Ugh don't make me use ASP.....

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Ugh don't make me use ASP.....

Post by Skittlewidth »

Hello,

Whilst I consider it blasphemy to post anything to do with ASP on our wonderful PHP forum I'm not sure where else to ask (and should I move this to General Discussion?)

I was wondering if anyone knew of an ASP equivalent to our hallowed PHP manual or an asp forum as huge and as well used as this? Everything I've found so far has been about ASP.net :evil:

I'm not going over to the dark side by choice, i've just been given a project where I have to improve an existing asp driven site.

Oh and if someone could tell me what the equivalent of isset() is in ASP that would save me another fruitless trawl on Google

Cheers
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

I don't know much about ASP, but afaik it's an alternative for CGI...

This means you should search for Visual Basic (or whatever the code is written in) instead of ASP...
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Re: Ugh don't make me use ASP.....

Post by infolock »

Skittlewidth wrote:Hello,

Whilst I consider it blasphemy to post anything to do with ASP on our wonderful PHP forum I'm not sure where else to ask (and should I move this to General Discussion?)

I was wondering if anyone knew of an ASP equivalent to our hallowed PHP manual or an asp forum as huge and as well used as this? Everything I've found so far has been about ASP.net :evil:

I'm not going over to the dark side by choice, i've just been given a project where I have to improve an existing asp driven site.

Oh and if someone could tell me what the equivalent of isset() is in ASP that would save me another fruitless trawl on Google

Cheers
So ehh, what exactly is the project? i think you may have accidently left that out ;)

But anyways, an alternative to isset is empty()
User avatar
Chris Corbyn
Breakbeat Nuttzer
Posts: 13098
Joined: Wed Mar 24, 2004 7:57 am
Location: Melbourne, Australia

Re: Ugh don't make me use ASP.....

Post by Chris Corbyn »

infolock wrote:But anyways, an alternative to isset is empty()
Well it's not really an alternative for somethings. empty() will throw an error if the var doesn't even exist. That's PHP anyway but in ASP I have a feeling this might work.

Code: Select all

<%
if (!someVar) {
   print (someVar + &quote; is not set)&quote;;
}
%>
And yes... a VB manual - there's one somewhere in the microsoft office program files if you search for all chm files in there ;) - will help you here. ASP uses VB syntax.
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

this is true. however, the check

Code: Select all

if(!$myvar) {
 echo 'Myvar is not set';
}
works in php as well.
User avatar
Skittlewidth
Forum Contributor
Posts: 389
Joined: Wed Nov 06, 2002 9:18 am
Location: Kent, UK

Post by Skittlewidth »

Thanks everyone.

Wasn't being vague about the nature of the project, thats about all the info I have at the moment infolock! We were tempted to convert the existing website over into PHP and MySQL but then it was decided that I may as well expand my skillset a little. I probably won't be doing anything partuclarly innovative, just the old custom cms stuff so as long as I can do select, insert, update, delete, between the page and the database and manipulating content data a little I think I'll be ok.

I know asp is oop but its taking me a while to adapt to the long winded way of getting things done. I particluarly miss ".=" !
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

PHP $line .= "message"
VB line = line & "message"

Meaby you want to have a look at
http://www.vbaccelerator.com/home/VB/Co ... rticle.asp too...
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

Code: Select all

if(!$myvar) {
 echo 'Myvar is not set';
}
E_ALL will issue a warning if $myvar is null. Stay with empty().
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

aye, but that's if you have error reporting turned on ;) It is still a very valid if statement and we use it all the time in corporate site designing. I'll agree it isn't the best practice, I was just stating that the same statement in asp could be achieved in php ;)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

infolock wrote:aye, but that's if you have error reporting turned on ;) It is still a very valid if statement and we use it all the time in corporate site designing.
Its also still a very valid warning - that variable isnt defined yet, and that means potential security problems. Thats why you should have error reporting on, and shouldn't "use it all the time". :)
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

Roja wrote:
infolock wrote:aye, but that's if you have error reporting turned on ;) It is still a very valid if statement and we use it all the time in corporate site designing.
Its also still a very valid warning - that variable isnt defined yet, and that means potential security problems. Thats why you should have error reporting on, and shouldn't "use it all the time". :)
I don't think it necessarily means potential security problems. The only way it would bring a security issue in general is if you keep error reporting on for the whole world to see that you have an undefined variable. otherwise, you don't have a problem as no one even knows about it ;)
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

infolock wrote: I don't think it necessarily means potential security problems. The only way it would bring a security issue in general is if you keep error reporting on for the whole world to see that you have an undefined variable. otherwise, you don't have a problem as no one even knows about it ;)
Whether someone knows it exists or not is "Obscurity". It has no relation to whether it is secure. I can hide a box of money in my room.. just because its hidden has no relation to the fact that the combination to the box being written on it makes it insecure.

And yes, an undefined variable always has the potential for security risks - thats why they warn you about them.

Example:

Code: Select all

exec($_GET&#1111;'cmd']);
Access that file in a browser with.. http://www.example.com?cmd='rm -rf'

You get the idea. Because $cmd isn't defined by your script, the user can define it to a potentially dangerous/unexpected value. Its true in includes, exec's, even for-loops, whiles, and so on. Basically anywhere that you don't have tight bounds checking.

And if register_globals is on, its even worse.

Using a variable you haven't defined is by definition trusting an unknown value - thats not secure.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

And so you people are thinking: what harm could a measly boolean check do? Well, not much. But it sorta creeps, you know?
User avatar
infolock
DevNet Resident
Posts: 1708
Joined: Wed Sep 25, 2002 7:47 pm

Post by infolock »

Roja wrote:
infolock wrote: I don't think it necessarily means potential security problems. The only way it would bring a security issue in general is if you keep error reporting on for the whole world to see that you have an undefined variable. otherwise, you don't have a problem as no one even knows about it ;)
Whether someone knows it exists or not is "Obscurity". It has no relation to whether it is secure. I can hide a box of money in my room.. just because its hidden has no relation to the fact that the combination to the box being written on it makes it insecure.

And yes, an undefined variable always has the potential for security risks - thats why they warn you about them.

Example:

Code: Select all

exec($_GET&#1111;'cmd']);
Access that file in a browser with.. http://www.example.com?cmd='rm -rf'

You get the idea. Because $cmd isn't defined by your script, the user can define it to a potentially dangerous/unexpected value. Its true in includes, exec's, even for-loops, whiles, and so on. Basically anywhere that you don't have tight bounds checking.

And if register_globals is on, its even worse.

Using a variable you haven't defined is by definition trusting an unknown value - thats not secure.
Again, one will not know if the variable is undefined if the error reporting is off. if it's turned on (which php.net strongly suggests that you do NOT do), then yeah, you are right. again, if, however, you keep error reporting turned off for this instance, you have no worries. as far as globals go, that's exactly why i said it was a bad idea to have them turned off.

as for the whole variable thing goes, even if it is bad practice, it's still a very easy way of validating a variables existance without the need of using processor speed. Because so long as you have the error reporting turned off, the end user is NOT going to see any of these warnings, and thus will not know of any variables that are left undefined.
Last edited by infolock on Fri Jul 29, 2005 7:58 am, edited 1 time in total.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

One should note that it is strongly recommended that you turn off all error reporting in production environments. It is also strongly recommended that you work with them on in development environments (heh).
Post Reply