ASP

80K

Solutions

7

Articles & Videos

31K

Contributors

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.

Share tech news, updates, or what's on your mind.

Sign up to Post

This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/Languages/Scripting/ASP/Q_28641013.html. The Asker was originally trying to find a way to eliminate the scenario where his users are staring at the screen thinking and writing only to click the submit button and find out that they were logged out and their updates are lost.

I know many people may try adjusting the script timeout or the session timeout only to find this does not work as expected. The reason is they forget about the idle timeout that is set to the default of 5 minutes in IIS: https://technet.microsoft.com/en-us/library/cc771956%28v=ws.10%29.aspx

Simply adjusting the idle timeout to something longer coupled with adjusting your session.timeout=60 (for 60 minutes) is not the best solution. Session variables can be reset if the app pool recycles or crashes: http://weblogs.asp.net/owscott/why-is-the-iis-default-app-pool-recycle-set-to-1740-minutes

An alternative is to issue a new and unique token at each log in. Then set a cookie using the generated token as well as storing the token in a user table in your database. On each page load, look up the cookie with the token, and look for a match in the user login table. If a match is found, test if the expiration date is valid. When everything checks out, give access …
5
 

Expert Comment

by:fskilnik
Comment Utility
Thank you VERY much for this OUTSTANDING article, Scott!!

Now all your marvellous suggestions are even clearer to me and I am certain that they will help a lot of people!!

Kind Regards,
fskilnik.
0
 
LVL 53

Author Comment

by:Scott Fell, EE MVE
Comment Utility
Thank you, I'm glad it helped.  Let me know when you are done what type of modifications you made.
0
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

I was asked about the differences between classic ASP and ASP.NET, so let me put them down here, for reference:

Let's make the introductions...

Classic ASP was launched by Microsoft in 1998 and dynamically generate web pages upon user interaction and server-side processing; this model is complementary to serving static web pages like well-known ".htm" files which mainly have fixed content, and opens a whole new world of possibilities in the web area. The ASP page have a mixed content of HTML and server-side VBScript (all in a single file).

Microsoft included ASP technology in every Windows version, from Windows 2000 to the latest. However, on newer versions of server operating systems, classic ASP is blocked by default (but this can be changed by server administrator).

By default, ASP pages have ".asp" extension and are using VBScript (which is a restricted and "light" version of Visual Basic programming language).

ASP.NET is the successor of classic ASP and implements a completely new model. Released in January 2002, this technology is actively supported by Microsoft in every Windows version starting with Windows XP and server-editions.

The new ASP.NET web pages have an ".aspx" extension. The dynamic program code is stored separately (using the code-behind model) in another file with an extension of .vb (Visual Basic) or .cs (C sharp), depending of the programming language used.

Comparing OLD and NEW

Classic ASP is similar to PHP in how …
16
 
LVL 10

Expert Comment

by:Banthor
Comment Utility
I use all of the above depending on the needs of the client and implementation. While the nuts and bolts can be compared ad nauseam, the issue is simple.  If you have security concerns PII/Hipaa/financials you have to be on windows platforms with AD.
"Linux is not a securable platform for public consumption" -NSA

If your presentation requires controls that need to be valid against data changing outside the scope of the client. you have to use some form of server-side controls. []NET does this very well.

Scripting Language sites will out-scale managed code every time, because resources are only consumed as needed.
I have had 1500+ concurrent users against a 4 core server on classic asp including the SQL Server instance and never reached 30% CPU.  

Lamp solutions just don't have the toolsets for monitoring and performance metrics to bother with comparing them.
0
 

Expert Comment

by:Relu301
Comment Utility
Great article! Thank you for this, I am just a beginner in web technologies and wanted to know more of both "sides" to decide which one to learn. I will start with classic ASP, it seems easier than ASP.NET, although I value the "drag and drop" idea used in Visual Studio .NET to build ASP.NET pages - but I don't mind writing code since I already use HTML, JavaScript and CSS. That's why my next step is classic ASP, and not ASP.NET.
0
Have you ever needed to get an ASP script to wait for a while? I have, just to let something else happen. Or in my case, to allow other stuff to happen while I was murdering my MySQL database with an update.

