www.tamertolba.4t.com

Chapter 5

The Request Object

Often you want to get information about a user, for example, the type of browser the user is running.You might also want to get information from a user, for example, when the user submits information in forms. The ASP Request built-in object makes getting this information easy. The Request object gives you access to any information that is passed with an HTTP request. This includes:

1- A standard set of information included in the server variable set.

2-A set of parameters passed with the POST method.

3-A set of query parameters attached to the GET method.

4-Cookies that are passed from a browser. Cookies allow a set of information to

be associated with a user.

5-Client Certificates.

The Request object has five associated collections:

QueryString

Form

ServerVariables

ClientCertificate

First we must know more about collections :

Collections:

Collections are objects that represent a set of objects. All collections have predefined methods and properties.

A collection object has an Item method, a Count property, and a _NewEnum method. A collection can also create objects of the collection type. In other words, if a particular object can be grouped in a set, that object will have a collection object that can create an instance of an object within the set. For example, a Drives collection object will contain a set of drives that can represent all the drives on a particular computer.

The Count property returns a LONG value that specifies how many objects are in the collection. By passing a LONG value -- that is between one and the value returned by the Count property -- to the Item method, the collection method will return the object in the set that is associated with that position. Accessing an item in an array works similarly.

The _NewEnum method enables a programmer to iterate through the collection in a For…Next statement. The following example shows _NewEnum in action:

For Each Object in Collection

...

Next Object

Note that the _NewEnum method is not referenced within the syntax of the statement in the Example. This is because the _NewEnum method has a special index that is used for the For…Next statement. In fact, all methods and properties in a COM object are indexed and certain indexes are used for particular tasks. For example, the zero index is used for the default method or property.

Syntax :

You can use the following general syntax to access the information in the Request object:

Request.CollectionName(variable)

Where CollectionName can be QueryString, Form, Cookies, ServerVariables, or ClientCertificate, and variable is the name of the variable in the collection that you want to access.

You can use the following general syntax to access variables in the Request object without including the collection name:

Request(variablename)

The collections are searched in this order: QueryString, Form, Cookies, ServerVariables,

ClientCertificate. The first variable that matches variablename is returned.

Note If an HTML page might have more than one variable with the same name, make sure you include the collection name between Request and the variable name

5.1- QueryString:

The QUERYSTRING collection is used to get the values of any parameters that were sent to the ASP file by the GET method. Though you could use the QUERY_STRING server variable to process QUERY_STRING information from a user request, ASP provides the QueryString collection to make this information readily accessible. If the form method is GET, the QueryString collection contains all the information passed in the form. The QueryString collection also contains all the information passed as a parameter after the question mark in the URL. For example, when a user sends the following URL request, the Request.QueryString collection would contain two values: name and age.

The following script uses the Request object to access these values.

Welcome, <%= Request.QueryString("name") %>.

Your age is <%= Request.QueryString("age") %>.

In this case, the following text would be sent back to the user:

Welcome, Ahmed Mohammed. Your age is 30.

The QueryString collection also automatically handles the case of multiple variables with the same name.(Like the case of a multiple select combo) When parsing a query string such as name= Ahmed &name= Mohammed &name= Elmasry, for example, ASP creates a new collection called name that in turn contains three values: Ahmed, Mohammed, and Elmasry. Each of these values is indexed by an integer, with the following results:

Request.QueryString("name")(1) = Ahmed

Request.QueryString("name")(2) = Mohammed

Request.QueryString("name")(3) = Elmasry

A collection created in this manner supports the Count property. The Count property describes how many items a collection contains. In this example, the value of Request.QueryString("name") is 3 , because there are three separate values stored in the name collection.

If you were to use the Response.QueryString method to gain access to the variable name, the output would become a comma-delimited string. In the above example, the value of Request.QueryString("name") would be "Andrew, Aaron, Eric".

5.2- Forms :

An HTML form is the most frequently used for getting information from a Web user. A form’s text boxes, option buttons, and check boxes, displayed on an HTML page in a browser, provide the user an easy way of submitting information. When the user clicks the Submit button, the browser sends the collected information to the Web server.

Request.Form(parameter)[(index)|.Count]

The parameter parameter specifies the name of the form element from which the collection is to retrieve values.

The index parameter is an optional parameter that enables you to access one of multiple values for a parameter. It can be any integer in the range 1 to

Request.Form(parameter).Count.

The Form collection is indexed by the names of the parameters in the request

body. The value of Request.Form(parameter) is an array of all of the values of

parameter that occur in the request body. You can determine the number of

values of a parameter by calling Request.Form(parameter).Count. If a

parameter does not have multiple values associated with it, the count is 1. If the

parameter is not bound, the count is 0.

To reference a single value of a form element that has multiple values, you must specify a value for index. The index parameter may be any number between 1 and Request.Form(parameter).Count. If you reference one of multiple form parameters without specifying a value for index, the data is returned as a comma-delimited string.

When you use parameters with Request.Form, the Web server parses the

HTTP request body and returns the specified data. If your application requires

unparsed data from the form, you can access it by calling Request.Form

without any parameters.

You can use .asp files to collect or process HTML form values in three ways:

1-A static .htm file can contain a form that posts its values to an .asp file.

2-An .asp file can create a form that posts information to another .asp file.

3-An .asp file can create a form that posts information to itself, that is, to the .asp file that contains the form.

The first two methods operate in the same way as forms that interact with other gateway programs,except that, with ASP, you can include commands that read and respond to user choices.Creating an .asp file that contains a form definition that posts information to itself is a slightly more complicated but very powerful means of working with forms.

