ASP โ Server Object โ Access Core Features of Classic ASP with Server Methods
Introduction โ What Is the Server Object in Classic ASP?
In Classic ASP, the Server object is a built-in global object that provides access to essential server-side functions. It allows your ASP scripts to create objects, encode/transfer data, and manage errorsโall at the server level.
In this guide, youโll learn:
- What the
Serverobject is and why it matters - Key methods like
CreateObject,HTMLEncode,URLEncode, andMapPath - Examples of using these methods in Classic ASP pages
- Output examples and practical use cases
Core Methods of the Server Object
| Method | Description |
|---|---|
CreateObject() | Creates and returns a COM object |
HTMLEncode() | Encodes HTML characters (e.g., < becomes <) |
URLEncode() | Encodes URL strings (e.g., spaces become %20) |
MapPath() | Converts virtual path to physical server path |
GetLastError() | Returns last ASP error object (ASP 3.0+) |
Execute() / Transfer() | Executes or transfers control to another ASP file |
1. Server.CreateObject()
Used to create instances of server-side components like CDOSYS or ADODB.
<%
Dim conn
Set conn = Server.CreateObject("ADODB.Connection")
%>
Use Case: Working with databases, emails, file system, etc.
2. Server.HTMLEncode()
Prevents HTML injection by converting special characters into entities.
<%
Dim unsafeText
unsafeText = "<script>alert('XSS')</script>"
Response.Write Server.HTMLEncode(unsafeText)
%>
Output:<script>alert('XSS')</script>
3. Server.URLEncode()
Encodes URLs before passing them into query strings.
<%
Dim user
user = "John Smith"
Response.Write "Welcome.aspx?name=" & Server.URLEncode(user)
%>
Output:Welcome.aspx?name=John%20Smith
4. Server.MapPath()
Translates a virtual path into an actual server path.
<%
Dim path
path = Server.MapPath("data/file.txt")
Response.Write path
%>
Output (example):C:\inetpub\wwwroot\yourapp\data\file.txt
5. Server.GetLastError() (ASP 3.0+)
Returns the last runtime error object.
<%
On Error Resume Next
Dim x
x = 1 / 0 ' Error
Dim errObj
Set errObj = Server.GetLastError()
If Not errObj Is Nothing Then
Response.Write "Error: " & errObj.Description
End If
%>
Output:Error: Division by zero
6. Server.Execute() & Server.Transfer()
Execute()runs another.aspfile’s contents within the current fileTransfer()redirects execution to another.aspfile without returning
<%
Server.Execute("footer.asp")
%>
<%
Server.Transfer("dashboard.asp")
%>
Example โ Securely Output User Data
<%
Dim comment
comment = "<b>Great Post!</b>"
Response.Write "User comment: " & Server.HTMLEncode(comment)
%>
Output:User comment: <b>Great Post!</b>
Best Practices for Using Server Object
Do:
- Use
MapPathto work with server files securely - Encode URLs and HTML using
URLEncodeandHTMLEncode - Use
CreateObjectfor database/email integration
Avoid:
- Trusting raw user inputโalways encode or sanitize
- Using
Transferif the page must return to original - Overusing
CreateObjectwithoutSet = Nothingcleanup
Summary โ Recap & Next Steps
The Server object in Classic ASP is your gateway to powerful backend operations. From handling errors to executing components and safely rendering content, Server provides essential utilities for robust application development.
Key Takeaways:
CreateObjectis used for COM components like ADODB, CDOSYSHTMLEncode/URLEncodehelp prevent XSS or encoding issuesMapPathresolves server-side file paths
Real-world Use Cases:
- Sending emails with CDOSYS
- Logging activity to server-side files
- Encoding data safely in search filters or URLs
FAQs โ Classic ASP Server Object
What is the difference between Execute() and Transfer()?
Execute() runs the other ASP page and returns to the caller; Transfer() ends the current page and sends control permanently.
Can I use MapPath to write files?
Yes. Use Server.MapPath() to resolve the real path before opening or writing files using FileSystemObject.
Why should I use HTMLEncode()?
It prevents cross-site scripting (XSS) by rendering user-generated content as safe HTML text.
Share Now :