The Original Issue

This was written to stop an update script from using all of the CPU itself. It was slowing down all of the other services on the server, as it took 20 minutes or more to run. In my case, I was updating a MySQL database with 45000+ lines, from a CSV file, with far too many columns. There was a lot of processing for each record, and the data had to be checked "backwards and forwards".

The Need

Before you implement this code, make sure you actually need it. What I mean by this is ensure you are not causing the issues yourself. Many times, a re-written SQL statement will save bundles of time. In other cases, you may be better off sending something back to the client, with a Meta Refresh (another article coming soon?). I would suggest only using this if you really need it...

The Mistakes

I have seen many options for causing a delay. Most of them involve some thing like:

for i = 1 to 1000000
next

'' ## OR
Counter = 1000000
Do While Counter > 0
	Counter = Counter - 1
Loop

Open in new window


As anyone who has tried to run one of these will tell you, it just sends the CPU to 100%. And hopefully, you can see why. The server is trying very hard to get to the end of the script, burning clock cycle after clock cycle.

Another variation of this is to use the ASP "Timer". This basically has the same effect.

My Way...
3
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Hi G_H, thanks for the article. I'm sure many people will find this tip helpful.  I have one minor alterative that should also work:

            Set objCmd = objWShell.Exec("C:\WINDOWS\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds)
            strPResult = objCmd.StdOut.Readall()

Could be more simplified to:
            objWShell.Run "C:\WINDOWS\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds, 0, True

or
            objWShell.Run "cmd /c %WINDIR%\system32\PING 0." & Hour(Now()) & "." & Minute(Now()) & "." & Second(Now()) & " -n 1 -w " & Seconds, 0, True

as you don't need to use Exec, as the output does not need capturing.

Thanks,

Rob.
0
 
LVL 28

Expert Comment

by:sybe
Comment Utility
classicaspfaq has another way, but it requires a connection to an SQL Server

http://classicasp.aspfaq.com/general/how-do-i-make-my-asp-page-pause-or-sleep.html
0
I would like to start this tip/trick by saying Thank You, to all who said that this could not be done, as it forced me to make sure that it could be accomplished. :)

To start, I want to make sure everyone understands the importance of utilizing parameterized queries.

They are useful in preventing SQL Injection, and reducing the size of as well as reducing the size of the system table, syscacheobjects.

In my mind there is no more efficient method to programming and development than organizing your code into re-usable chunks.

Any time you can re-use something you have already developed, should be placed in an include file and called when the chunk of code is needed.

Thus said, I had a need to make some serious database calls and as everyone knows, simply cleaning the input is not always the most efficient and effective method.  It is always better to force the data types of the parameters you are passing to the database.  It is pretty easy to use parameterized queries in code to do this, but why bother writing and re-writing basically the same code every time you need to use it.

So, I came up with a method that will do everything you will need it to do for dynamically parameterized queries when developing a classic ASP web application.

I also added in some recordset paging.

Please note this can also be ported to Visual Basic and complied into a COM object for even more efficiency.

Please see the code below for the usage and class files for this tip.
0
 
LVL 25

Author Comment

by:kevp75
Comment Utility
Unfortunately, simply removing the invalid characters may not be effective at cleaning, as well as there may actually be a need to store html, script, etc...

Casting as nvarchar, yes it does double the string, but it also makes it so the code can be used internationally, and keep special characters.
0
 
LVL 10

Expert Comment

by:Banthor
Comment Utility
If you are going against MSSQL Server, you should always use stored procedures rather than dynamic SQL, Regardless of Injection issues and data type performance. You are missing out on internal caching and encapsulation.
0
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is to test my current websites using Internet Explorer (IE) 9. (Of which all my sites run perfectly under IE9)

Now, I run ASP Classic Applications mostly, about 99% of my site scripts are ASP Classic, with just a touch of VB.NET (ASP.NET). So, to test my sites within Windows 7 while I am there, I installed IIS7.5 and setup Classic ASP to run on the windows 7 system, and here you go, the instructions on just how it is done.

Note: Total time to setup is about 3-5 minutes, depending on the speed of your system, and you will need the windows 7 CD.

