ASP

81K

Solutions

31K

Contributors

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

Share tech news, updates, or what's on your mind.

Sign up to Post

Leaving sensitive information (like passwords) in clear text scripts is never a good practice, though it's sometimes unavoidable. This set of VBScript functions can be used to obscure critical information making it at least a little more difficult for curious eyes (or worse) to see.
1
LVL 98

Author Comment

by:Lee W, MVP
Comment Utility
0
LVL 60

Expert Comment

by:McKnife
Comment Utility
Things that need elevation will not work that way unless UAC is off, or you use the built-in administrator, Lee, because for that account, UAC is off.  I wouldn't recommend to use it for this purpose for another reason: startup scripts or immediate tasks do the same much easier.
0
Cloud Class® Course: Python 3 Fundamentals
LVL 12
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

There is a wide range of advantages associated with the use of ASP.NET. This is why this programming framework is used to create excellent enterprise-class websites, technologies, and web applications.
0
LVL 56

Expert Comment

by:Ryan Chong
Comment Utility
cool keep it on! perhaps you can also mention items such as:

1. how to getting started to learn asp.net
2. integration with other systems
3. the trends of future development of asp.net such as using .net core in which now we can run aspx pages in OS such as Mac and Linux, which become truly one of the cross platform programming languages
0

This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/Languages/Scripting/ASP/Q_28641013.html. The Asker was originally trying to find a way to eliminate the scenario where his users are staring at the screen thinking and writing only to click the submit button and find out that they were logged out and their updates are lost.


I know many people may try adjusting the script timeout or the session timeout only to find this does not work as expected. The reason is they forget about the idle timeout that is set to the default of 5 minutes in IIS: https://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx


Simply adjusting the idle timeout to something longer coupled with adjusting your session.timeout=60 (for 60 minutes) is not the best solution. Session variables can be reset if the app pool recycles or crashes: http://weblogs.asp.net/owscott/why-is-the-iis-default-app-pool-recycle-set-to-1740-minutes


An alternative is to issue a new and unique token at each log in. Then set a cookie using the generated token as well as storing the token in a user table in your database. On each page load, look up the cookie with the token, and look for a match in the user login table. If a match is found, test if the expiration date is valid. When everything checks out, give access to the page.


I have created a more detailed sample using this process that also allows for user levels. This demonstration is intended to show the process and is not meant to be a production-ready login system.


I am using MSSQL SERVER 2012 with two tables and one view. The first table is a users table where I am storing the user's name, email, hashed password and user level.


The second table is the login transaction table where I store the tokens with a user id, the token expiration, the IP used to log in and and the timestamp of the log in. I have the field LoggedTimeStamp set to the current date/time using getdate().


The view of logged in users selects rows of data from the Log In Trans table where the TokenExpires is greater than the current timestamp and the token field is not blank.

CREATE TABLE [dbo].[ee_tUsers](
                                            [ID] [int] IDENTITY(1,1) NOT NULL,
                                            [FirstName] [nvarchar](50) NULL,
                                            [LastName] [nvarchar](50) NULL,
                                            [Email] [nvarchar](150) NULL,
                                            [UserName] [nvarchar](50) NULL,
                                            [Password] [nvarchar](350) NULL,
                                            [UserLevel] [nvarchar](50) NULL
                                        ) ON [PRIMARY]
                                        
                                        CREATE TABLE [dbo].[ee_tLoginTrans](
                                            [ID] [int] IDENTITY(1,1) NOT NULL,
                                            [UserID] [int] NULL,
                                            [UserName] [nvarchar](50) NULL,
                                            [Token] [nvarchar](350) NULL,
                                            [TokenExpires] [datetime] NULL,
                                            [LoggedIP] [nvarchar](50) NULL,
                                            [LoggedTimeStamp] [datetime] NULL,
                                        ) ON [PRIMARY]
                                        
                                        
                                        CREATE VIEW [dbo].[ee_vLoggedInUsers]
                                        AS
                                        SELECT 
                                            dbo.ee_tLoginTrans.UserID, dbo.ee_tLoginTrans.UserName, dbo.ee_tLoginTrans.Token,         dbo.ee_tLoginTrans.TokenExpires, dbo.ee_tLoginTrans.LoggedIP, dbo.ee_tLoginTrans.LoggedTimeStamp, dbo.ee_tUsers.UserLevel
                                        
