Several common mistakes made by ASP beginners

Recommended: asp instance: Testing WEB server
The following is the quoted content: <HTML><HEAD><TITLE>Test the WEB server</TITLE></HEAD><BODY><Script l

1. Open again before the record set is closed:

------------------------------------

sql=select * from test

rs.open sql,conn,1,1

if not rs.eof then

dim myName

myName=rs(name)

end if

sql=select * from myBook

rs.open sql,conn,1,1

-------------------------------------

Solution: Close rs.close before the second rs.open

or

set rs1=server.createobject

rs1.open sql,conn,1,1

2. Use SQL keywords to make table names or field names

-------------------------------------

sql=select * from user

rs.open sql,conn,1,1

-------------------------------------

User is SQL keyword

Solution: Change to

sql=select * from [user]

3. Use locking to update

-------------------------------------

sql=select * from [user]

rs.open sql,conn,1,1

rs.addnew

or

rs(userName)=aa

rs.update

-------------------------------------

The current record set is open to read-only

solve:

Change to

rs.open sql,conn,1,3

4. The comparison field value used in the query statement does not match the field type

-----------------------------------------

sql=select * from [user] where id='; & myID & ';

rs.open sql,conn,1,1

-----------------------------------------

Assuming that the design ID in the table is numeric, then an error occurs sometimes.

solve:

sql=select * from [user] where id= & myID

5. An error occurred without checking the variable value

-----------------------------------------

sql=select * from [user] where id= & myID

rs.open sql,conn,1,1

-----------------------------------------

Assuming that the value of myID variable is null at this time, then SQL will become

sql=select * from [user] where id=

solve:

Add in front

if isnull(myID) then error message

6. An error occurred without checking the variable value type

-----------------------------------------

sql=select * from [user] where id= & myID

rs.open sql,conn,1,1

-----------------------------------------

Assume that id is numeric, the value of myID variable is not null at this time, but is a character. For example, myID is aa at this time.

Then sql will become

sql=select * from [user] where id=aa

solve:

Add in front

if isnumeric(myID)=false then error message

This can also effectively prevent SQL injection vulnerability attacks.

7. Cannot be updated due to NTFS permissions in the directory where the database file is located. A database or object is read-only error.

illustrate:

The WIN2K system continues the NTFS permissions of the WINNT system.

There are default security settings for folders in the system.

The default user of the system when accessing WWW via HTTP is the iusr_computer name user, which belongs to the guest group.

When accessed via HTTP, you can modify the data by ASP or JSP, or PHP or .NET programs:

for example:

When opening a certain article, the program sets the number of reads of the article = original number of reads 1

implement

conn.execute(update arts set clicks=clicks 1 where id=n)

When a statement is made, an error occurs if the iusr_computer name user does not have write permissions to the database.

Solution:

Find the directory where the database is located

Right click "Properties" Security tab" Set the write permissions of iusr_computer name user (of course, it can also be everyone)

Share: Eight Asp Coding Optimization Tips
ASP (Active Server Page) is a dynamic web page development technology based on the PWS (Personal Web Server) & IIS (Internet Information Server) platform launched by Microsoft, and is now becoming increasingly popular.