IDevResource.com - ASP Articles: ASP in a Nutshell : A Desktop Quick Reference , Chapter 6, Request Object, page 2

The Developer's Resource & Community Site

COM	XML	ASP	Java & Misc.	NEW: VS.NET
International	This Week	Forums	Author Central	Find a Job

ASP in a Nutshell (Chapter 6) : The Request Object, page 2
Author: A. Keyton Weissinger
Reproduced with kind permision of O'Reilly & Associates: www.oreilly.com

You can add a "subkey" to some of the Key values to retrieve an individual subfield from either the Issuer or Subject key lists. For example, if you wanted to obtain the country of origin subkey value from the Issuer key list, you would retrieve the value:


Request.ClientCertificate("IssuerC")

If you wanted to retrieve the locality subkey value from the Subject key list, you would retrieve its value using the syntax:


Request.ClientCertificate("SubjectL")

You also can retrieve a value from a specific subkey, including those not listed here, from the Certificate key string value using the subkey's ASN.1 identifier. An ASN.1 identifier is a list of numbers separated by a period, similar in appearance to an IP address, but not limited to 0 through 255. For example: 3.56.7886.34.

The available subkeys are as follows:

The country of origin for the Subject or Issuer.

The common name of the Subject key. Note this subkey is not defined for the Issuer key.

The given name of the Subject or Issuer.

The initials of the Subject or Issuer.

The locality of the Subject or Issuer.

The organization or company name of the Subject or Issuer.

The name of the specific organizational unit within an organization or company for a Subject or Issuer.

The state (or province) of the Subject or Issuer.

The title of the Subject or Issuer.

Example:


<% 
 
' The following code retrieves the country of origin
' for the client's certificate issuer.
strCertIssuerCountry = Request.ClientCertificate("IssuerC")
 
%>
 
<!-- #include file="cervbs.inc" -->
 
<%
' The next example code determines whether the
' issuer is recognized by using the flags key.
If Request.ClientCertificate("Flags") _
   and ceUnrecognizedIssuer Then
%>
   Your identification is in question because your issuer 
   is not recognized.
<%
Else
%>
   Welcome to our site.
<%
End If
 
' Finally the following code iterates through the 
' ClientCertificate collection and writes the key-key 
' value pairs to the response buffer.
For Each key In Request.ClientCertificate
   Response.Write "The " & key & " key contains the value "
   Response.Write Request.ClientCertificate(key) & "<BR>"
Next 
 
%>

Notes

Before you can retrieve information from a client's digital certificate, you must ensure that the client's web browser uses the SSL3.0/PCT1 protocol in its requests to your site. The simplest way to do this is to attempt to retrieve an element from the ClientCertificate collection.

You also must ensure that you have set up your IIS web server to request client certificates.

If the client sends no digital certificate, any key you attempt to retrieve from the ClientCertificate collection will be empty.

The ITU Recommendation X.509 is just that--a recommendation. It has not been recognized as an official standard. For this reason, various companies' certificates may function slightly differently or may not contain all the fields you are attempting to retrieve. To ensure you are properly identifying your clients, it is wise to do some experimentation with the ClientCertificate collection before relying on it.

Cookies

Request.Cookies

Before discussing the Cookies collection, we'll briefly introduce/review the concept of HTTP cookies. This will be only a brief overview. For more information, visit either the Netscape Preliminary Specification at www.netscape.com/newsref/std/cookie_spec.html , or visit Cookie Central, a clearinghouse of all cookie-related information. I can specifically recommend www.cookiecentral.com/unofficial_cookie_faq.htm.

The problem with a stateless protocol like HTTP is that it forces both the server and client to do a great deal of repetitive work. For example, with a truly stateless protocol, the web server would have to ask you who you are every single time you navigate to a page on the site--even if you navigate to this new page from another page within the same site. Likewise, your interaction would be limited to what you can enter and save on one page of information, because without some way of storing the data from one page, a second page has no way of getting to that data.

Netscape Communications Corp. foresaw this problem early on and devised a method by which small pieces of information could be stored by the web server on the web client's machine. This information would, in turn, be sent to the server each time the client requested a page from the same area from which she received the information. That little bit of information is at the root of Netscape's Persistent Client State Mechanism or "cookies," as they are known. (It's interesting to note that, according to the Netscape preliminary specification, this state object was called a cookie "for no compelling reason.")