                                        FROM 
                                            dbo.ee_tUsers RIGHT OUTER JOIN
                                            dbo.ee_tLoginTrans ON dbo.ee_tUsers.ID = dbo.ee_tLoginTrans.UserID
                                        
                                        WHERE
                                            (dbo.ee_tLoginTrans.TokenExpires > GETDATE()) AND (dbo.ee_tLoginTrans.Token <> N'')
                                            



A side benefit of using a log in transaction table like this is you can run a report of who logged in with the time stamp and IP.  You can also view the current list of logged in users and if you like, remove their token and thus logging them out.


The three flow charts below shows the process of logging in, creating the token and testing authentication on each page.


Login.jpg


Login2.jpg


Login3.jpgThe file structure I am using in this demo uses an includes folder where I have a config.asp, functions.asp and nav.asp.


The config.asp is used to store my database connection and other variables such as the amount of time to be logged in and a secret key used in the hashing functions.


The Functions.asp is used to store functions I will use on multiple pages such as sha256, setting passwords, setting the token, looking up the token.


The nav.asp are the navigation links.


The first step is to create the two tables and view. Make sure the LoggedTimeStamp field in the ee_tLoginTrans table will default to the current date/time.


You will have to make some adjustments in your code. For my own testing, I have placed the files in a sub folder of one of my domains and you may see code to include a file like . It is important you adjust the path to where you actually store the files. If your includes folder is at the top level of the site, then change to . Note that I could have simply used but purposely didn't. In order to use that method, you would need to have parent paths turned on in IIS and that is a security risk. I see a lot of videos and tutorials demonstrating how to turn parent paths off because it is easier to migrate your old code, but don't do this.


Next, add the pages that will go on the main level


INDEX.ASP

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
                                        <!--#include virtual="/ee/login/includes/config.asp" -->
                                        <!--#include virtual="/ee/login/includes/functions.asp" -->
                                        <%
                                        if request.form("username")<>"" then
                                        dim cmd,rs
                                        	Set cmd = Server.CreateObject ("ADODB.Command")
                                        	cmd.ActiveConnection = conEE
                                        	cmd.CommandText = "SELECT ID, UserName,UserLevel, Password FROM dbo.ee_tUsers WHERE Username = ?" 
                                        	cmd.Parameters.Append cmd.CreateParameter("username", 202, 1, 350, request.form("username")) 'string
                                        	cmd.Prepared = true
                                        	Set rs = cmd.Execute
                                        		
                                        		if not rs.eof then
                                        			if passwordHash(request.form("username"),request.form("password"))=rs("password") then 'the hash's match
                                        		
                                        			
                                        				setToken rs("ID"),rs("UserName") ' function to set username
                                        				redirectLoginLevel rs("UserLevel") ' function to redirect
                                        				
                                        			end if
                                        		end if
                                        
                                        	rs.Close()
                                        	Set rs = Nothing
                                        	
                                        end if
                                        %>
                                        <!DOCTYPE HTML>
                                        <html>
                                        <head>
                                        <link rel="stylesheet" type="text/css" href="style.css">
                                        <meta charset="UTF-8">
                                        <title>Log In</title>
                                        </head>
                                        
                                        <body>
                                        
                                        <div id="login">
                                        <h1>Log In</h1>
                                        <form method="post" action="" autocomplete="off">
                                        	<input name="username" placeholder="Username">
                                            <input name="password" type="password" placeholder="Password">
                                            <button type="submit">Submit</button>
                                        </form>
                                        </div>
                                        </body>
                                        </html>


ADMIN.ASP

5
LVL 55

Author Comment

by:Scott Fell, EE MVE
Comment Utility
I'm glad you have it working
0

Expert Comment

by:fskilnik
Comment Utility
Hi there, Scott!

I received an automatic e-mail when this article was "activated". Now I realize I have never come back to give a feedback... I am sorry!

I implemented your great ideas many many years ago and the token is still being used on a daily basis! It never gave ANY trouble. NEVER!

All the best!
Fabio.

P.S.; I am glad sadrobotx could solve the problem!
1
I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference:

Let's make the introductions...

Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interaction and server-side processing; this model is complementary to serving static web pages like well-known ".htm" files which mainly have fixed content, and opens a whole new world of possibilities in the web area. The ASP page have a mixed content of HTML and server-side VBScript (all in a single file).

Microsoft included ASP technology in every Windows version, from Windows 2000 to the latest. However, on newer versions of server operating systems, classic ASP is blocked by default (but this can be changed by server administrator).

By default, ASP pages have ".asp" extension and are using VBScript (which is a restricted and "light" version of Visual Basic programming language).

ASP.NET is the successor of classic ASP and implements a completely new model. Released in January 2002, this technology is actively supported by Microsoft in every Windows version starting with Windows XP and server-editions.

The new ASP.NET web pages have an ".aspx" extension. The dynamic program code is stored separately (using the code-behind model) in another file with an extension of .vb (Visual Basic) or .cs (C sharp), depending of the programming language used.

Comparing OLD and NEW

Classic ASP is similar to PHP in how …
16
LVL 10

Expert Comment

by:Banthor
Comment Utility
I use all of the above depending on the needs of the client and implementation. While the nuts and bolts can be compared ad nauseam, the issue is simple.  If you have security concerns PII/Hipaa/financials you have to be on windows platforms with AD.
"Linux is not a securable platform for public consumption" -NSA

If your presentation requires controls that need to be valid against data changing outside the scope of the client. you have to use some form of server-side controls. []NET does this very well.

Scripting Language sites will out-scale managed code every time, because resources are only consumed as needed.
I have had 1500+ concurrent users against a 4 core server on classic asp including the SQL Server instance and never reached 30% CPU.  

Lamp solutions just don't have the toolsets for monitoring and performance metrics to bother with comparing them.
0

Expert Comment

by:Relu301
Comment Utility
Great article! Thank you for this, I am just a beginner in web technologies and wanted to know more of both "sides" to decide which one to learn. I will start with classic ASP, it seems easier than ASP.NET, although I value the "drag and drop" idea used in Visual Studio .NET to build ASP.NET pages - but I don't mind writing code since I already use HTML, JavaScript and CSS. That's why my next step is classic ASP, and not ASP.NET.
0
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update.

The Original Issue

This was written to stop an update script from using all of the CPU itself. It was slowing down all of the other services on the server, as it took 20 minutes or more to run. In my case, I was updating a MySQL database with 45000+ lines, from a CSV file, with far too many columns. There was a lot of processing for each record, and the data had to be checked "backwards and forwards".

The Need

Before you implement this code, make sure you actually need it. What I mean by this is ensure you are not causing the issues yourself. Many times, a re-written SQL statement will save bundles of time. In other cases, you may be better off sending something back to the client, with a Meta Refresh (another article coming soon?). I would suggest only using this if you really need it...

The Mistakes

I have seen many options for causing a delay. Most of them involve some thing like:

for i = 1 to 1000000
next

'' ## OR
Counter = 1000000
Do While Counter > 0
	Counter = Counter - 1
Loop

Open in new window


As anyone who has tried to run one of these will tell you, it just sends the CPU to 100%. And hopefully, you can see why. The server is trying very hard to get to the end of the script, burning clock cycle after clock cycle.

Another variation of this is to use the ASP "Timer". This basically has the same effect.

My Way...
3
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Hi G_H, thanks for the article. I'm sure many people will find this tip helpful.  I have one minor alterative that should also work:

            Set objCmd = objWShell.Exec("C:\WINDOWS\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds)
            strPResult = objCmd.StdOut.Readall()

Could be more simplified to:
            objWShell.Run "C:\WINDOWS\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds, 0, True

or
            objWShell.Run "cmd /c %WINDIR%\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds, 0, True

as you don't need to use Exec, as the output does not need capturing.

Thanks,

Rob.
0
LVL 28

Expert Comment

by:sybe
Comment Utility
classicaspfaq has another way, but it requires a connection to an SQL Server

http://classicasp.aspfaq.com/general/how-do-i-make-my-asp-page-pause-or-sleep.html
0
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :)

To start, I want to make sure everyone understands the importance of utilizing parameterized queries.

They are useful in preventing SQL Injection, and reducing the size of as well as reducing the size of the system table, syscacheobjects.

