2004 Tau Yenny, SI - Binus M0194 Web-based Programming Lanjut Session 3

2004 Tau Yenny, SI - Binus

M0194 Web-based Programming Lanjut

Session 3


2

Server Processes and the ASP Server Object Include Files and ASP Server-side Include (SSI) Directive The ASP Server Object Error Handling with the Server Object


3

ASP #include Directive

#include instruction takes the entire content of file and insert it into the page, replacing the  line. separating script from content reduced maintenance costs an easy way to insert information that is specific to a server

1. <%

2. strConnect = “SERVER=myserver;DATABASE=mydb;DRIVER={SQL SERVER}; “ _

3. & “UID=username;PWD=secretpassword”

4. %>

1. 

2. <%

3. ….

4. strTheConnectionString = strConnect ‘From include file

5. ….

6. %>

connect.inc

we can use connect.inc in any of our page with:


4

Include File and ASP

The #include instruction in an ASP page isn’t actually processed like a true SSI directive.

ASP recognizes as it parses the file.

ssinc.dll is used directly to carry out the SSI #include directive.

The complete page, with #include instruction replaced by the contents of the file, is then interpreted by ASP.

ASP has no control over what happens in the #include statement. To set the value of the #include instruction file reference with ASP code doesn’t work.


5

Include File and ASP

This won’t work because ssinc.dll will look for a file named <%= strIncludeURL %>, and won’t be able to find it

1. <%

2. ‘This will *not* work

3. strIncludeURL = Request.Form(“FileName”)

4. %>

…



This inserts the contents of the file named usefulbits.inc into the response. The file can be described by a relative or full path and filename combination, such as FILE=“..\scripts\myscr.inc”. It can alternatively be described using a virtual relative or absolute path using the VIRTUAL attribute, for example:






9

Server Side Include DirectivesDirective Description

#config Specifies the format that will be used for dates, times, and file sizes in following directives, and the text of the generic SSI error message that is returned to the client. For example:



Sets the SSI error message text to ‘SSI Processing Error’.



Sets the format for dates and times that are returned by following SSI directives .This example sets a format style of Saturday, August 14 2004 10:34:50.



Sets the unit by which file size returned by following SSI directives will be calculated. This example sets the unit to bytes. The alternative value for SIZEFMT is “ABBREV”, which specifies that the size calculation will return the file size in kilobytes (KB).


10

Server Side Include Directives

Directive Description

#echo Inserts the value of an HTTP environment variable into the response stream being sent to the client, replacing the directive. For example:



Writes the name of the server that is executing the directive into the page.

#fsize Inserts the size of a specified file into the response stream being sent to the client, replacing the directive. For example:



Like the #include directive, the file can alternatively be defined using a VIRTUAL path such as:

VIRTUAL=“/mysite/usefulbits.inc”

or

VIRTUAL=“../thisbits/usefulbits.inc”


11


#exec Executes a program or a shell command on the server. For example:



Executes the CGI application named myapp.exe in the context of the Web server. It will also pass the value of the query string value1=this&value2=that to the application. The application runs in a separate memory space from the Web server.



Starts an instance of the specified operating system command interpreter (in this case cmd.exe), and executes the command iisreset /stop. The /C parameter instructs the command interpreter to exit automatically once the command has been executed. You must add the following entry to the Windows Registry when using the CMD version of #exec:

HKEY_LOCAL_MACHINE

\SYSTEM

\CurrentControlSet

\Services

\W3SVC

\Parameters

\SSIEnableCmdDirective

Set the value to 1 and restart the WWW service to allow the CMD token to be used in the #exec directive. Set it to 0 to disable it and prevent unauthorized use.