Through the use of cookies, web servers can store information on the client machine in a safe, easy-to-retrieve fashion that make almost all e-commerce possible. Web sites can now keep track of who you are, when you last visited, and what type of books you like, for example.

Cookies are very simple. They are sent to the client using a Set-Cookie HTTP response header in the following format (note that the Set-Cookie header should all be on one line):


Set-Cookie: NAME=VALUE; expires=DATE; domain=DOMAIN_NAME; 
path=PATH; secure

The syntax breaks down as follows:

NAME=VALUE: The name/value pair of the specific cookie the web server wishes saved on the client machine. The value can contain any character but white space, commas, or semicolons. This part of the cookie is mandatory.
expires: Holds a date after which the browser can dispose of the cookie. If no expires attribute is given, this defaults to the end of the current HTTP session. The format of the expires date is the following:; Note that only Greenwich mean times are allowed.
domain: Each time the user navigates to a specific URL, the domain attributes of all the cookies on the user's machine are compared against the domain of the URL. If the domain attribute of any cookie on the user's machine matches the "tail" of the URL domain (the last two segments of the full domain name), then that cookie is sent as a Request header (more on this later) to that URL. A domain must have at least two periods in its name to set the domain attribute of a cookie sent to the client. For example, www.microsoft.com can send cookies to your machine (and does), but mydomain.com cannot. The actual value of the Microsoft-related cookie domain attribute would be Microsoft.com.; This cookie would thus be sent to any URL ending with Microsoft.com, including www.microsoft.com, home.microsoft.com. Likewise, only pages within this domain can set cookies with this domain attribute. For example, www.microsoft.com can send cookies with a domain of Microsoft.com, but www.oreilly.com cannot.; If no domain attribute is included in the cookie sent to the client browser, the default is the domain name of the sender of the cookie. This is an optional parameter.
path: The subset of URLs within the domain defined by the cookie's domain attribute. Its value determines whether the cookie is sent back to the server. If no path attribute is sent, the default is the path of the document the browser is viewing. For example, cookies from www.oreilly.com/newtitles/upcoming.asp without a path attribute set would default to /newtitles/. The browser will send cookies from this page only to those pages in this path. The most general path for a domain is "/". This is an optional attribute.; This discussion of path brings up a sometimes confusing point. Does the browser's machine store one cookie for each page in a path or does it only store a single cookie that is used repeatedly? The answer is that the browser stores a cookie for each individual cookie value. There is no single cookie that contains those cookie values for the current page. Each cookie value has its own entry.
secure: When present for a cookie, instructs the browser to send this cookie only to pages within the path specified in the path property if the server and browser are communicating over a secure channel (HTTPS, for example).



If the user navigates to a URL for which a cookie is present on the local machine, the browser will send a Request header in the following format:

Cookie:Name1=Value1;Name2=Value2;...NameX=ValueX;


where:

NameX
Is the name of a cookie for that URL.
ValueX
Is the value of the corresponding cookie with the name NameX. This value must be a string with no spaces, semicolons, or commas.


An example will help to make this clearer. Suppose a client navigates to a URL and his browser receives the following HTTP response headers:

Set-Cookie: userid=a.keyton.weissinger; domain=yourbooks.com;
path=/; expires=Thursday, 10-Nov-1999 23:59:59
 
Set-Cookie: usersel=aspbooks; domain=yourbooks.com;
path=/sales/; expires=Monday, 01-Jan-2010 23:59:59

Between now and 10 November 1999 at 11:59 P.M., the first cookie will be sent to the web server any time the client navigates to any page within any domain whose last two segments are yourbooks.com. The HTTP request header will resemble the following:

Cookie: userid=a.keyton.weissinger


Between now and 1 January 2010 at 11:59 P.M., the second cookie will be sent to any page in the yourbooks.com domain whose path is /sales/something. For example, the following cookie request header:

Cookie: usersel=aspbooks


would be sent to www.yourbooks.com/sales/default.asp or to www.yourbooks.com/sales/final/asp, or even to www.yourbooks.com/sales/checkout/default.asp.