1. Installing IIS7.5


Open Control Panel
Click [Programs]
Choose [Turn Windows features on or off]
Turn Windows Features On and OffWhen the [Windows features] dialog appears
Click on the [+] and the [] box beside [Internet Information Services]
(When you click the box it will turn blue, and the [World Wide Web Services] & [IIS Management Console] will become active as well. Do not uncheck these!)

Now, put a check beside the following item(s)
[IIS Metabase and IIS 6 configuration compatibility]

Click the [+] beside [World Wide Web Services]
Then the [+] beside [Application Development Features]
Put a check beside the following area's
>> ASP
>> ASP.NET
9
 
LVL 11

Expert Comment

by:tobzzz
Comment Utility
Hi Carrzkiss,

Great article, I recently did the same (unfort. I didn't read this first!).

In my previous IIS7 on Vista, everytime I add a new site for dev, I added it in IIS7 with a unique port number, browsing to the folder of the website etc. So with localhost being my landing page, a new stie would be anything like http://localhost:569. Sometimes port numbers weren't like in Chrome and FF (IE never had the problem) saying it was reserved for elsewhere. Is this the best way of setting up multiple sites on IIS for development or is there a more straighforward way? I have over 100 to set up shortly and manually adding them one-by-one will be a pain. Do you know if it's impossible to export the list from my IIS7 and import it to IIS7.5? Maybe you have a better idea for all of this?

Thanks and best wishes

/ Tobzzz
0
 
LVL 1

Expert Comment

by:r1tman2003
Comment Utility
i went to a lot of hassle to lookup my account from 8 years ago to say THANKS. Now im going to go to a little more to hit the yes this was helpful button on another computer because the browser on my windows 2008 isnt configured for security and i cant remember how. i hate how MS changes isht with every release because they want to make us feel dumb so we keep de-upgrading. i want to upgrade to windows 98, I imagine how fast the required specs for their power hungry products would tear through that.
0

I have helped a lot of people on EE with their coding sources and have enjoyed near about every minute of it. Sometimes it can get a little tedious but it is always a challenge and the one thing that I always say is:


 

The Exchange of information is power;
Power is the Exchange of Knowledge;
Knowledge is the Power that you have to help others in need of your help.
The Exchange of Information!


The information below is for people that want to learn how to use Parameterized Queries in their Classic ASP scripts. I was forced to learn this back in the beginning of 2009 and have taken off with it. There is nothing really tough about it, just read the liner notes and then try it out for yourself.


In this tutorial below, I am giving you several different scenarios and the code for them. It works all out at the end.


What are Parameterized queries?

Parameterized queries are queries that have one or more embedded parameters in the SQL statement. This method of embedding parameters into a SQL statement is less prone to errors than the method of dynamically building up a SQL string.

-- source: Taken from enterprisedb.com



Tutorial Begins

Now, on with the code/lesson... 


Note: If you have any questions please feel free to ask away. For this lesson, you will need to have the ADOVBS.inc file, which can be downloaded from here:
Download ADOVBS.INC


0. Getting Started


Make sure that the above line is at the very top of your page, and only one @ is allowed per page

<%@LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>


Make sure that you are using the charset=utf-8, if not then you will lose some of your protection!

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />


This our CSS to be used at the bottom of the page

<style type="text/css">
                                        .MyTD{
                                        border:1px #000000 double;
                                        text-align:left;
                                        vertical-align:top;
                                        padding:3px;
                                        color:#999999;
                                        background-color:#333333;
                                        }
                                        </style>


Example of a FORM, none functional at this point

<form>
                                        <input type="hidden" name="MyID" value="<%=getID%>" />
                                        <input type="text" name="loginEmail" value="" />
                                        </form>


Example of a QueryString, none functional at this point, to be used on the Multiple and below

page.asp?ID=1&amp;Email=me@site.com


First, we need to make sure that no one can attack our codes, so we are going to use my custom ProtectSQL script.


This will be used to PROTECT your code/database from being attacked by idiots with nothing better to do.

