In order to standardize the program code, improve code readability, reduce post-maintenance costs, improve office efficiency, and programs prepared afterwards will be conducted in the following specifications:
First, unified VBScript and ASP program preparation specification:
(1) Variable naming rules:
Since the ASP and VBScript do not need to declare variables, it is not necessary to declare the type of variables, but in order to improve the readability, develop habits, the variable naming rules developed for this system are as follows:
1. Use DIM, public, private declared variables;
For example: DIM ISTUDENTNUM
2. Reference in variable type:
a, integer variable: start with lowercase letters, back with variable markers, the first letter of English words.
For example: the following declarations a variable that stores database records
DIM IRESORDSETNUMBER
B, single-precision entity variable: start with lowercase letters F, back with variable markers, the first letter of English words.
C, double precision entity variable: start with lowercase letters D, back with variable markers, the first letter of English words should be capitalized.
D, character type variable: beginning with lowercase letters;
e, Boolean variable: starting with lowercase letters B;
f, array variable: array type "_" "array" "_" "variable marker"
For example: Define an array of storage student scores (storage single precision entity type variable)
DIM F_ARRAY_STUDENTMARK
3. Variable markers should comply with the label standard, which is easy to understand, try to use English words to replace, try to avoid using abbreviations or shortcomings.
For example: Storage Alumni Address Book is defined as:
Dim sschoolfellowaddresslist;
Although this definition is more troublesome when input, it greatly improves the readability of the program, and seeing its variable name. It is also convenient when doing variables. Speed and performance can always be two full. In order to facilitate the latter, we only have sacrificial speed.
4. Annotation defined after variable definitions.
(2) Constant naming rules:
The type is embodied above, the same place is that all the latter markers are all capitalized, for example:
Define a character type constant for a stored language type:
Const Slanguage_type = "Chinese"
(3) Function function, process naming rules:
1. Use the function declaration function to declare the process with the SUB;
2. The first letter of the function name or process name, and the first letter of the first letter behind.
E.g:
Function CheckValidityOfinput (SSTUENTMARK)
'Write code here
..........
END FUNCTION
3. The function name or process name is easy to read, simply.
4. Add a comment in front of the function, describe the function, parameter description, create dates, modify the date, modify the reason, create information about people, modify people, etc.
(4) Code indent standard:
In order to improve the aesthetic and readability of the code, the layout prepared by the code is proposed here: The interval and the interval are spacing in one
E.g:
'********************************************************** **********
'Features: Detect single quotes in the input string, if there is, turn the original single number into two
'One single quotation mark, two becomes four, push it according to the class, so that the SQL statement is executed. 'Created: xxxx
'Creating time: 2002-7-6
'Change the time:
'Modify reason:
'Modify:
'Input Parameter Description: SINPUTSTRING: String of single quotes detected
'********************************************************** **********
Function CheckValidityOfinput (SINPUTSTRING)
DIM ICIRCTITIONCONTROL 'control loop
DIM SAPARTSTRING 'Separation Character Detection
DIM ilenofinput 'Enter a character length
Ilen = len (Trim (SINPUTSTRING))
For icrculationControl = 1 to len
IF MID (SINPUTSTRING, ICIRCTITIONCONTROL, 1) <> "'"
Sapartstring = SapartString &_
MID (Trim (SINPUTSTRING), ICIRCTIITIONCONTROL, 1)
Else
Sapartstring = SapartString & "''"
END IF
NEXT
CheckValidityOfinput = SapartString
END FUNCTION
Second, unified JavaScript program preparation specification:
The naming rules of JavaScript are the same as most of the above, the only different places are: variables use var to declare, end with a semicolon (;) after the declaration is completed.
The code code requires a clear level. This is written in the next line to write, do not complete all the code in a row, which looks not easy, check the error is also available.
Remember the content of the addending when you write a function, so that you can quickly understand the program functionality during maintenance.
Here is a JavaScript program:
// ******************************************************** **********************
// Function: Single number of text, password, and textarea object in Form, solving due to single quotes
// Since the system error.