Finally, if both sets of criteria (for both cookies userid and usersel) are met, the following cookie header will be sent by the user browser:

Cookie: userid=a.keyton.weissinger; usersel=aspbooks


There are several other details about cookies that you should be aware of if you plan to make extensive use of them. See either of the preceding references for more information. With this brief overview concluded, we'll now move on to the Cookies collection of the Request object.

The Cookies collection of the Request object enables your ASP application to retrieve the values of cookies and cookie dictionary items from the client's HTTP request body.

The Cookies collection, like the other ASP collections, has the following properties:

Item
Represents the value of a specific cookie in the collection. To specify a cookie, you can use an index number or a key. 
Key
Represents the name of a specific element in the Cookies collection. Just as each element's value is represented by the Item property, each element's name is represented by its Key property. 
If you do not know the name of a specific key, you can obtain it using its ordinal reference. For example, assume that you want to learn the key name for the third element in the collection and, subsequently, that element's value. You could use the following code:
strKeyName = Request.Cookies.Key(3)
strKeyValue = Request.Cookies.Item(strKeyName)
If, on the other hand, you know that the third element's key name is "STATE," you could simply use the following code to retrieve the value of that element:
strKeyValue = Request.Cookies.Item("STATE")
Count
Represents the number of elements in the collection.


As with other ASP collections, you can retrieve the value of any field of the Cookies collection through the use of the Item property. Note that in the examples and explanations given here, the syntax has been abbreviated so that it does not explicitly show the use of the Item property. For example:

strLastSearch = Request.Cookies("LastSearch")


is only an abbreviated form of:

strLastSearch = Request.Cookies.Item("LastSearch")


In addition to storing simple values, a cookie in the Cookies collection can represent a cookie dictionary. A dictionary is a construct that is similar to an associative array in that each element of the array is identifiable by its name.

However, it is important to note that although a cookie can contain a cookie dictionary, it cannot contain more complex data types, such as objects.

To determine the value of a specific value within a cookie dictionary, you must use a SubKey. For example, suppose a specific cookie represents the five colors chosen by a user on a web page. The cookie itself is called Colors and the subkeys have the following names: color1, color2, . . . color5. To determine the value residing in color3, you would use code resembling the following:

strColor3 = Request.Cookies("Colors")("color3")


To determine whether a specific cookie has subkeys, you must use the HasKeys property of that specific cookie, as in the following:

blnHasKeys = Request.Cookies("Colors").HasKeys
If blnHasKeys Then
   strColor3 = Request.Cookies("Colors")("color3")
End If


Example

<% 
' The following code iterates through the Cookies collection.
' If a given cookie represents a cookie dictionary, then
' a second, internal for...each construct iterates through
' it retrieving the value of each subkey in the dictionary.
Dim strCookie
Dim strSubKey
 
Dim str3rdCookieValue
Dim strCompanyCookieValue
 
For Each strCookie In Request.Cookies
   If Request.Cookies(strCookie).HasKeys Then
 
      ' The cookie is a dictionary. Iterate through it.
%>
      The cookie dictionary <%=strCookie%> has the
      following values:
<%
      For Each strSubKey In Request.Cookies(strCookie)
%>
             SubKey: <%= strSubKey %><BR>
             Value:
         <%=Request.Cookies(strCookie)(strSubKey)%><BR>
<%      
      Next
   Else
      ' The cookie represents a single value.
%>
      The cookie <%=strCookie%> has the following value:
      <%=Request.Cookies(strCookie)%> <BR>
<%
   End If
 
Next
 
' The following code retrieves the value of the third cookie
' in the Cookies collection.
str3rdCookieValue = Request.Cookies(2)
 
' The following code retrieves the value of the "company" 
' cookie in the Cookies collection.
strCompanyCookieValue = Request.Cookies("Company")
 
%>

Notes

When accessing a cookie that represents a cookie dictionary, if you do not specify a subkey, you will retrieve a string value similar to the following:


FirstSubKey=FirstSubKeyValue&SecondSubKey=SecondSubKeyValue

Part of the cookie structure on the client's machine is a path representing the web page from which the client received the cookie. An important point about retrieving cookie values comes into play when two cookies with the same name, but different paths, exist. In such a case, attempting to retrieve the cookie will retrieve only the cookie from the deeper directory. For example, if the web page www.MyCompany.com/ContribApp/Contrib1.asp has a cookie named UserPref and a second web page with a deeper path, for example, www.MyCompany.com/ContribApp/Addresses/AddrContrib1.asp , also has a cookie named UserPref, then attempting to retrieve the UserPref cookie will retrieve only the second UserPref cookie.