<%
                                        Function ProtectSQL(SQLString)
                                        SQLString = Replace(SQLString, "'", "&#39;") ' replace single Quotes with Double Quotes
                                        SQLString = Replace(SQLString, ">", "&gt;") ' replace > with &gt;
                                        SQLString = Replace(SQLString, "<", "&lt;") ' replace < with &lt;
                                        SQLString = Replace(SQLString, "(","&#40;") ' replace ( with &#40;
                                        SQLString = Replace(SQLString, ")","&#41;") ' replace ) with &#41;
                                        SQLString = Replace(SQLString, "&", "&amp;")
                                        SQLString = Replace(SQLString, "%", "&#37;")
                                        ' replace vblf with <br /> (This is mainly used for Memo fields).
                                        SQLString = Replace(SQLString, vblf,"<br />") 
                                        SQLString = Trim(SQLString)
                                        ProtectSQL = SQLString
                                        End Function
                                        %>


When you call the codes back out, just do the ProtectSQL function in reverse, basically create a new Function and do a reverse on it. This will be used to display the data to the page (To your visitor)

<%
                                        Function ReverseSQL(SQLString)
                                        SQLRevString = Replace(SQLRevString, "&#39;", "'") 
                                        SQLRevString = Replace(SQLRevString, "&gt;", ">") 
                                        SQLRevString = Replace(SQLRevString, "&lt;", "<") 
                                        SQLRevString = Replace(SQLRevString, "&#40;","(") 
                                        SQLRevString = Replace(SQLRevString, "&#41;",")") 
                                        SQLRevString = Replace(SQLRevString, "&amp;", "&")
                                        SQLRevString = Replace(SQLRevString, "%", "&#37;")
                                        SQLRevString = Replace(SQLRevString,"<br />", vblf)
                                        SQLRevString = Trim(SQLRevString)
                                        ReverseSQL = SQLRevString
                                        End Function
                                        %>


These are our Variables for our Parameters. For ALL Examples, as you can see, we have wrapped the ProtectSQL() around each one, so that we can capture ALL the bad things that someone might want to throw at us.

<%
                                        loginEmail = ProtectSQL(request.Form("loginEmail"))
                                        loginPass = ProtectSQL(request.Form("Password"))
                                        myID = ProtectSQL(request.Form("myID"))
                                        %>


1. Using Parameters with text VarChar, with a field length of 25


<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, mydate FROM ordercavecustomer WHERE cusEmail =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        %>


2. Using Parameters with the Integer (INT)


As you can tell, we are not adding in a number, this is because the INT does not require a length, it can be any length up to 1 billion.

<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


3. We Are Going to Get Multiple Queries


Let's get these from our QueryString. As you can see, we have the Parameters in order of the way they are listed in our Statement, if not, then it will give you an error.

<%
                                        getID = ProtectSQL(request.QueryString("ID"))
                                        getEmail = ProtectSQL(request.QueryString("Email"))
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, myID FROM ordercavecustomer WHERE myID =? and cusEmail=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        %>


4. INSERT Statement


Once again, we have to have everything in order, to make sure that it gets inserted correctly and without error.

<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="INSERT into ordercavecustomer(cusEmail, password, myID)values(?,?,?)"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


5. UPDATE Statement


Same as before, in order as they are written. The WHERE goes last, and as you can see, it is also last in the parameters list.

<%
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="update ordercavecustomer set cusEmail=?, password=? where myID=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@password", adVarChar, adParamInput, 25, loginPass)
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


6. DELETE Statement


This example will DELETE the item with the ID of whatever it is in the QueryString (or) FORM

<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.commandtext="delete from ordercavecustomer where myID=?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@myID", adInteger, adParamInput, , getmyID)
                                        set rschEmail = chEmail.execute
                                        %>


