Interactive, dynamic web pages used to be complicated and difficult to develop--a process involving pages of confusing CGI scripts. Now, with Microsoft Active Server Pages and Internet Information Server, even a novice programmer can create professional-quality pages that will interact with the user. Active Server Pages are simply HTML pages with server-side scripts embedded into the code. The scripts can be written in either VBScript or JavaScript, but VBScript is the more widely-used and more easily supports the functionality of Active Server Pages. These scripts are extremely similar to the client-side scripts that have run within web browsers for many years, but server-side scripts are processed before the HTML page is sent to the web browser. Server-side scripts are never seen by the end user. No special software is required to write Active Server Pages--they can be written in any text editor, just like HTML files. The Active Server Pages architecture is based on five built-in objects: the Server object, the Application object, the Session object, the Request object, and the Response object. Each object performs a specific task and consists of its own properties and methods to implement it. Many of the properties are in the form of collections--data structures similar to arrays, which associate values with a unique key. The Server object is the main object in Active Server Pages and contains the basic properties and methods needed by a server-side script. The Server object includes the ScriptTimeout property, for setting the maximum time a script may run, and the CreateObject method, for creating instances of server components--ActiveX controls that add functionality to Active Server Pages. The Application and Session objects store data used by the scripts. Application objects are specific to the current virtual directory, while Session objects are specific to the current user. These objects also include onStart and onEnd event handlers, which can be used to handle any overhead initialization required by the Active Server Page. The Request object receives all information sent by the web browser when an Active Server Page is requested. This article focuses on the Request object, since it is the key to all interactions with the user. Finally, the Response object allows data, usually in HTML format, to be returned to the user from a server-side script. The Response object also includes properties and methods for setting the content type and header information sent to the web browser.
Requirements This article is intended for programmers and web developers with basic knowledge of VBScript or Visual Basic. A good introduction to Active Server Pages and VBScript can be found at the Microsoft Web Site. To use the examples contained in this article, you will also need a Windows NT Server with Internet Information Server 4 installed or Windows NT Workstation with Personal Web Server installed.		Microsoft ASP Tutorial
The Request Object Before an Active Server Page can return a dynamically generated web page, it must gather information about the user's request. This is handled by the Request object. The Request object can gather data from forms, the query string, cookies, and the security information contained in client certificates. The Request object consists of five collections: QueryString, Form, Cookies, ServerVariables, and ClientCertificate. The QueryString and Form Collections The first two collections in the Request object are the QueryString and Form collections. Both collections contain additional data that is passed along with the request, usually the results of forms. To understand the specifics of these collections, we must first look at the two methods these collections are based on--the GET and the POST methods. The GET method passes data in a query string--a string of text appended to the end of a URL. The query string is separated from the URL by a question mark, and different items within a query string are separated by ampersands. For example, the URL, http://www.my- domain.com/my- page.asp?name=Leo&page=home, would request the page, my-page.asp, from the web server with the domain name of my-domain.com. Along with the request, the two keys, name and page, would be sent along with their respective values, Leo and home. The QueryString collection stores information passed using the GET method. The second method, the POST method, also passes additional information with the request, but it is stored in the HTTP header, instead of appended to the URL. This is extremely important in cases involving passwords or secure information, so it is not visible in the requested URL. The disadvantage of the POST method is that it can only send information submitted by forms, and that information is lost after the request is sent. If the user wants to bookmark or reload a web page, all of the form data must be reentered. Data sent using the POST method is stored in the Form collection of the Request object. Since each method of sending data has its own benefits, two separate collections exist for storing their data. Both collections behave the same--therefore simply changing the name will allow a script to accept data from a different method. There are two methods for retrieving data from a collection. Since a collection is simply an object, these two methods will work for retrieving data from any collection. The first method passes the name of a specific key as a string and returns the value of that key. For example, the code, Request.QueryString("name"), will return the value of the name key as a string. If the URL mentioned above were used, the string returned would be "Leo." Sometimes, the script processing the data will not know the names of the keys used. In this case, a For Each loop must be used. The following sample demonstrates how to display all keys and their values in a collection, using a For Each loop:
Sample1.asp <%@ Language=VBScript %> <html> <head> <title>Sample1.asp - Displays all values passed with the GET method</title> </head> <body> <h3>Parsed query string:</h3> <% For Each Key in Request.QueryString %> Key=<%= Key %> Value=<%= Request.QueryString(Key) %> <br> <% Next %> </body> </html>		Try the Sample Download the Samples
The QueryString and Form collections can be used to retrieve form information for almost any purpose. One popular use is for an online quiz or survey. The following sample demonstrates how to create an online quiz using Active Server Pages:
Sample2a.asp <%@ Language=VBScript %> <html> <head> <title>Sample2a.asp - Sample online quiz </title> </head> <body> <h2>Online Quiz</h2><p> <form action="Sample2b.asp" method="post"> Enter your name: <input type="text" name="name"><p> Question 1: Which of the following is not one of the five built-in objects in Active Server Pages?<br> <input type="radio" name="q1" value="A"> A) Server<br> <input type="radio" name="q1" value="B"> B) Session<br> <input type="radio" name="q1" value="C"> C) Transaction<br> <input type="radio" name="q1" value="D"> D) Request<p> Question 2: Which of the following languages can be used in an ASP server-side script?<br> <input type="radio" name="q2" value="A"> A) C++<br> <input type="radio" name="q2" value="B"> B) VBScript<br> <input type="radio" name="q2" value="C"> C) COBOL<br> <input type="radio" name="q2" value="D"> D) None of the Above<p> Question 3: Which of the following is not a collection in the Request object?<br> <input type="radio" name="q3" value="A"> A) QueryString<br> <input type="radio" name="q3" value="B"> B) Transaction<br> <input type="radio" name="q3" value="C"> C) ServerVariables<br> <input type="radio" name="q3" value="D"> D) Cookies<p> Question 4: Which character separates the query string from the rest of the URL?<br> <input type="radio" name="q4" value="A"> A) :<br> <input type="radio" name="q4" value="B"> B) &amp;<br> <input type="radio" name="q4" value="C"> C) @<br> <input type="radio" name="q4" value="D"> D) ?<p> <input type="submit" value="Submit"> <input type="reset" value="Reset"> </form> </body> </html> Sample2b.asp <%@ Language=VBScript%> <% ' score quiz nCorrect = 0 ' reset score If (Request.Form("q1") = "C") Then _ nCorrect = nCorrect + 1 If (Request.Form("q2") = "B") Then _ nCorrect = nCorrect + 1 If (Request.Form("q3") = "B") Then _ nCorrect = nCorrect + 1 If (Request.Form("q4") = "D") Then _ nCorrect = nCorrect + 1 ' calculate score nPercent = nCorrect / 4 * 100 %> <html> <head> <title>Sample2b.asp - Sample online quiz </title> </head> <body> <%= Request.Form("name") %>, you got <%= nCorrect %> out of 4 correct. (<%= nPercent %>%)<p> The correct answers are:<br> 1) C<br> 2) B<br> 3) B<br> 4) D<br> </body> </html>		Try the Sample Download the Samples
The Cookies Collection The GET and POST methods will store data only temporarily. Once another page is loaded, this data is lost. Storing data for multiple pages and even multiple visits to a site require the use of cookies--special packets of data sent along with every request. Even after a visitor leaves a site, most browsers will store the site's cookies on the user's hard drive, so they will be available if the site is visited again. Some users prefer not to use cookies and even disable them in their web browser. Cookies are a critical part of the Active Server Pages architecture and are used to maintain session information. Scripts must consider this, and should check the cookies before assuming that they were sent with the request. If a null value is received, the script should use a default value--or if this behavior is not acceptable, the script should display a message to the user. Data is accessed from the Cookies collection the same way it is accessed from the Form and QueryString collections. The following code will read the value of the username cookie and write it to a string: strUsername = Request.Cookies("username") Many web sites use cookies to store common form information, so users will not have to reenter it every time they visit. This is an easy feature to add to the sample from the previous section. Simply insert the following line of code in Sample2a.asp: <form action="Sample2b.asp" method="post"> Enter your name: <input type="text" name="name" value="<%= Request.Cookies("name") %>"><p> Question 1: Which of the following is not one of the five built-in objects in Active Server Pages?<br> Before the sample will store the name field of the form between visits, you must first write the code to create the cookie. This is a little more complicated than reading the cookie, and it involves the Response object. While the Cookies collection in the Request object is used to read cookies, the Cookies collection in the Response object writes cookies. Cookies in the Response object also have four properties that control access to the cookie. The Expires property controls the length of time that the cookie will be stored. After the expiration date, the web browser will delete the information from the user's hard drive. A cookie can be set to exist for a specific length of time by using the Now function to get the current date and time, and then adding the length of time to that value. In VBScript DateTime values, adding one to the time would equal a day, 1/24th would equal an hour, and so on... The Domain and Path properties restrict which pages can access the cookie. If the Domain property is set to www.mydomain.com, only pages on that