In my mind there is no more efficient method to programming and development than organizing your code into re-usable chunks.

Any time you can re-use something you have already developed, should be placed in an include file and called when the chunk of code is needed.

Thus said, I had a need to make some serious database calls and as everyone knows, simply cleaning the input is not always the most efficient and effective method.  It is always better to force the data types of the parameters you are passing to the database.  It is pretty easy to use parameterized queries in code to do this, but why bother writing and re-writing basically the same code every time you need to use it.

So, I came up with a method that will do everything you will need it to do for dynamically parameterized queries when developing a classic ASP web application.

I also added in some recordset paging.

Please note this can also be ported to Visual Basic and complied into a COM object for even more efficiency.

Please see the code below for the usage and class files for this tip.
0
LVL 25

Author Comment

by:kevp75
Comment Utility
Unfortunately, simply removing the invalid characters may not be effective at cleaning, as well as there may actually be a need to store html, script, etc...

Casting as nvarchar, yes it does double the string, but it also makes it so the code can be used internationally, and keep special characters.
0
LVL 10

Expert Comment

by:Banthor
Comment Utility
If you are going against MSSQL Server, you should always use stored procedures rather than dynamic SQL, Regardless of Injection issues and data type performance. You are missing out on internal caching and encapsulation.
0
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is to test my current websites using Internet Explorer (IE) 9. (Of which all my sites run perfectly under IE9)

Now, I run ASP Classic Applications mostly, about 99% of my site scripts are ASP Classic, with just a touch of VB.NET (ASP.NET). So, to test my sites within Windows 7 while I am there, I installed IIS7.5 and setup Classic ASP to run on the windows 7 system, and here you go, the instructions on just how it is done.

Note: Total time to setup is about 3-5 minutes, depending on the speed of your system, and you will need the windows 7 CD.

1. Installing IIS7.5


Open Control Panel
Click [Programs]
Choose [Turn Windows features on or off]
Turn Windows Features On and OffWhen the [Windows features] dialog appears
Click on the [+] and the [] box beside [Internet Information Services]
(When you click the box it will turn blue, and the [World Wide Web Services] & [IIS Management Console] will become active as well. Do not uncheck these!)

Now, put a check beside the following item(s)
[IIS Metabase and IIS 6 configuration compatibility]

Click the [+] beside [World Wide Web Services]
Then the [+] beside [Application Development Features]
Put a check beside the following area's
>> ASP
>> ASP.NET
9
LVL 11

Expert Comment

by:tobzzz
Comment Utility
Hi Carrzkiss,

Great article, I recently did the same (unfort. I didn't read this first!).

In my previous IIS7 on Vista, everytime I add a new site for dev, I added it in IIS7 with a unique port number, browsing to the folder of the website etc. So with localhost being my landing page, a new stie would be anything like http://localhost:569. Sometimes port numbers weren't like in Chrome and FF (IE never had the problem) saying it was reserved for elsewhere. Is this the best way of setting up multiple sites on IIS for development or is there a more straighforward way? I have over 100 to set up shortly and manually adding them one-by-one will be a pain. Do you know if it's impossible to export the list from my IIS7 and import it to IIS7.5? Maybe you have a better idea for all of this?

Thanks and best wishes

/ Tobzzz
0
LVL 1

Expert Comment

by:r1tman2003
Comment Utility
i went to a lot of hassle to lookup my account from 8 years ago to say THANKS. Now im going to go to a little more to hit the yes this was helpful button on another computer because the browser on my windows 2008 isnt configured for security and i cant remember how. i hate how MS changes isht with every release because they want to make us feel dumb so we keep de-upgrading. i want to upgrade to windows 98, I imagine how fast the required specs for their power hungry products would tear through that.
0

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:


 

The Exchange of information is power;
Power is the Exchange of Knowledge;
Knowledge is the Power that you have to help others in need of your help.
The Exchange of Information!


The information below is for people that want to learn how to use Parameterized Queries in their Classic ASP scripts. I was forced to learn this back in the beginning of 2009 and have taken off with it. There is nothing really tough about it, just read the liner notes and then try it out for yourself.


In this tutorial below, I am giving you several different scenarios and the code for them. It works all out at the end.


