Category: ASP / VBScript Dev Tools

These are the tools for working with classic ASP / VBScript

Gathering form variables with asp, trim white space from them, replace sql special characters, Removing Harmful Characters from User Input.

Here is a quick way to display the form elements, best for debugging. While this is a very easy way to get all of the elements displayed, they will not be in the order you might expect.

For each x in Request.Form
Response.Write(“<span class=’highlight’>” & x & “</span> = <span class=’myspan’>” & Request.Form(x) & “</span><br />”)
next

This next way first will check if the form has been submitted, and then  preserves the original order of the form elements, and is best for coding the form elements into variables or displaying them

If request.form <> “” Then

for x = 1 to Request.Form.count()
Response.Write(Request.Form.key(x) & ” = “)
Response.Write(Request.Form.item(x) & “<br>”)
next

End If

 

 

What if you are getting errors when trying to use a varaible that was submitted. There is a good chance that there is whitespace before or after the var. In classic asp you can just use the Trim()

myvar=” ddenney@hotmail.com   ” <– those pesky white spaces at the end will mess up the  sendEmail function.

MycleanVar=Trim(myvar)  — MyCleanVar should now pass through the send email function with out any problems..(assuming you have validated the address).

What if the user has entered their data in “quotes”. Suppose Dan “the man” Rodriques wants to register for sports. The quotes around the name could mess up the sql server insert statement.  We just escape the characters with script.

FUNCTION remChars(inString)
tempString = Replace(inString,"""","""""")
tempString = Replace(tempString,"'","''")
remChars = tempString
END FUNCTION

 

Counting Form Submit Variables and using them if they exist.

Now I need to count how many variables received for additional transcripts. They will be passed to me using the following pattern… Other Transcripts1, Other Transcripts2, Other Transcripts3, Other Transcripts4, etc.

After some pondering, I have decided to use a While loop…

amount = 1
While Request.Form("Other Transcripts" & amount) <> "" 
       Response.Write("We have other transcripts (" & amount & "), lets put it into the table." & otherSQL)
       amount = amount + 1
Wend

This will continue to loop through the variables until it finds them empty.

 

 

Removing Harmful Characters from User Input

To protect against vulnerabilities such as script injection and cross-site scripting, user input can be verified and rejected, or an application can simply remove harmful characters and continue processing. This is a summary from the microsoft article

The regular expression, [^A-Za-z0-9_ ], matches any character that is not any of the following:

  • An alphabetic character
  • A number
  • An underscore (_)
  • A space

 

 function RemoveBadCharacters(strTemp) { strTemp = strTemp.replace(/[^A-Za-z0-9_ ]/g,""); return strTemp; }

Dynamic arrays and array techniques with vbscript classic asp

The standard vbscript array is created as so…

Dim degrees(4)
degrees(0) = “Associate in Applied Science Transfer”
degrees(1) = “Associate in Arts, University and College Transfer”
degrees(2) = “Associate in Arts, General Studies”
degrees(3) = “Associate in Science”
degrees(4) = “Associate in Technical Arts”

 

These arrays are not dynamic and need some work to add data to them. You can also create arrays by splitting strings as seen in my post about asp string manipulation techniques.

 

count = 23 ‘ set from database pull

Dim myarray()
ReDim Preserve myarray(count)

For x = 1 to count
myarray(x) =  mydynamicitemhere

Next

 

 

Dump the contents of an array to the screen for debug:

For Each item In myFixedArray
	Response.Write(item & "<br />")
Next

A two dimensional array would be achieved as so…

Dim listofslides()

ReDim preserve listofslides(4,4) ‘ sequence, filename, description, enabled
listofslides(0,0)=1
listofslides(0,1)=”image1.jpg”
listofslides(0,2)=”Description of image 1″
listofslides(0,3)=1

 

 

But if you are getting the array from an information storage system, then its super easy.

sub grabdata
        SQL_query = "SELECT * FROM MSAccess_table"
        Set rsData = conn.Execute(SQL_query)
        If Not rsData.EOF Then aData = rsData.GetRows()         
    end sub

and you use the array like this


If IsArray(aData) Then
    For x = lBound(aData,2) to uBound(aData,2) 'loops through the rows
        Col1 = aData(0,x)
        Col2 = aData(1,x)
        Col3 = aData(2,x)
        Response.Write "Row #" & x+1 & "
"
        Response.Write "This is the data in Column1: " & Col1 & "
"
        Response.Write "This is the data in Column2: " & Col2 & "
"
        Response.Write "This is the data in Column3: " & Col3 & "
"
    Next
End If

ASP and VBSCRIPT string manipulation techniques

To compare two strings that should be identical match:

mystringa=”deedubs”
mystringb=”Dee Dubs”

TestComp = StrComp(mystringa, mystringb)

If TestComp <> 0 Then
Response.Write("The strings don't match")
End If

 

ASP Classic and VBScript tips, tuts links and snips  This seems to be a sick way to code arrays in asp from a string
Here is a vbscript reference pdf.

Are you trying to break a string up into smaller pieces? ASP provides an easy to use split function which lets you dice and slice a string.

Let’s say you take in a sentence and want to put each word into a different variable. So you take in

NameStr = “Mr. John Smith”

Set up the array to hold the results with

Dim WordArray

then do the split, using a space as the split indicator

WordArray = Split(NameStr, ” “)

Now WordArray(0) is equal to “Mr.”, WordArray(1) is equal to “John” and WordArray(2) is equal to “Smith”! You can use various array functions and other string functions to work with these results.

ASP String Functions

 

Best practices  Redirect a user to a location.

While I could response.write a javascript relocation, this is not best practice for security and performance, we would want to execute this code on the server side, so that it can’t be manipulated in any way by a malicious user.

<script>document.location=”myfile.asp”</script> — this is handled on the client machine after they have recieved the page. This could be messed with by a hacker, and I am not even going to give you any reasons why or how.

newUri = “http://www.mysite.com/myspecialpage.html”

 Response.Redirect(newUri)

The only drawback is that this can’t be used after any content has been written to the page. Here is a great article from microsoft about the variables and how to use them.

 

Check if a string has letters in it.

A basic validation to see if a string doesnt have letters in it:

Set re =New RegExp
re.Pattern ="[a-z]"
re.IgnoreCase =True
re.Global =True
hasMatches = re.Test("12345abc")
If hasMatches =True
'it has letters in it.
End If