If you attempt to retrieve the value of a subkey for a cookie name that does not represent a cookie dictionary, the result will be null. For this reason, it is important to take advantage of the HasKeys property before attempting to retrieve the value of a subkey.

As you know, the HTTP Persistent Client State Mechanism (cookies to most people) is a continuously evolving recommendation. Any cookie draft remains valid for only six months. The current draft, as of this writing, can be found at ftp://ftp.isi.edu/internet-drafts/draft-ietf-http-state-man-mec-08.txt.

From this document (or its more recent equivalent), you will learn that the latest draft for the cookies specification goes far beyond that originally proposed by Netscape. Obviously, the current Cookies collection of the Request object supports only some of this specification. It is assumed that as the draft becomes a standard, more aspects of cookies will be retrievable through the Request Cookies collection.

Form


Request.Form

The Form collection allows you to retrieve the information input into an HTML form on the client and sent to the server using the POST method. This information resides in the body of the HTTP request sent by the client.

The Form collection, like the other ASP collections, has the following properties:

Item: Represents the value of a specific element in the collection. To specify an item, you can use an index number or a key. In the case of the Form collection, the index number represents the number of the element on the HTML form. For example, suppose you have the following HTML form:; From within RecordPrefs.ASP, the first element (element 1) is "Name." The third element is "Modem." Note that the numbering begins with 1 (one).
Key: Represents the name of a specific element in the Form collection. Just as each element's value is represented by the Item property, so each element's name is represented by its Key property.; If you do not know the name of a specific key, you can obtain it using its ordinal reference. For example, assume that you want to learn the key name for the third element in the collection and, subsequently, that element's value. You could use the following code:; If, on the other hand, you know that the third element's key name is "STATE," you could simply use the following code to retrieve the value of that element:
Count: Returns the number of elements in the collection.

As with other ASP collections, you can retrieve the value of any field of the Form collection through the use of the Item property. Note that in the following examples and explanations, the syntax has been abbreviated so that it does not explicitly show the use of the Item property. For example:


strFirstName = Request.Form("txtFirstName")

is only an abbreviated form of:


strFirstName = Request.Form.Item("txtFirstName")

Example

The examples of the Form collection of the Request object will all use the following HTML form:


<HTML>
<HEAD>
<TITLE>User Information</TITLE>
</HEAD>
<BODY>
<CENTER>
<H1>User Information</H1>
Please enter your user information using the form below:
<FORM NAME = "frmInfo" ACTION="UserInfo.ASP" 
      METHOD = "POST">
First Name:  <INPUT TYPE="text" NAME = "txtFirstName"><BR>
Last Name:   <INPUT TYPE="text" NAME = "txtLastName"><BR>
Zipcode:     <INPUT TYPE="text" NAME = "txtZipCode"><BR>
Occupation:  <INPUT TYPE="text" NAME = "txtOccupation"><BR>
Please select your connection speed:
<SELECT NAME = "optConnSpeed">
<OPTION VALUE = "28.8" SELECTED>28.8 Modem
<OPTION VALUE = "ISDN" >ISDN
<OPTION VALUE = "T1" >T1   
<OPTION VALUE = "T3" >T3
</SELECT><BR>
Below, select all the peripherals you have: 
<INPUT TYPE = "checkbox" NAME = "chkPeriph" 
       VALUE = "Joystick">Joystick<BR>
<INPUT TYPE = "checkbox" NAME = "chkPeriph" 
       VALUE= "GraphicsAccel">3D Graphics Card<BR>
<INPUT TYPE = "checkbox" NAME = "chkPeriph" 
        VALUE = "Printer">Printer<BR>
<BR>
Check here if it's ok to send your information: 
<INPUT TYPE = "checkbox" NAME = "chkSellInfo"><BR>
 
<INPUT TYPE = "Submit"VALUE = "Submit User Info">
 
</FORM>
</BODY>
</HTML>

Once the client clicks on the form's Submit button, the form information is sent to the web server via the HTTP Post method in the body of the HTTP request body.