What are Parameterized queries?

Parameterized queries are queries that have one or more embedded parameters in the SQL statement. This method of embedding parameters into a SQL statement is less prone to errors than the method of dynamically building up a SQL string.

-- source: Taken from enterprisedb.com



Tutorial Begins

Now, on with the code/lesson... 


Note: If you have any questions please feel free to ask away. For this lesson, you will need to have the ADOVBS.inc file, which can be downloaded from here:
Download ADOVBS.INC


0. Getting Started


Make sure that the above line is at the very top of your page, and only one @ is allowed per page

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>


Make sure that you are using the charset=utf-8, if not then you will lose some of your protection!

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


This our CSS to be used at the bottom of the page

<style type="text/css">
                                        .MyTD{
                                        border:1px #000000 double;
                                        text-align:left;
                                        vertical-align:top;
                                        padding:3px;
                                        color:#999999;
                                        background-color:#333333;
                                        }
                                        </style>


Example of a FORM, none functional at this point

<form>
                                        <input type="hidden" name="MyID" value="<%=getID%>" />
                                        <input type="text" name="loginEmail" value="" />
                                        </form>


Example of a QueryString, none functional at this point, to be used on the Multiple and below

page.asp?ID=1&amp;Email=me@site.com


First, we need to make sure that no one can attack our codes, so we are going to use my custom ProtectSQL script.


This will be used to PROTECT your code/database from being attacked by idiots with nothing better to do.

<%
                                        Function ProtectSQL(SQLString)
                                        SQLString = Replace(SQLString, "'", "&#39;") ' replace single Quotes with Double Quotes
                                        SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
                                        SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
                                        SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
                                        SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
                                        SQLString = Replace(SQLString, "&", "&amp;")
                                        SQLString = Replace(SQLString, "%", "&#37;")
                                        ' replace vblf with <br /> (This is mainly used for Memo fields).
                                        SQLString = Replace(SQLString, vblf,"<br />") 
                                        SQLString = Trim(SQLString)
                                        ProtectSQL = SQLString
                                        End Function
                                        %>


When you call the codes back out, just do the ProtectSQL function in reverse, basically create a new Function and do a reverse on it. This will be used to display the data to the page (To your visitor)

<%
                                        Function ReverseSQL(SQLString)
                                        SQLRevString = Replace(SQLRevString, "&#39;", "'") 
                                        SQLRevString = Replace(SQLRevString, "&gt;", ">") 
                                        SQLRevString = Replace(SQLRevString, "&lt;", "<") 
                                        SQLRevString = Replace(SQLRevString, "&#40;","(") 
                                        SQLRevString = Replace(SQLRevString, "&#41;",")") 
                                        SQLRevString = Replace(SQLRevString, "&amp;", "&")
                                        SQLRevString = Replace(SQLRevString, "%", "&#37;")
                                        SQLRevString = Replace(SQLRevString,"<br />", vblf)
                                        SQLRevString = Trim(SQLRevString)
                                        ReverseSQL = SQLRevString
                                        End Function
                                        %>


These are our Variables for our Parameters. For ALL Examples, as you can see, we have wrapped the ProtectSQL() around each one, so that we can capture ALL the bad things that someone might want to throw at us.

<%
                                        loginEmail = ProtectSQL(request.Form("loginEmail"))
                                        loginPass = ProtectSQL(request.Form("Password"))
                                        myID = ProtectSQL(request.Form("myID"))
                                        %>


1. Using Parameters with text VarChar, with a field length of 25


<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, mydate FROM ordercavecustomer WHERE cusEmail =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        %>


2. Using Parameters with the Integer (INT)


As you can tell, we are not adding in a number, this is because the INT does not require a length, it can be any length up to 1 billion.

<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


3. We Are Going to Get Multiple Queries


Let's get these from our QueryString. As you can see, we have the Parameters in order of the way they are listed in our Statement, if not, then it will give you an error.

<%
                                        getID = ProtectSQL(request.QueryString("ID"))
                                        getEmail = ProtectSQL(request.QueryString("Email"))
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =? and cusEmail=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        %>


4. INSERT Statement


Once again, we have to have everything in order, to make sure that it gets inserted correctly and without error.

