Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

VBScript/ASP Classic

I have a couple of questions regarding VBScript and ASP Classic:

  1. What is the preferred way to access an MS SQL Server database in VBScript/ASP?

  2. What are best practices in regards to separating model from view from controller?

  3. Any other things I should know about either VBScript or ASP?

If you haven't noticed, I'm new at VBScript coding. I realize numbers 2 & 3 are kind of giant "black hole" questions that are overly general, so don't think that I'm expecting to learn everything there is to know about those two questions from here.

like image 285
Jason Baker Avatar asked Aug 25 '08 14:08

Jason Baker


2 Answers

I had to walk away from my PC when I saw the first answer, and am still distressed that it has been approved by so many people. It's an appalling example of the very worst kind of ASP code, the kind that would ensure your site is SQL-injectable and, if you continue using this code across the site, hackable within an inch of its life.

This is NOT the kind of code you should be giving to someone new to ASP coding as they will think it is the professional way of coding in the language!

  1. NEVER reveal a connection string in your code as it contains the username and password to your database. Use a UDL file instead, or at the very least a constant that can be declared elsewhere and used across the site.

  2. There is no longer any good excuse for using inline SQL for any operation in a web environment. Use a stored procedure -- the security benefits cannot be stressed enough. If you really can't do that then look at inline parameters as a second-best option... Inline SQL will leave your site wide open to SQL injection, malware injection and the rest.

  3. Late declaration of variables can lead to sloppy coding. Use "option explicit" and declare variables at the top of the function. This is best practice rather than a real WTF, but it's best to start as you mean to go on.

  4. No hints to the database as to what type of connection this is -- is it for reading only, or will the user be updating records? The connection can be optimised and the database can handle locking very efficiently if effectively told what to expect.

  5. The database connection is not closed after use, and the recordset object isn't fully destroyed.

ASP is still a strong language, despite many folks suggesting moving to .NET -- with good coding practices an ASP site can be written that is easy to maintain, scaleable and fast, but you HAVE to make sure you use every method available to make your code efficient, you HAVE to maintain good coding practices and a little forethought. A good editor will help too, my preference being for PrimalScript which I find more helpful to an ASP coder than any of the latest MS products which seem to be very .NET-centric.

Also, where is a "MEMO" field from? Is this Access nomenclature, or maybe MySQL? I ask as such fields have been called TEXT or NTEXT fields in MS-SQL for a decade.

like image 108
Cirieno Avatar answered Nov 04 '22 02:11

Cirieno


Remember to program into the language rather than program in it. Just because you're using a limited tool set doesn't mean you have to program like it's 1999.

I agree with JasonS about classes. It's true you can't do things like inheritance but you can easily fake it

Class Dog
    Private Parent

    Private Sub Class_Initialize()
        Set Parent = New Animal
    End Sub

    Public Function Walk()
        Walk = Parent.Walk
    End Function

    Public Function Bark()
        Response.Write("Woof! Woof!")
    End Function
End Class

In my projects an ASP page will have the following: INC-APP-CommonIncludes.asp - This includes stuff like my general libraries (Database Access, file functions, etc) and sets up security and includes any configuration files (like connection strings, directory locations, etc) and common classes (User, Permission, etc) and is included in every page.

Modules/ModuleName/page.vb.asp - Kind of like a code behind page. Includes page specific BO, BLL and DAL classes and sets up the data required for the page/receives submitted form data, etc

Modules/ModuleName/Display/INC-DIS-Page.asp - Displays the data set up in page.vb.asp.

like image 33
jammus Avatar answered Nov 04 '22 00:11

jammus