7. Display the information to the visitor with the ReverseSQL in place.


<%
                                        
                                        Set chEmail = Server.CreateObject("ADODB.Command")
                                        chEmail.ActiveConnection=objConn
                                        chEmail.Prepared = true
                                        chEmail.commandtext="SELECT cusEmail, password, username, mydate, fname, lname FROM ordercavecustomer WHERE cusEmail =?"
                                        chEmail.Parameters.Append chEmail.CreateParameter("@cusEmail", adVarChar, adParamInput, 25, loginEmail)
                                        set rschEmail = chEmail.execute
                                        ' first we need to make sure that a record exist for the Query
                                        if not rschEmail.eof then
                                        ' Now. We want to show our information back to our visitor, so we need to reverse what we have protected. So we wrap our recordsets with the ReverseSQL Function
                                        strEmail = ReverseSQL(rschEmail("cusEmail"))
                                        strpassword = ReverseSQL(rschEmail("password"))
                                        strusername = ReverseSQL(rschEmail("username"))
                                        strmydate = rschEmail("mydate")
                                        strfname = ReverseSQL(rschEmail("fname"))
                                        strlname = ReverseSQL(rschEmail("lname"))
                                        elseif rschEmail.eof then
                                        response.Write "Sorry, the user does not exist in our system, Sorry! Please try again later."
                                        end if
                                        %>
                                        <table>
                                        <tr><td class="MyTD">Full Name</td><td class="MyTD"><%=strfname&" "&strlname%></td></tr>
                                        <tr><td class="MyTD">Email</td><td class="MyTD"><%=strEmail%></td></tr>
                                        <tr><td class="MyTD">Username</td><td class="MyTD"><%=strusername%></td></tr>
                                        <tr><td class="MyTD">Password</td><td class="MyTD"><%=strpassword%></td></tr>
                                        <tr><td class="MyTD">Date Joined</td><td class="MyTD"><%=strmydate%></td></tr>
                                        </table>


The copy/paste version is below.

10
 
LVL 31

Author Comment

by:Wayne Barron
Comment Utility
Yep, that will do it.
It is right simple to catch on to, and sometimes we have to double back to see what we missed from the last go around.
It happens to me as well and I am pretty sure that it happens to everyone from time to time.
Oversights are a pain at times.

Let me know if you need any other assistance on it.

Carrzkiss
0
 
LVL 31

Author Comment

by:Wayne Barron
Comment Utility
I want to apologize to "Slim81" and everyone else that has come in here and had issues with this Article, and that code that I supplied.
It was a complete over-site on my part, to have not caught on to the Parameter names, before I posted the Article.

Thank you to: rrhandle8 , for bringing it to my attention in a Thread I was assisting him with. Sometimes it takes a set of fresh eyes, to catch something that we all may miss in life.

Take Care and once again, please forgive me for my lack of attention in posting this article.
Carrzkiss
0
I recently decide that I needed a way to make my pages scream on the net.   While searching around how I can accomplish this I stumbled across a great article that stated "minimize the server requests."

I got to thinking, hey, I use more than one javascript file, more than one CSS file, why not try to put them together...  while I'm at it, try to shrink them up a bit!

Here are the results from using the 'Net' Tab for the 'FireBug' plugin for FireFox (first clearing the cache, then closing the browser and reopening to the page):

Page With Compression:
3 Requests, 47KB, 280ms

Page Without Compression:
9 Requests, 49KB, 581ms

Although, it does not seem that the compression of the CSS and JS files has made a too much of a difference in file size of the requested items, as you can see from the load times of both pages are significantly differing suggesting that combining the files in such a way has reduced the round trips to the server.  Not only the load time of the page, but also the load time of the w3svc process on the server.

I watched the process for these 2 requests and noticed the compressed page had half the load time on the CPU.

At this time I do not believe the compressed/combined files are cacheable (unless I can be proven wrong of course...).  The files are opened from the server utilizing the FileSystemObject, read through, and then combined to a single string where it is rendered.


Here is the code I now use to minimize the requests to my …
3
 
LVL 6

Expert Comment

by:matija_
Comment Utility
Here's a free GZIP Active-X component for IIS: http://www.xstandard.com/en/documentation/xgzip/
0
 
LVL 18

Expert Comment

by:Rajar Ahmed
Comment Utility
Valuable info . I may use this in future .

0

ASP

80K

Solutions

7

Articles & Videos

31K

Contributors

Active Server Pages (ASP) is Microsoft’s first server-side engine for dynamic web pages. ASP’s support of the Component Object Model (COM) enables it to access and use compiled libraries such as DLLs. It has been superseded by ASP.NET, but will be supported by Internet Information Services (IIS) through at least 2022.