12


#flastmod Insert the date and time that a specified file was last modified into the response stream being sent to the client, replacing the directive. For example:



Like the #include directive, the file can alternatively be defined using a VIRTUAL path such as:

VIRTUAL=“/mysite/usefulbits.inc”

or

VIRTUAL=“../thisbit/usefulbits.inc”


13

SSI/CGI In Action1. <HTML>2. <HEAD><TITLE>SSI Directives and The ASP Server Object</TITLE></HEAD>3. <BODY>4. <H1>SSI Directives and The ASP Server Object<HR></H1>5. <UL><LI><A HREF="ssi_cgi.stm">Server Side Include and CGI Statements</A></LI>6. <LI><A HREF="ssi_exec.asp">Using the #exec Server Side Include Directive</A></LI>7. <LI><A HREF="show_server.asp">Using the ASP Server Object</A></LI></UL>8. </BODY>9. </HTML>


14

Using the SSI/CGI Processing Directives

1. <P><DIV CLASS="subhead">Including Files with SSI</DIV>2. This text has been inserted into the page using the Server-Side Include(SSI)3. instruction:<BR>4. <P>

intro.inc

ssi_cgi.stm1. <HTML>2. <HEAD>3. <TITLE>SSI and CGI Instructions</TITLE>4. <STYLE TYPE="text/css">5. .subhead {font-size=1.25em }6. </STYLE>7. </HEAD>8. <BODY> 9. 10. <P><DIV CLASS="subhead">SSI Statement</DIV>11.  12. (sets error message in case of SSI error)<BR>13. <P>


15

14. Details of file 'Default.asp':<BR>15.  16. (sets fsize to return size in bytes)<BR>17. 

18.  19. returns: <B>  bytes</B><BR>

20.  21. (sets format for date/time results)<BR>22. 

23. 24. returns: <B> </B><P>

25. <DIV CLASS="subhead">HTTP Variables</DIV>26. 27. returns: <B> </B><BR>28. 29. returns: <B> </B><BR>30. </BODY>31. </HTML>

ssi_cgi.stm

Using the SSI/CGI Processing Directives


16

Using the SSI/CGI Processing DirectivesThis page uses all the directives we’ve looked at earlier except #exec directive


17

Using the #exec Directive1. <HTML><HEAD>2. <TITLE>The SSI #exec Directive</TITLE>3. <STYLE TYPE="text/css">4. .subhead {font-size=1.25em }5. </STYLE></HEAD>6. <BODY>7. <H1>The SSI #exec Directive<HR></H1>8. <DIV CLASS="subhead">Stopping and Starting a Service</DIV>9. <FORM ACTION="<%=Request.ServerVariables("SCRIPT_NAME") %>" METHOD="POST">10. <INPUT TYPE="SUBMIT" NAME="cmdStop" VALUE="   ">11. Stop the Microsoft Indexing Service<BR><BR>12. <INPUT TYPE="SUBMIT" NAME="cmdStart" VALUE="   ">13. Start the Microsoft Indexing Service<BR>14. </FORM>15. <%16. If Len(Request.Form("cmdStart")) Then17. Response.Redirect("startcis.stm")18. End If19. If Len(Request.Form("cmdStop")) Then20. Response.Redirect("stopcis.stm")21. End If22. %>23. </BODY>24. </HTML>

ssi_exec.asp


18

Using the #exec Directive


19

Running #exec Directive First, create the SSIEnableCmdDirective entry (with type DWORD) in the Registry

on your Web server machine under the existing key named:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC\Parameters

And then set the value to 1, as shown below:


20

Running #exec DirectiveFire up the Internet Services Manager utility and Select the directory containing the .stm files that use #exec. Then open the Properties dialog for that directory. In the Direcory Security page click the Edit button in the Anonymous access and authentication control section to open the Authentication Methods dialog.

Turn off the Anonymous access checkbox. If you’re not using IE, turn on the Basic authentication option to allow non-IE browsers to submit a username/password to access the pages.


21

Running #exec Directive

Restart the WWW service.


22

Running #exec Directive

To be able to see the results of starting and stopping the service, open the Service MMC snap-in and stop the Indexing Service.