<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="INSERT into ordercavecustomer(cusEmail, password, myID)values(?,?,?)"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


5. UPDATE Statement


Same as before, in order as they are written. The WHERE goes last, and as you can see, it is also last in the parameters list.

<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="update ordercavecustomer set cusEmail=?, password=? where myID=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


6. DELETE Statement


This example will DELETE the item with the ID of whatever it is in the QueryString (or) FORM

<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="delete from ordercavecustomer where myID=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


7. Display the information to the visitor with the ReverseSQL in place.


<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, username, mydate, fname, lname FROM ordercavecustomer WHERE cusEmail =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        ' first we need to make sure that a record exist for the Query
                                        if not rschEmail.eof then
                                        ' Now. We want to show our information back to our visitor, so we need to reverse what we have protected. So we wrap our recordsets with the ReverseSQL Function
                                        strEmail = ReverseSQL(rschEmail("cusEmail"))
                                        strpassword = ReverseSQL(rschEmail("password"))
                                        strusername = ReverseSQL(rschEmail("username"))
                                        strmydate = rschEmail("mydate")
                                        strfname = ReverseSQL(rschEmail("fname"))
                                        strlname = ReverseSQL(rschEmail("lname"))
                                        elseif rschEmail.eof then
                                        response.Write "Sorry, the user does not exist in our system, Sorry! Please try again later."
                                        end if
                                        %>
                                        <table>
                                        <tr><td class="MyTD">Full Name</td><td class="MyTD"><%=strfname&" "&strlname%></td></tr>
                                        <tr><td class="MyTD">Email</td><td class="MyTD"><%=strEmail%></td></tr>
                                        <tr><td class="MyTD">Username</td><td class="MyTD"><%=strusername%></td></tr>
                                        <tr><td class="MyTD">Password</td><td class="MyTD"><%=strpassword%></td></tr>
                                        <tr><td class="MyTD">Date Joined</td><td class="MyTD"><%=strmydate%></td></tr>
                                        </table>


The copy/paste version is below.

10
LVL 31

Author Comment

by:Wayne Barron
Comment Utility
Yep, that will do it.
It is right simple to catch on to, and sometimes we have to double back to see what we missed from the last go around.
It happens to me as well and I am pretty sure that it happens to everyone from time to time.
Oversights are a pain at times.

Let me know if you need any other assistance on it.

Carrzkiss
0
LVL 31

Author Comment

by:Wayne Barron
Comment Utility
I want to apologize to "Slim81" and everyone else that has come in here and had issues with this Article, and that code that I supplied.
It was a complete over-site on my part, to have not caught on to the Parameter names, before I posted the Article.

Thank you to: rrhandle8 , for bringing it to my attention in a Thread I was assisting him with. Sometimes it takes a set of fresh eyes, to catch something that we all may miss in life.

Take Care and once again, please forgive me for my lack of attention in posting this article.
Carrzkiss
0
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests."

I got to thinking, hey, I use more than one javascript file, more than one CSS file, why not try to put them together...  while I'm at it, try to shrink them up a bit!

Here are the results from using the 'Net' Tab for the 'FireBug' plugin for FireFox (first clearing the cache, then closing the browser and reopening to the page):

Page With Compression:
3 Requests, 47KB, 280ms

Page Without Compression:
9 Requests, 49KB, 581ms

Although, it does not seem that the compression of the CSS and JS files has made a too much of a difference in file size of the requested items, as you can see from the load times of both pages are significantly differing suggesting that combining the files in such a way has reduced the round trips to the server.  Not only the load time of the page, but also the load time of the w3svc process on the server.

I watched the process for these 2 requests and noticed the compressed page had half the load time on the CPU.

At this time I do not believe the compressed/combined files are cacheable (unless I can be proven wrong of course...).  The files are opened from the server utilizing the FileSystemObject, read through, and then combined to a single string where it is rendered.


Here is the code I now use to minimize the requests to my …
3
LVL 6

Expert Comment

by:matija_
Comment Utility
Here's a free GZIP Active-X component for IIS: http://www.xstandard.com/en/documentation/xgzip/
0
LVL 18

Expert Comment

by:Rajar Ahmed
Comment Utility
Valuable info . I may use this in future .

0

ASP

81K

Solutions

31K

Contributors

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.