The Form collection contains all the values that a user entered in a form submitted with the POST method. For example, when the user fills in and submits the following form:

<p>Your first name: <input name="firstname" size=48>

<p>What is your favorite ice cream flavor: <select name="flavor">

<option>Vanilla <option>Strawberry <option>Chocolate <option>Rocky Road

</select>

</form>

The following request is sent:

firstname=Ahmed&flavor=Rocky+Road

and the following script is returned by a results page (such as submit.asp):

Welcome, <%= Request.Form("firstname") %>.

Your favorite flavor is <%= Request.Form("flavor") %>.

The Form collection treats multiple parameters with the same name in the same way that the QueryString collection does.

Very often you must determine what to do next based on user input. This is one of the roles of the IF statement. As an example first we will make a form that will ask a user for their first name, last name and salary.

</head><body bgcolor="#FFFFFF">

Your First Name<INPUT NAME="FirstName" MaxLength=20><p>

Your Last Name<INPUT NAME="LastName" MaxLength=20><p>

Your Salary <INPUT NAME="Salary" MaxLength=7><p>

</form></body></html>

This example shows how IF can deal with ranges but this example illustrates the critical factor of ordering. If you were to re-arrange

these IFs they would not accurately report your salary grade.

<TITLE>if4respond.asp</TITLE>

</head><body bgcolor="#FFFFFF">

<%fname=request.form("Firstname")

lname=request. form ("Lastname")

salary=request. form ("Salary")

response.write "Nice to Meet You " & fname & " " & lname & "<p>"

if salary>80000 then

salarygrade=4

end if

if salary <=80000 then

salarygrade=3

end if

If salary <=60000 then

salarygrade=2

end if

if salary <=40000 then

salarygrade=1

end if

response.write ("Your Salary is $" & salary)

response.write (", your Grade is " & salarygrade & ".<p>")

</body></html>

Using IF-THEN can be cumbersome, prone to programmer errors and slower to execute. A more efficient construct is SELECT CASE. It is optimized for testing one variable against many conditions.

An ASP file posting information to itself ( The third method) :

With ASP, you have the flexibility to define a form in an .asp file that posts its input values back to itself; that is, a form that posts values back to the .asp file that contains the form. When a user fills in and submits form values, you can use the Request object to read these values. If you receive an invalid value, you can send a message back to the user, pointing out the problem and asking for a different value.

If the page that you send to the user contains only a message, the user must return to the page that contains the form. You can save the user this step by sending your message and defining the form again.

If you post form input messages to the same file that originally defined the form, however, you can send informational messages along with the content of the form; thus, you need only define the form once.

For example, suppose you define a form that allows a user to submit an email address, and you want to verify that the information a user submits is valid according to your criteria. If the value does not contain @, it is probably incomplete. The following script checks for this. This script is the source of the form, and it includes an error message if appropriate.

<HTML>

<BODY>

If IsEmpty(Request("Email")) Then

Msg = "Please enter your email address."

ElseIf InStr(Request("Email"), "@") = 0 Then

Msg = "Please enter an email address" & _

" in the form username@location."

Else

Msg = "This script could process the " & _

"valid Email address now."

End If

<PRE>

Email: <INPUT TYPE="TEXT" NAME="Email" SIZE=30

VALUE="<%= Request("Email") %>">

<%= Msg %> <P>

</PRE>

</FORM>

</BODY>

</HTML>

5.3- Cookies:

This section will be discussed in details in a latter chapter

5. 4-ServerVariables:

The ServerVariables collection provides information from the HTTP headers that are passed along with a user’s request as well as certain Web server environment variables. You can use this informaton to provide customized responses to users.

Request.ServerVariables (variable)

This script accesses the SERVER_PORT server variable defined by the Common Gateway Interface (CGI) standard:

This HTTP request was received on TCP/IP port

<%= Request("SERVER_PORT") %>.

The following script, which provides content based on the user’s language, accesses the HTTP_ACCEPT_LANGUAGE HTTP header variable:

<% language = Request.ServerVariables("HTTP_ACCEPT_LANGUAGE") %>

The available Server Variables vary based on the result of a combination of the browser software and the server software. They are not always exactly the same on your server and with specific browsers . There is an easy way to obtain a list.

If the script is executed on a given browser, the Server Variables displayed will reflect that browser plus your server.This script may prove useful as it will list all the available server variables (skipping the variables ALL_HTTP and ALL-RAW since they are just a "glob" of all the other vars, and placing blank variables at the end) in the conversation between your browser and our server:

<TITLE>server.asp</TITLE></head>

Response.Write("<P><B>Server Variables</b><br>")

BlankVars="<P><B>Blank Server Variables</b><br>" & vbcrlf

For Each Key in Request.ServerVariables

If instr(Key,"_ALL")+instr(key,"ALL_")=0 then

tempvalue=trim(request.servervariables(Key))

If len(tempvalue)=0 then

BlankVars=BlankVars & Key & ", "

Else

response.write Key & " => <B>" & tempvalue & "</b><br>" & vbcrlf

End If

end if

response.write mid(BlankVars,1,len(BlankVars)-2)

</body></html>

5. 5- ClientCertificates:

Certificates are digital documents that uniquely identify an object,whether that is an individual, a company, or a specific Web server. Each certificate is issued by some signing authority contains a series of fields used to identify the object attached to the certificate. The fields in a particular certificate can vary, but usually include standard information such as Name, Country, Organization, and so forth. Client Certificates refer to the use of these certificates by visitors to a secure Web site as a means of identification. If certain options are selected for the virtual directory being browsed, the server will request a certificate from the client for identification. If a certificate is provided, your pages may use the Client Certificate collection to query the values contained within the document. This provides your pages with a way to determine the client's name or other identifying information, in order to control access to secure information.