web server will receive the cookie. The Path property will further restrict access to the cookie, and only allow pages in a particular directory on the server to receive it. Remember that the web browser is extremely sensitive when it determines which cookies to send with the request. For instance, if a user visits the same server twice, once using the domain name and once using the IP address, the web browser will create two separate sets of cookies for the same site. The final property, the Secure property, is a boolean value that indicates whether Secure Sockets Layer (SSL) must be used to transmit the cookie. This value should be set to True if the cookie contains secure information such as passwords or ID numbers. We can use the Response object and the properties of the cookies to store the value of the name field when the form is processed. Add the following code to Sample2b.asp: <%@ Language=VBScript%> <% ' store the name field in a cookie for ' future use Response.Cookies("name") = _ Request.Form("name") Response.Cookies("name").Expires = _ Now() + 30 ' expires in 30 days ' score quiz nCorrect = 0 ' reset score The sample online quiz will now store users’ names between visits, even if the web browser is closed.		Try the Sample Download the Samples
The ServerVariables Collection The ServerVariables collection contains more than just information from the server--it also contains data from the HTTP request. This collection can be used for many purposes, such as getting information about the client for statistics. Table 1 - ServerVariables Keys Key Description ALL_HTTP Returns all Server-Side Variables AUTH_TYPE User authorization type DOCUMENT Filename of the current document DOCUMENT_URI Path to the current document HTTP_ACCEPT Lists all MIME types supported by the web browser HTTP_ACCEPT_LANGUAGE Lists all languages supported by the web browser HTTP_USER_AGENT Name and version of the client's web browser software HTTP_REFERER URL of the referring page REMOTE_ADDR IP address of the client REMOTE_HOST Hostname of the client REQUEST_METHOD Method used to request the page (GET or POST) SERVER_NAME Hostname or IP address requested by the client SERVER_PORT TCP/IP port which received the request SERVER_PORT_SECURE Boolean value indicating if the port is encrypted SERVER_PROTOCOL Name and version of the protocol SERVER_SOFTWARE Name and version of the web server software Another use of the ServerVariables collection is for managing multiple domain names with a single web site. For instance, if a company had two domain names, mycompany.com and myproduct.com, but only one web site, the SERVER_NAME key of the ServerVariables collection could be used to determine which domain name the user had requested, and send the user to the appropriate page of the web site. The following sample demonstrates how this is done: Sample3.asp <%@ Language=VBScript %> <% ' check domain name strDomain = LCase( _ Request.ServerVariables("SERVER_NAME")) If ( strDomain = "myproduct.com" Or _ strDomain = "www.myproduct.com" ) Then ' user has requested product page %><!-- #include file="product.asp" --><% Else ' user has requested main page %><!-- #include file="main.asp" --><% End If %> The ClientCertificate Collection Secure Sockets Layer (SSL) uses client certificates to identify users when sending secure information. The ClientCertificate collection provides access to this information. The following table lists the available keys: Table 2 - ClientCertificate Keys Key Description Certificate Returns the entire certificate Flags Information about the certificate issuer ValidFrom Date specifying when the certificate becomes valid ValidUntil Date specifying the expiration date of the certificate SerialNumber Hexadecimal serial number expressed as an ASCII string with bytes separated by hyphens Subject Information about the certificate owner Two keys, the Issuer and Subject keys, contain more than one piece of information. Simply requesting the key Issuer or Subject will retrieve all of this information. If you only want a particular sub-field of this information, append one of the identifiers in Table 3 to the key name. For example, to get the country of the certificate issuer, use the IssuerC key. Table 3 - Sub-field Identifiers for the Issuer and Subject Keys Key Description C Country O Company or organization name OU Organizational unit CN Common name (only for Subject key) L Locality S State or province T Title of the person or organization GN Given name I Initials BinaryRead and TotalBytes In addition to the five collections in the Request object, two other elements, the BinaryRead method and the TotalBytes property, allow access to the information in the HTTP request. Unlike the five collections, the BinaryRead method allows raw data to be read from the request. The TotalBytes property contains the length of the raw data. Conclusion Active Server Pages allow any web developer to create dynamic web pages in a fraction of the time required by traditional methods. The Request object is an essential part of Active Server Pages and is the object that allows interaction with the user. The Request object gathers information from the HTTP request, which contains form data, query strings, cookies, and security certificates. For more information on Active Server Pages and the Request object, refer to: Professional Active Server Pages 2.0 Published by Wrox Press - http://www.wrox.com/ ISBN: 1861001266

This article, written by Leo C. Singleton IV, originally appeared on-line on the Newtech Developers Journal in April, 1999. The article appears in its original, unmodified condition, however the samples have been modified to run on the present web server.