Design-related implementation techniques
1, the design of the typical data table
In the receiving document management system, any in-receipt or dispatch file corresponds to a default process (already defined beforehand), the file follows the steps specified in the process to flow down successively. Take a process as an example: in-place registration-〉 director proposed-〉 led the 批办-〉 Office of the contractor-〉 filed. In order to track the file in real time, monitor its flow in time, or examine the details of the processing at some stages, this requires us to provide two important data tables, GW_MRLC and datasheets in the system for GW_CLLC data tables.
Among them, GW_MRLC (WDLX,LCMC,RY,XH,CLM,CLR) records the information of each default process used in the system. WDLX refers to the document type, in receipt or dispatch; LCMC refers to the process name; Ry refers to the person who defines the default process; XH the sequence number of each step in the default process, it has a size, and a small one indicates that the step is preceded by the system; CLM the names of the steps in the default process The CLR corresponds to the handlers for the steps in the default process.
GW_MRLC only records information for each process, and GW_CLLC (LXH,LCMC,XH,CLR,JBRQ,CLRQ,CLYJ,ZT,WJM) is required to track the execution of the file in the process. For arbitrary documents in the system will have their own unique process and the corresponding, Lxh recorded the sequence number of the process; lcmc,xh,clr as defined above, JBRQ,CLRQ,CLYJ,ZT,WJM are for each processing step of the sequence number XH in the process, JBRQ refers to the date at which the previous step was processed and the date at which the current step was processed; Clrq refers to the processing of the current step; ZT refers to the processing state of the current step, processed or not processed, to facilitate real-time tracking of the file WJM records the contents of the document and the changes of the document in the process of circulation, and can be realized through the file uploading function.
2. Use Session for login verification
The ASP code uses the form to implement the interaction, and the corresponding content is reflected in the browser's address bar, if you do not take the appropriate security measures, as long as you write down the content, you can bypass the validation directly into a page. For example, typing "... xx.asp?flag=1" in the browser allows you to go directly to the page that satisfies the "flag=1" condition without the form page.
To prevent unregistered users from bypassing the registration interface directly into the application system, we use the Session object for registration verification. For example, we made the following registration page.
<% ' Read the user login information
Luser=ltrim (Request ("User"))
' Verify that the account number and password are correct
If Luser=rs ("userid") and lpass= rs ("password") then
Session ("Sysuser") =luser ' use Session object for user logon authentication
Response.Write "Your input is not correct!" ”
On other Web pages in the application system, the first step is to validate the session object. If you do not pass the user login interface, then session ("Sysuser") is null value, you will not be able to use the system to provide any function, unless you are legitimate users, so as to a certain extent to ensure the security of the system. The validation code is as follows:
If session ("sysuser") = "" Then
Response.Write ("Sorry, you haven't <a Href=".) /login.asp ' target= ' _top ' > login </a>. ")
3, the ASP page encryption
To effectively prevent the ASP source code leakage, you can encrypt the ASP page. We have used two methods to encrypt an ASP page. One is to encapsulate programming logic into DLLs using component technology, and the other is to encrypt ASP pages using Microsoft's Scriptencoder. The main problem with component technology is that each piece of code needs to be modular, the operation is more cumbersome, the workload is large, and using encoder to encrypt ASP pages, simple operation, good results.
The Scriptencoder Run program is SCRENC.EXE, using the following methods:
Screnc [/s][/f][/xl][/ldeflanguage][/edefextention]inputfile outputfile
Where:/s is screened screen output,/f Specifies whether the output file overwrites the input file with the same name,/XL whether to add the @language directive at the top of the. asp file,/ldeflanguage specify the default scripting language,/edefextention Specify the extension of the file to be encrypted.
4, the use of stored procedures
Using stored procedures can not only improve query speed, but also guarantee the integrity of the transaction. In this system, each file corresponds to a unique serial number, when a new file to be stored in the flow number will automatically add one. As all users are online, then two files at the same time in the storage of the situation may occur, in order to ensure the uniqueness of the serial number, it requires the "water number" and "Flow number plus one" as a business to complete. ASP calling stored procedures is more complex than calling SQL statements, you must use the command objects in the ADO component as follows:
Create an ADO Command object with the CommandText property as the stored procedure name and the CommandType property of 4 to indicate that the command is calling a stored procedure to create parameters for the Command object.
With the command object. The CreateParameter (parameter name, type, direction, length) command creates the input and output parameters corresponding to the stored procedure.
With the command object. Parameters (parameter name). The value= parameter Value command assigns a value to the input parameter.
With the command object. The parameters.append parameter name command adds individual parameters to the Parameters collection of the Command object.
"Command object. Execute executes the stored procedure.
"Variable name = Command object." Parameters (output parameter name). Value "Gets the output parameter value.
The realization of the transceiver management system based on B/S mode will undoubtedly make the traditional manual-oriented office methods and office means to the scientific, standardized, efficient and information transformation. Can be expected, with the increase in office information and information level, electronic office will be the future of office development direction.