The following code could be used in UserInfo.ASP to determine the values of the specific elements of the form frmInfo in the previous example. It is assumed in the following code that you know before writing it the exact fields in the form that are to be processed.


<%
 
' The following code example demonstrates the use of
' the Form collection of the Request object to retrieve
' the values entered by the client into an HTML form.
Dim strFirstName
Dim strLastName
Dim strZipCode
Dim strOccupation
Dim blnSendInfo
Dim strConnSpeed
Dim intPeriphCount
Dim aryPeripherals()
Dim chkItem
 
intPeriphCount = 0
 
' Retrieve the information from the form's text boxes.
strFirstName    = Request.Form("txtFirstName")
strLastName     = Request.Form("txtLastName")
strZipCode      = Request.Form("txtZipCode")
strOccupation   = Request.Form("txtOccupation")
 
' Retrieve the information from the Sell Information
' checkbox.
blnSendInfo     = Request.Form("chkSellInfo")
 
' Determine the connection speed from the Connection
' Speed option buttons.
strConnSpeed    = Request.Form("optConnSpeed")
 
' Populate an array with the peripherals the user has.
For Each SubKey in Request.Form("chkPeriph")
   ReDim Preserve aryPeripherals(intPeriphCount + 1)
   intPeriphCount = intPeriphCount + 1
   aryPeripherals(intPeriphCount) = _
      Request.Form("chkPeriph")(intPeriphCount)
 
Next
%>

Notes

If you refer to an element without an index and that element contains multiple values, your code will return a comma-delimited string. For example, suppose that instead of using a subkey with the chkPeriph element of the Form collection earlier in this chapter, we included the following line of code:


response.write Request.Form("chkPeriph")

Assuming we chose all three options (Joystick, GraphicsAccel, and Printer), this line of code would result in the following string


Joystick, GraphicsAccel, Printer

Your application also can retrieve unparsed data from the client's HTTP request. To retrieve unparsed data from the HTTP request body, use Request.Form without any parameters. Note that the use of unparsed HTTP request data--specifically binary data--in this manner can be problematic. However, there are several ActiveX controls and Java applets that can be used to retrieve binary data more efficiently.

To submit information from an HTML form to an ASP application, you must set the <FORM> tag's ACTION attribute to the name of the file that will process the HTML form data. This Active Server Page can be in the same virtual directory or can be specified in terms of its virtual directory. You can do this from an HTML page or from another ASP file. However, one of the most powerful uses of this process is the construction of an ASP that calls itself. This is not necessarily faster, but its development is more efficient.

The following example demonstrates a simple ASP that constructs an HTML form whose entered data is processed by the same ASP:


<%
' UserInfo2.ASP
' The following code determines whether the HTML form (see  
' the bottom portion of the script) has been filled out. If 
' it has, then some processing takes place and one HTML output  
' is sent back to the client. If not, the HTML form is sent to 
' the client.
If Not IsEmpty(Request.Form("txtFirstName")) And _
   Not IsEmpty(Request.Form("txtLastName")) Then
 
   ' The form has been filled out and the reply is
   ' a brief thank you.
%>
   <HTML>
   <HEAD><TITLE>Thank You</TITLE>
   </HEAD>
   <BODY>
   Thank you, <%= Request.Form("txtFirstName")%>  
<%= Request.Form("txtLastName")%> for your information. 
Have a nice day.
   </BODY>
   </HTML>
<%
Else
%>
   <HTML>
   <HEAD><TITLE>Thank You</TITLE>
   </HEAD>
   <BODY>
   
   <FORM NAME = "frmInfo" ACTION="UserInfo2.ASP" 
         METHOD = "POST">
   First Name:  <INPUT TYPE="text" NAME="txtFirstName"><BR>
   Last Name:   <INPUT TYPE="text" NAME="txtLastName"><BR>
 
   <INPUT TYPE = "Submit" VALUE = "Submit User Info">
   
   </FORM>
   </BODY>
   </HTML>
<%
End If
 
%>

This script first determines whether the form elements have been filled out by the client. If so, then this script sends a brief "Thank You" to the client and the script ends. If the information was not entered, the form is presented to the user. This technique, though it uses only a rudimentary form here, is very powerful and can significantly help you to modularize your code, a sometimes difficult task in ASP application development.