23

Starting and Stopping the Indexing Service


24

1. <HTML><HEAD><TITLE>The SSI #exec Directive</TITLE></HEAD>2. <BODY>3. <H1>The SSI #exec Directive<HR></H1>4. <P>Processing the SSI directive:</P>5. <P><B></B></P>6. 7. <FORM ACTION="ssi_exec.asp">8. <INPUT TYPE="SUBMIT" NAME="cmdOK" VALUE="   ">9. Return to the previous page<P>10. </FORM>11. </BODY></HTML>

1. <HTML><HEAD><TITLE>The SSI #exec Directive</TITLE></HEAD>2. <BODY>3. <H1>The SSI #exec Directive<HR></H1>4. <P>Processing the SSI directive:</P>5. <P><B></B></P>6. 7. <FORM ACTION="ssi_exec.asp">8. <INPUT TYPE="SUBMIT" NAME="cmdOK" VALUE="   ">9. Return to the previous page<P>10. </FORM>11. </BODY></HTML>

startcis.stm

stopcis.stm

Starting and Stopping the Indexing Service


25

ASP Server Object

Property Description

ScriptTimeout Integer. Default = 90.

Sets or returns the number of seconds that script in the page can execute for before the server aborts page execution and reports an error. This automatically halts and removes from memory pages that contain errors that may lock execution into a loop, or those that stall while waiting for a resource to become available. This prevents the server becoming overloaded with badly behaved pages. You may need to increase this value for pages that do take a long time to run.

The Properties of the Server Object


26

ASP Server ObjectThe Methods of the Server Object

Method Description

CreateObject(“identifier”) Creates an instance of the object (a component, application or scripting object) that is identified by “identifier”, and return a reference to it that can be used in our code. Can be used in the global.asa page of a virtual application to create objects with session-level or application-level scope. The object can be identified by its ClassID such as “{clsid:BD96C556-65A3…37A9}” or by a ProgID string such as “ADODB.Connection”.

Execute(“url”) Stops executing of the current page and transfer control to the page specified in “url”. The user’s current environment is carried over to the new page. After that page has finished execution, control passes back to the original page and execution resumes at the statement after the Execute method call.

GetLastError( ) Returns a reference to an ASPError object that holds details of the last error that occurred within the ASP processing of the page. The information exposed by the ASPError object includes the file name, line number, error code, etc.


27

ASP Server ObjectThe Methods of the Server Object

Method Description

HTMLEncode(“string”) Returns a string that is a copy of the input value “string” but with all non-legal HTML characters – such as ‘<‘. ‘>’, ‘&’, and double quotes – converted into the equivalent HTML entity – i.e. <, >, &, ", etc.

MapPath(“url”) Returns the full physical path and filename of the file or resource specified in “url”.

Transfer(“url”) Stops execution of the current page and transfers control to the page specified in “url”. The user’s current environment (i.e. session state and any current transaction state) is carried over to the new page. Unlike the Execute method, execution doesn’t resume in the original page, but ends when the new page has completed executing.

URLEncode(“string”) Return a string that is a copy of the input value “string” but with all characters that are not valid in a URL – such as ‘?’, ‘&’ and spaces – converted into the equivalent URL entity – i.e. ‘%3F’, ‘%26’, and ‘+’.


28

Creating Object Instances

VBScript supports CreateObject and GetObject methods.

CreateObject method takes as its argument a ClassID or (more usually) a ProgID string, and returns a new object of that type:Set objNewObject = CreateObject(“ADODB.Connection”)

GetObject method is normally used when we have a document of a specific type, and we want to create an instance of an object that can handle this type of document:Set objExcel = getObject(“C:\myfiles\sales.xlw”)

We can also specify the type of object that we want as well as a filename, which is useful if we have several objects that can handle that document type:Set objExcel = getObject(“C:\myfiles\sales.xlw”, “Excel.Application”)


29

Creating Object Instances

JScript has getObject, which works like the VBScript version.

