๐ก ASP โ Server Object โ Access Core Features of Classic ASP with Server Methods
๐งฒ Introduction โ What Is the Server Object in Classic ASP?
In Classic ASP, the Server object is a built-in global object that provides access to essential server-side functions. It allows your ASP scripts to create objects, encode/transfer data, and manage errorsโall at the server level.
๐ฏ In this guide, youโll learn:
- What the
Serverobject is and why it matters - Key methods like
CreateObject,HTMLEncode,URLEncode, andMapPath - Examples of using these methods in Classic ASP pages
- Output examples and practical use cases
๐งฐ Core Methods of the Server Object
| Method | Description |
|---|---|
CreateObject() | Creates and returns a COM object |
HTMLEncode() | Encodes HTML characters (e.g., < becomes <) |
URLEncode() | Encodes URL strings (e.g., spaces become %20) |
MapPath() | Converts virtual path to physical server path |
GetLastError() | Returns last ASP error object (ASP 3.0+) |
Execute() / Transfer() | Executes or transfers control to another ASP file |
๐งฑ 1. Server.CreateObject()
Used to create instances of server-side components like CDOSYS or ADODB.
<%
Dim conn
Set conn = Server.CreateObject("ADODB.Connection")
%>
๐งช Use Case: Working with databases, emails, file system, etc.
๐ 2. Server.HTMLEncode()
Prevents HTML injection by converting special characters into entities.
<%
Dim unsafeText
unsafeText = "<script>alert('XSS')</script>"
Response.Write Server.HTMLEncode(unsafeText)
%>
๐งช Output:<script>alert('XSS')</script>
๐ 3. Server.URLEncode()
Encodes URLs before passing them into query strings.
<%
Dim user
user = "John Smith"
Response.Write "Welcome.aspx?name=" & Server.URLEncode(user)
%>
๐งช Output:Welcome.aspx?name=John%20Smith
๐ 4. Server.MapPath()
Translates a virtual path into an actual server path.
<%
Dim path
path = Server.MapPath("data/file.txt")
Response.Write path
%>
๐งช Output (example):C:\inetpub\wwwroot\yourapp\data\file.txt
โ 5. Server.GetLastError() (ASP 3.0+)
Returns the last runtime error object.
<%
On Error Resume Next
Dim x
x = 1 / 0 ' Error
Dim errObj
Set errObj = Server.GetLastError()
If Not errObj Is Nothing Then
Response.Write "Error: " & errObj.Description
End If
%>
๐งช Output:Error: Division by zero
๐ 6. Server.Execute() & Server.Transfer()
Execute()runs another.aspfile’s contents within the current fileTransfer()redirects execution to another.aspfile without returning
<%
Server.Execute("footer.asp")
%>
<%
Server.Transfer("dashboard.asp")
%>
๐งพ Example โ Securely Output User Data
<%
Dim comment
comment = "<b>Great Post!</b>"
Response.Write "User comment: " & Server.HTMLEncode(comment)
%>
๐งช Output:User comment: <b>Great Post!</b>
๐ Best Practices for Using Server Object
โ Do:
- Use
MapPathto work with server files securely - Encode URLs and HTML using
URLEncodeandHTMLEncode - Use
CreateObjectfor database/email integration
โ Avoid:
- Trusting raw user inputโalways encode or sanitize
- Using
Transferif the page must return to original - Overusing
CreateObjectwithoutSet = Nothingcleanup
๐ Summary โ Recap & Next Steps
The Server object in Classic ASP is your gateway to powerful backend operations. From handling errors to executing components and safely rendering content, Server provides essential utilities for robust application development.
๐ Key Takeaways:
CreateObjectis used for COM components like ADODB, CDOSYSHTMLEncode/URLEncodehelp prevent XSS or encoding issuesMapPathresolves server-side file paths
โ๏ธ Real-world Use Cases:
- Sending emails with CDOSYS
- Logging activity to server-side files
- Encoding data safely in search filters or URLs
โ FAQs โ Classic ASP Server Object
โ What is the difference between Execute() and Transfer()?
โ
Execute() runs the other ASP page and returns to the caller; Transfer() ends the current page and sends control permanently.
โ Can I use MapPath to write files?
โ
Yes. Use Server.MapPath() to resolve the real path before opening or writing files using FileSystemObject.
โ Why should I use HTMLEncode()?
โ
It prevents cross-site scripting (XSS) by rendering user-generated content as safe HTML text.
Share Now :