If your HTML form contains ActiveX controls in addition to (or instead of) standard HTML form elements, you can refer to their values in the same manner. For example, suppose you have the following (simple) HTML form containing a single Microsoft Forms 2.0 textbox:


<FORM NAME = "frmInfo" ACTION="UserInfo.ASP" 
      METHOD = "POST">
First Name:   
<OBJECT NAME = "txtFirstName" WIDTH=211 HEIGHT=20
   CLASSID="CLSID:8BD21D10-EC42-11CE-9E0D-00AA006002F3">
   <PARAM NAME="VariousPropertyBits" VALUE="746604571">
   <PARAM NAME="BackColor" VALUE="16777215">
   <PARAM NAME="MaxLength" VALUE="255">
   <PARAM NAME="Size" VALUE="5574;529">
   <PARAM NAME="Value" VALUE="">
   <PARAM NAME="BorderColor" VALUE="0">
   <PARAM NAME="FontCharSet" VALUE="0">
   <PARAM NAME="FontPitchAndFamily" VALUE="2">
   <PARAM NAME="FontWeight" VALUE="0">
</OBJECT>
<INPUT TYPE = "Submit"VALUE = "Submit User Info">
 
</FORM>

You could refer to the value entered into the textbox from UserInfo.ASP using the following line of code:


strFirstName = Request.Form("txtFirstName")

If you have an HTML form containing ActiveX controls whose values are validated using client-side script, make sure that none of your elements (the submission button, for example) have the name Submit. This seems like a small point, but if you overlook it, you will not be able to submit your form! Try it.

Remember that data in the Form collection represents only that data in the HTTP request body. You also can use the HTTP Get method to send data from the client to the server. Using Get results in the information being sent from the client in the HTTP request header. To retrieve this data, you must use the Request object's QueryString collection.

QueryString


Request.QueryString(element)[(key) | .Count]

The QueryString collection allows you to retrieve the information sent by the client using the HTTP Get method with an HTML form and data appended to the URL when the page is requested. The QueryString collection is less capable than the Form collection, since there is a limit to the amount of data that can be sent in the header of an HTTP request. In my experience, this limit is around 2000 characters. More characters than this, sent as part of the QueryString, will not be processed, although the script still executes.

The QueryString collection, like the other ASP collections, has the following properties:

Item: Returns the value of a specific element in the collection. To specify an item, you can use an index number or a key. In the case of the QueryString collection, the index number represents the number of the element as it appears in the URL or the number of the element on the HTML form (assuming a GET method is used to send the data). If the POST method is used to submit form data, however, these HTML elements do not exist in the QueryString collection, but rather in the Form collection of the Request object.
Key: Returns the name of a specific element in the QueryString collection. Just as each element's value is represented by the Item property, each element's name is represented by its Key property.; If you do not know the name of a specific key, you can obtain it using its ordinal reference. For example, assume that you want to learn the key name for the third element in the collection and, subsequently, that element's value. You could use the following code:; If, on the other hand, you know that the third element's key name is "STATE," you could simply use the following code to retrieve the value of that element:
Count: The number of elements in the collection.

As with other ASP collections, you can retrieve the value of any field of the QueryString collection through the use of the Item property. Note that in the following examples and explanations, the syntax has been abbreviated so that it does not explicitly show the use of the Item property. For example,:


strFirstName = Request.QueryString("FirstName")

is only an abbreviated form of:


strFirstName = Request.QueryString.Item("FirstName")

Contribute to IDR:

To contribute an article to IDR, a click here.

To contact us at IDevResource.com, use our feedback form, or email us.

To comment on the site contact our webmaster.