// Created: xxxx
// Create time: 2002-7-8
//Change the time:
//Modify reason:
// Modify:
// ******************************************************** *********************
Function Checkelement ()
{
Var sneedcheck = ""; // detect content belonging to the INPUT tag
Var iControlInput = 0; // Control loop
VAR iLocationInput = 0; // Control location
Var ionthinput = 0; // Stores the string length
Var ScheckingInput = ""; // is being detected characters
Var SREPLACEINPUT = ""; // Replace characters
Var shaveCheckinput = ""; // The character that has been detected
Var objinput; // Store the input object; var objtextarea; // Stores the TextArea object
Var icontrolTextArea = 0;
Var iocationtextAREA = 0;
Var iLEngthTextArea = 0;
VAR ScheckingTextArea = ""
VAR SREPLATEXTAREA = ""
VAR shavechecktextarea = "";
// Detect the single quotes in the TEXT and Password objects in the page
For (i = 0; I Objinput = Document.all.tags ('Input') [i]; IF (objinput.type == 'text' || objinput.type == 'password') { SneedcheckInput = Obj.Value; IlengthInput = SneedCheckinput.length; For (iControl = 0; icontrol ScheckingInput = SneedCheckInput.charat (icontrol); IF (ScheckingInput == "'") SREPLACEINPUT = "''"; Else SREPLACEINPUT = ScheckingInput; ShaveCheckInput = ShaveCheckInput SreplaceInput; } } Objinput.value = shaveCheckinput; } // Detect single quotes in the TextArea object in the page For (i = 0; i Objtextarea = document.all.tags ('textarea') [i]; IF (ObjtextArea.Type == 'text' || objtextArea.Type == 'password') { SneedCheckTextArea = Obj.Value; IlengthtextArea = SneedCheckTextArea.length; For (iControl = 0; icontrol ScheckingTextArea = SneedcheckTextArea.Charat (icontrol); IF (ScheckingTextArea == "'") SREPLACETEXTAREA = "''"; Else SREPLACETEXTAREA = ScheckingTextArea; ShaveCheckTextArea = ShaveCheckTextArea SREPLACETEXTAREA; } } Objtextarea.value = shavechecktextarea; } } Script> Third, the system performance is improved, code specification: 1. In the ASP page, any object (COM, RecordSet, etc.) created using Cream, RecordSet, etc. 2. The database is open after not available (usually this page is the end of this page), you need to turn off the connection; 3. For SQL statements, stored procedures, try to use * to take all fields, for the easy-to-readability of the code, the SQL keyword requires all uppercase, and the field part is lowercase. E.g: Select Name, AGE, Birthday, Telephone, Address from schoolfellow.address where name = 'xxxx' Order by Birthday DESC 4. All attribute values in the ASP page are tried to use double quotes, especially those with attribute value, do not remove the double quotes because of the time saving (some places can be removed, the program does not have errors, but Some places to remove the double quotes will lead to more trouble.) E.g: In this example, if the single quotes of the value attribute value are removed, if the value coming out of the database has spaces, there is also a value behind the space, the result, the displayed content is only the content in front of the space, while the subsequent content will be lost. This is just one of them, and there are still many unknown situations. 5. Pairing tag problem: For labels such as , pay attention to check the paired bit value, have no end flag. 6. For places where you need to enter a string and you need to use the SQL statement, you need to perform single quotation number processing, call two methods in /include/checkq.asp (one is the client processing, one is server-side processing, according to the needs The server-side processing is used in most places where the security is required. 7. In order to improve security, you can use the code written by ASP, try to write by ASP, run on the server, does not let the user see the code. 8. For places with high security requirements, it is recommended to use a three-layer structure: write business logic code (COM) using VB or Delphi, and minimize the connection part of the database to the component, improve security performance, communicate through components and database. . 9. For the security of the website, the fracture scanning software should be used, check the shorter of the website that has been opened and the unsafe fracture is turned off. Fourth, develop a habit of writing a development document: For each page design (front page, post page), including function description, page design, page name, storage, etc., should have corresponding documentation. For places where changes, the original part (annotation or backup) is required, and the place, change time, modification of the backup file is stored. For the program part, there should be a corresponding design process. When the change is changed, it is also necessary to design a modified flow chart for comparison, and the location of the problem is located, and the severity analysis of the problem.