JScript implements a function that works in the same way as VBScript CreateObject method, named ActiveXObject.

objNewObject = new ActiveXObject(“This.Object”);


301. <HTML>2. <HEAD> <TITLE>The Server Object</TITLE> </HEAD>

3. <BODY>4. <H2>The ASP Server Object<HR></H2>5. <%6. Quot = Chr(34)

7. If Len(Request.Form("cmdCreate")) Then8. strObjectName = Request.Form("txtObjectName")9. On Error Resume Next 'Turn off default error handling10. Set objObject = Server.CreateObject(strObjectName)11. On Error Goto 012. If IsObject (objObject) Then13. Response.Write "<B>Results:</B><BR>Successfully created object of " _14. & "<B>" & Quot & strObjectName & Quot & "</B><HR>"15. Else16. Response.Write "<B>Results:</B><BR>Failed to create object of " _17. & "<B>" & Quot & strObjectName & Quot & "</B><HR>"18. End If19. End If

20. If Len(Request.Form("cmdExecute")) Then21. strPath = Request.Form("txtExecute")22. Response.Write "Currently executing the page: <B>" _23. & Request.ServerVariables("SCRIPT_NAME") & "</B><BR>"24. Server.Execute (strPath)25. Response.Write "Currently executing the page: <B>" _26. & Request.ServerVariables("SCRIPT_NAME") & "</B><BR><BR>"27. End If

show_server.asp


3130. If Len(Request.Form("cmdTransfer")) Then

31. strPath = Request.Form("txtTransfer")

32. Response.Write "Currently executing the page: <B>" _

33. & Request.ServerVariables("SCRIPT_NAME") & "</B><BR>"

34. Server.Transfer(strPath)

35. End If

36. If Len(Request.Form("cmdGetLastError")) Then

37. Dim arrThis(3)

38. arrThis(4) = "Causes an error"

39. End If

40. If Len(Request.Form("cmdMapPath")) Then

41. strValue = Request.Form("txtMapPath")

42. Response.Write "<B>Results:</B><BR>Server.MapPath(" & Quot & strValue _

43. & Quot & ") returned <B>" & Quot & Server.MapPath(strValue) _

44. & Quot & "</B><HR>"

45. End If

46. If Len(Request.Form("cmdHTMLEncode")) Then

47. strValue = Request.Form("txtHTMLEncode")

48. strResult = Server.HTMLEncode(strValue)

49. strDisplay = Server.HTMLEncode(strResult)

50. Response.Write "<B>Results:</B><BR>Server.HTMLEncode (" & Quot & strResult _

51. & Quot & ") returned<BR><B>" & Quot & strDisplay & Quot _

52. & "</B><HR>"

53. End If

show_server.asp


3254. If Len(Request.Form("cmdURLEncode")) Then

55. strValue = Request.Form("txtURLEncode")

56. Response.Write "<B>Results:</B><BR>Server.URLEncode (" & Quot & strValue _

57. & Quot & ") returned<BR><B>" & Quot & Server.URLEncode (strValue) & Quot _

58. & "</B><HR>"

59. End If

60. %>

61. <BIG>Property Value</BIG><BR>

62. <% Response.Write "Server.Timeout = <B>" & Server.ScriptTimeout & "</B></P>“ %>

