
Cmd. commandtype = adcmdstoredproc
Cmd. commandtext = "return_1"
Cmd. Parameters. append cmd. createparameter ("@ return_value", adinteger, adparamreturnvalue)
Cmd. Parameters. append cmd. createparameter ("@ user_name", advarchar, adparaminput, 40)
Cmd. Parameters. append cmd. createparameter ("@ password", advarchar, adparaminput, 20)
CMD ("@ user_name") = "tuth"
CMD ("@ password") = "yyuyu"
Cmd.exe cute ()
RRR = cmd ("@ return_value ")
Response. Write RRR
Set cmd = nothing

Conn. Close
Set conn = nothing
%>

Effect:
Access http: // 10.1.43.238/Course/use_proc.asp? When user_name = ahyi & Password = TTT, the following error occurs:

Common call method:
12

Returns a record set. You can use attributes such as recordcount:
Ahyi
Tet
Tuth

Call the stored procedure with output parameters:
2

Call a stored procedure with two input parameters and return values:
1

Note: If the stored procedure has no parameters, the called SQL statement is the stored procedure name. One parameter is the stored procedure name parameter. If multiple parameters exist, "Stored Procedure name parameter 1, parameter 2 ,......, Parameter n ". If exec is added to an SQL statement, you can use attributes such as recordcount in the returned record set. If you want to obtain the return value or output parameters of a stored procedure, you can use the command object.

(2) Use Transaction Processing

① ASP embedded transaction support

Example:
Use_transaction_1.asp
<%
'Use transactions in ASP
Set conn = server. Createobject ("ADODB. Connection ")
Conn. Open "course_dsn", "course_user", "course_password"
Conn. begintrans 'Start the transaction

SQL = "delete from user_info"
Set rs = server. Createobject ("ADODB. recordset ")
Rs. Open SQL, Conn, 3, 3
If conn. errors. Count> 0 then 'has an error
Conn. rollbacktrans roll back
Set rs = nothing
Conn. Close
Set conn = nothing
Response. Write "transaction failed, rolled back to the status before modification! "
Response. End
Else
Conn. committrans 'commit a transaction
Set rs = nothing
Conn. Close
Set conn = nothing
Response. Write "transaction successful! "
Response. End
End if
%>

2. Database-level transactions

I. Create a stored procedure

Create procedure [user_info_2]
(@ User_name varchar (40), @ password varchar (20 ))
As
Set xact_abort on
Begin transaction
Delete from user_info where user_name = @ user_name and Password = @ Password
Commit transaction
Set xact_abort off

Ii. Calling in ASP

Use_transaction_2.asp
<%
Set conn = server. Createobject ("ADODB. Connection ")
Conn. Open "course_dsn", "course_user", "course_password"

SQL = "user_info_2 '" & request. querystring ("user_name") & "', '" & request. querystring ("password ")&"'"

Set rs = server. Createobject ("ADODB. recordset ")
Rs. Open SQL, Conn, 1, 1
Set rs = nothing
Conn. Close
Set conn = nothing
%>

Discussion: What are the advantages and disadvantages of the two methods?

(3) Use View
After the view is defined in the database, the view is used in ASP just like a table.

4. An example of database Paging

Db_page.asp
<%
On Error resume next
Set conn = server. Createobject ("ADODB. Connection") 'create an object to connect to the database
Conn. Open "course_dsn", "course_user", "course_password" 'use this object to connect to the database
Set rs = server. Createobject ("ADODB. recordset ")
SQL = "select * From user_info order by ID DESC"
Rs. Open SQL, Conn, 1, 1

If RS. recordcount> 0 then' if there is a record
Rs. pagesize = 2' a maximum of two records can be displayed on each page
'obtain the current page from the URL
page = CINT (Request ("page "))
'page parameter Exception Handling
If page = "" Then page = 1
If page <1 then page = 1
If page> = Rs. pagecount then page = Rs. pagecount
Rs. absolutepage = page the current page is the page specified by the page parameter
for I = 1 to Rs. pagesize: displays records on the current page cyclically based on the size of the pagesize parameter
response. write "user_id:" & RS ("ID") & "
"
response. write "user_name:" & RS ("user_name") & "
"
Rs. movenext 'records pointer down
If RS. EOF then exit for 'exit the loop if it reaches the bottom of the record set
next
end if

'Display flip button
If page> 1 then
Response. Write "<a href =" & request. servervariables ("document_name ")&"? Page = 1> page 1 </a>"
Response. Write "<a href =" & request. servervariables ("document_name ")&"? Page = "& (page-1) &"> previous page </a>"
End if
If page <> Rs. pagecount then
Response. Write "<a href =" & request. servervariables ("document_name ")&"? Page = "& (page 1) &"> next page </a>"
Response. Write "<a href =" & request. servervariables ("document_name ")&"? Page = "& Rs. pagecount &"> last page </a>"
End if
Response. Write "page number:" & page & "/" & Rs. pagecount

'Close the object and release the memory.
Rs. Close
Set rs = nothing
Conn. Close
Set conn = nothing
%>

Thinking: what additional attributes are used in the paging process?