The Path to ASP
Application Security Testing: An Integral Part of DevOps
In this part I will try to show you the basics of ASP. This article doesn't pretend to be a complete ASP tutorial, but rather tries to give you some basic understanding of how to get started developing in ASP. So here we go with the basics:
- Give your files an .asp extension:
Unless otherwise configured, the server will only process ASP statements in files with the extension ".asp".
It's a common problem among rookie ASP developers to forget to enable scripting permissions and then spending hours trying to find errors in their code. Look in your IIS documentation for an explanation of how to do this.
- Enclose your ASP statements between <% and %> symbols:
To distinguish your ASP statements from the HTML they are embedded in, the server needs to know where ASP code starts and ends. You place your ASP statements between <% and %> delineators so the server can make this distinction.
<b><% Response.Write Date %></b>This example will write the current system date (via the ASP code between <% and %>) and make it bold (via the HTML tags outside <% and %>). To send the results of a function directly to the browser, you can use <%= and %=> delineators. For instance, the above example could be rewritten as:
<b><%= Date %></b>.
- Use the built-in "Server" object to access methods and properties of the server:
One of the most common usages of the Server object is to create instances of Server components. This is done with the CreateObject method of the Server object. The following example creates an instance of ADO database connection:
<% Set cn = Server.CreateObject("ADODB.Connection") %>
- Use the built-in Application object to share information between all users of the application:
You can use this object to share information between several users of your application. The following example shows how you can store some value in Application collection:
<% Application("message")="Hello World!" %>This value could be accessed by all the sessions currently using the application.
- Store information throughout the user session with the built-in Session object:
You can pass information between pages user accesses within one session. For example, you can store the name of user in a session object on one page (for instance, a login page) and then retrieve it on another.
<% Session("visitorsname")="Jack" %> ... Hello <%= Session("visitorsname") %> !This will send "Hello Jack!" to the browser.
- To access the information sent by the browser to the server, use the built-in Request object:
You can access data submitted by the user, cookies, server variables and more using the built-in Request object. The following example shows how to output the value of an item "visitorsname" that was form submitted to the server with the POST method:
Hello <%= Request.Form("visitorsname") %>!
- With the built-in Response object, you can control and actually send the data to browser:
You can write output to the browser, set cookies, change the content type of output, redirect the client to other pages and more by using this object.
This example could be used to redirect the client to a login.asp page:
<% Response.Redirect "default.asp" %>
- Use traditional flow control statements to implement your logic:
You can use Visual Basic's if...then statements, loops and other language features to accomplish the logic you need. In the following example, a welcome message is shown if the user has verified that his/her age is at least 18 and a forbidden message is shown 5 times in different font sizes if they are underage:
<% if CInt(Request.Form("age"))>=18 then %> Welcome to the site! <% else for i=1 to 5 %> <font size="<%= i =%>">Forbidden!</font> <% next end if %>
That will get you started on the road towards ASP, but to become really professional in any field, you need to continue to learn constantly. Deepening your knowledge is never-ending process. There are two ways of getting more knowledge. The first is from experience and the second is from technical articles, tips and examples. Experience will come only by developing more ASP projects. I can't help you get more of that, but I can give you destinations for advanced ASP articles, tips, tutorials and examples. There are lots of ASP-related sites publishing ASP articles (at a variety of skill levels). Among these, my favorites are (in random order):
These sites publish new ASP-related articles on a regular basis showing you new aspects and techniques of ASP development. You may also want to check the ASP section of ArticleCentral.com at www.articlecentral.com/cat.asp?deptid=24 for daily updated list of newest articles about ASP on many sites around the Web (including those mentioned above).
About the Author:
Alan Mendelevich lives in Lithuania, and currently spends most of his time working on ArticleCentral.com. He and the rest of ArticleCentral "work virtually around the clock monitoring hundreds of Web development related sites and listing newest resources in an easy to use categorized catalog. Every article of significant importance to the Webmaster and Web developer community is listed here the very same day it is released."WebReference.com.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...