63. <FORM ACTION="<%=Request.ServerVariables("SCRIPT_NAME") %>" METHOD="POST">

64. <BIG>Create an Instance of a Component</BIG><BR>

65. <INPUT TYPE="SUBMIT" NAME="cmdCreate" VALUE="   ">

66. Server.CreateObject(“ <INPUT TYPE="TEXT" NAME="txtObjectName" VALUE="">")<BR><BR>

67. <BIG>Execute Another ASP Page</BIG><BR>

68. <INPUT TYPE="SUBMIT" NAME="cmdExecute" VALUE="   ">

69. Server.Execute(“ <INPUT TYPE="TEXT" NAME="txtExecute" VALUE="">")<BR>

70. <INPUT TYPE="SUBMIT" NAME="cmdTransfer" VALUE="   ">

71. Server.Transfer(“ <INPUT TYPE="TEXT" NAME="txtTransfer" VALUE="">")<BR><BR>

72. <BIG>Get ASP Error Details</BIG><BR>

73. <INPUT TYPE="SUBMIT" NAME="cmdGetLastError" VALUE="   ">

74. Server.GetLastError()<BR><BR>

show_server.asp


3378. <BIG>Miscellaneous Methods</BIG><BR>

79. <INPUT TYPE="SUBMIT" NAME="cmdMapPath" VALUE="   ">

80. Server.MapPath(“ <INPUT TYPE="TEXT" NAME="txtMapPath" VALUE="" SIZE="30">")<BR>

81. <INPUT TYPE="SUBMIT" NAME="cmdHTMLEncode" VALUE="   ">

82. Server.HTMLEncode(“ <INPUT TYPE="TEXT" NAME="txtHTMLEncode" VALUE="" SIZE="30">")<BR>

83. <INPUT TYPE="SUBMIT" NAME="cmdURLEncode" VALUE="   ">

84. Server.URLEncode(“ <INPUT TYPE="TEXT" NAME="txtURLEncode" VALUE="" SIZE="30">")<BR>

85. <BR>

86. </FORM>

87. </BODY>

88. </HTML>

show_server.asp


34

ASP Server Object


35

The CreateObject Method of the Server Object

Quot = Chr(34)

If Len(Request.Form("cmdCreate")) Then strObjectName = Request.Form("txtObjectName") On Error Resume Next 'Turn off default error handling Set objObject = Server.CreateObject(strObjectName) On Error Goto 0 If IsObject (objObject) Then Response.Write "<B>Results:</B><BR>Successfully created object of " _

& "<B>" & Quot & strObjectName & Quot & "</B><HR>" Else Response.Write "<B>Results:</B><BR>Failed to create object of " _

& "<B>" & Quot & strObjectName & Quot & "</B><HR>" End IfEnd If


36

Executing Other Pages

If Len(Request.Form("cmdExecute")) Then strPath = Request.Form("txtExecute") Response.Write "Currently executing the page: <B>" _ & Request.ServerVariables("SCRIPT_NAME") _ & "</B><BR>" Server.Execute (strPath) Response.Write "Currently executing the page: <B>" _ & Request.ServerVariables("SCRIPT_NAME") _ & "</B><BR><BR>"End If


37

Executing Other Pages

If Len(Request.Form("cmdTransfer")) Then strPath = Request.Form("txtTransfer") Response.Write "Currently executing the page: <B>" _ & Request.ServerVariables("SCRIPT_NAME") & "</B><BR>" Server.Transfer(strPath)End If

1. <%@ LANGUAGE=VBSCRIPT%>2. <HR>3. Currently executing the page: <B>Another_Page.asp</B><BR>4. However the value of

<B>Request.ServerVariables("SCRIPT_NAME")</B> is still<BR>5. <B><% =Request.ServerVariables("SCRIPT_NAME") %></B>6. because the <B>Request</B> collection hold</BR>7. the same values as they had in the page that executed this

one.<BR>

8. <FORM ACTION="<% = Request.ServerVariables("HTTP_REFERER") %>" METHOD="POST">

9. <INPUT TYPE="SUBMIT" NAME="cmdOK" VALUE="   ">

10. Return to the Previous Page<P>11. </FORM>12. <HR>

Another_Page.asp


38

Error Handling with the Server ObjectProperty Description

ASPCode Integer. The error number generated by ASP/IIS such as 0x800A0009.

ASPDescription String. A detailed description of the error if it is ASP-related.

Category String. The source of the error, i.e. internal to ASP, the scripting language, or an object.

Column Integer. The character position within the file that generated the error.

Description String. A short description of the error.

File String. The name of the file that was being processed when the error occurred.

Line Integer. The number of the line within the file that generated the error.

Number Integer. A standard COM error code.

Source Integer. The actual code, where available, of the line that caused the error.

Properties of the ASPError Object


39

Error Page Mapping in IIS

In Internet Services Manager, right click on the directory for which you want to edit mappings, and select Properties.


40

Error Page Mapping in IIS

In the Custom Errors page of the Properties dialog is a list of the default mapping set up when IIS is installed (unless, of course you’ve already changed any).

Near the bottom of the list an entry for HTTP error 500:100. These are the generic errors such as Invalid Application, Server Shutting Down, etc. However, the 500:100 error occurs specifically when ASP loads a page that contains a syntax error. The default mapping shown the page named 500-100.asp will be executed when such error occurs.


41

Specifying a Custom Error Page

Click the Edit Properties button in the Custom Errors page to open the Error Mapping Properties dialog.

Select URL in the message Type drop-down list, and type the full virtual path to your own custom error page.


42

Using the GetLastError Method and the ASPError Object1. <%2. Response.Status = "500 Internal Server Error"3. Set objASPError = Server.GetLastError()4. %>5. Currently executing the page: <B>show_error.asp</B><P>6. <B>Error Details:</B><BR>

7. ASPError.ASPCode = <% = objASPError.ASPCode %><BR>8. ASPError.Number = <% = objASPError.Number %><BR>9. (0x<% =Hex(objASPError.Number) %>)<BR>10. ASPError.Source = <% = Server.HTMLEncode(objASPError.Source) %><BR>11. ASPError.Category = <% = objASPError.Category %><BR>12. ASPError.File = <% = objASPError.File %><BR>13. ASPError.Line = <% = objASPError.Line %><BR>14. ASPError.Column = <% = objASPError.Column %><BR>15. ASPError.Description = <% = objASPError.Description %><BR>16. ASPError.ASPDescription = <% = objASPError.ASPDescription %><BR>

17. <FORM ACTION="<% = Request.ServerVariables("HTTP_REFERER") %>" METHOD="POST">18. <INPUT TYPE="SUBMIT" NAME="cmdOK" VALUE="   ">19. Return to the Previous Page<P>20. </FORM>

show_error.asp


43

Using the GetLastError Method and the ASPError Object

If Len(Request.Form("cmdGetLastError")) Then Dim arrThis(3) arrThis(4) = "Causes an error"End If


44

Getting Path Information with the Server ObjectIf Len(Request.Form("cmdMapPath")) Then strValue = Request.Form("txtMapPath") Response.Write "<B>Results:</B><BR>Server.MapPath(" & Quot & strValue _

& Quot & ") returned <B>" & Quot & Server.MapPath(strValue) _& Quot & "</B><HR>"

End If


45

The HTMLEncode Method of the Server ObjectIf Len(Request.Form("cmdHTMLEncode")) Then strValue = Request.Form("txtHTMLEncode") strResult = Server.HTMLEncode(strValue) strDisplay = Server.HTMLEncode(strResult) Response.Write "<B>Results:</B><BR>Server.HTMLEncode (" & Quot & strResult _

& Quot & ") returned<BR><B>" & Quot & strDisplay & Quot _& "</B><HR>"

End If


46

Formatting Data with the Server Object

CharacterHTML Entity Equivalent

CharacterHTML Entity Equivalent

< < > >

& & “ "

© © ® ®

Notice that the last of the example, the registered trademark symbol, is a numeric value preceded with the ‘#’ character, rather than a text abbreviation of the meaning (like copy for the copyright symbol).

All character with ANSI code value greater than 126 can be represented in HTML as the ANSI code of the character in decimal, prefixed with &# and suffixed with a semi-colon. So the ½ (one half) character has an entity equivalent of ½.


47

The URLEncode Method of the Server ObjectIf Len(Request.Form("cmdURLEncode")) Then strValue = Request.Form("txtURLEncode") Response.Write "<B>Results:</B><BR>Server.URLEncode (" & Quot & strValue _

& Quot & ") returned<BR><B>" & Quot & Server.URLEncode (strValue) & Quot _& "</B><HR>"

End If


48

Formatting Data for URLsCharacter HTTP/URL Replacement Character HTTP/URL Replacement

space + \ %5C

‘ %27 ] %5D

! %21 ^ %5E

# %23 ` %60

$ %24 { %7B

% %25 | %7C

& %26 } %7D

( %28 + %2B

) %29 < %3C

/ %2F = %3D

: %3A > %3E

; %3B Chr(10) ignored

[ %5B Chr(13) %0D

Documents

2004 Tau Yenny, SI - Binus M0194 Web-based Programming Lanjut Session 3