Professional Documents
Culture Documents
Thiet Ke Web
Thiet Ke Web
Mc d vic thit k trang web i hi phi c nhiu kh nng v m thut, tuy nhin vn c th a ra mt qu trnh thit k c th gip bn tng kh nng to ra cc trang web hiu qu v n tng. C th nhiu ngi s cho rng vic a ra cc bc trong qu trnh thit k s lm mt i qu trnh sng to, iu ny c l ng i vi nhng nh thit k gii, nhng ngi c qu trnh thit k v sng to ca ring h. Nhng vi nhng ngi khng c o to bi bn v thc hnh nhiu th vic nghin cu xem ngi khc thit k v ng dng cc bc nh th no c th s gip ch rt nhiu cho h. Bc 1 : Phn tch ngi dng v t nh gi chnh mnh Nu bn khng bit ngi dng d nh l ai, th tt c vic thit k, cho d c c thc hin k lng n u cng ch dn n tht bi. Bn cn phi bit cc thng tin v ngi dng nh trnh , s thch, cc lnh vc quan tm, cu hnh trang thit b, phn mm, trnh a ra mt trang web v tch s. Bn cng cn phi phn tch cc mi quan tm v kh nng ca chnh bn. Bn c kh nng thit k cc trang web c hiu qu v n tng khng? Bn c trnh chuyn mn to ra c cc trang c lng thng tin phong ph da trn cc ti nguyn sn c khng? Sau y l mt s k thut gip cho bc ny : 1. M t mc tiu: Hy xc nh chnh xc mc tiu ca trang ny mt cch ngn gn. Mc tiu cn c m t mt cch sc tch, r rng, khng qu rm r, chi tit. 2. Xc nh vn gii quyt: T m t mc tiu bc trn, nu ra cc vn cn gii quyt t c mc tiu, tm tt phng php gii quyt, ... 3. Xc nh ngi dng: Lit k cc c im ca khch hng nh tui tc, ngh nghip, gii tnh, thu nhp, trnh , vng c tr, cu hnh trang thit b, phn mm, vo mt danh sch phn tch v x l sau ny. 4. Lit k cc ngun ti nguyn: Bn c sn nhng g hon thnh cng vic c v mt trang thit b, cng c phn mm, v c v trnh chuyn mn ? Bn c th lm c nhng g, v bn s nh gip nhng g ? 5. Xy dng bng tin thc hin: Xc nh thi gian cn hon thnh sn phm vi cc ti nguyn sn c, thi gian cn thc hin tng bc ca qu trnh, Bc 2 : Thit k cc chc nng v cu trc trang C th lc ny bn rt mun ngi ngay vo my v bt tay vo vic xy dng trang web nhng ng vi! Hy dnh thi gian cho vic thit k cc chc nng v cu trc ca cc trang chnh, v
y l bc quan trng nht trong qu trnh thit k. Sau y l mt s hng dn thc hin bc ny : 1. Chn cch lm vic sao cho c th phc tho thit k mt cch thoi mi: Bn c th dng bt v s trn giy, hay c th dng cc chng trnh my tnh phc tho. Tuy nhin vic s dng cc chng trnh my tnh c th s lm hn ch nng sut lm vic v cc cng c c sn thng b gii hn. 2. Vic thit k nn i t tru tng n c th: Vic a ra cc chi tit ngay t u c th s lm mt i tng quan ca vn . Phi xc nh khung ca chc nng trc ri sau mi la chn ni dung in vo. Bc 3 : Tm cch trnh by n tng v hiu qu Ngay c mt cu trc tt nht cng s tht bi nu vic trnh by thng tin khng trc quan v n tng. Mt cch trnh by c n tng v hiu qu c nh gi khng ch bng cch trng n nh th no m cn xem n ng gp nh th no vo qu trnh t mc tiu ban u. Sau y l mt s cch tm ra ngun cung cp cho cc trnh by tt: 1. a ra cng nhiu cch trnh by t kh nng ca chnh bn. Lun quan st v su tp cc trnh by tt ot gii, c nhiu ngi cng nhn, hay cc trnh by m bn thch, ... 2. Lun cp nht cc thay i v cng ngh web. Bn nn lun c cc ti liu mi nht v HTML, cng nh cc thng tin v cc dng tp tin v cc thit b mi c h tr bi cc nh sn xut. 3. Lun ghi nh: i tng nh gi cch trnh by l ngi dng ch khng phi bn. 4. Th cng nhiu gii php cng tt v hy ghi nhn cc nhn xt, phn hi ca nhng ngi cng tc hon chnh thit k. Bc 4 : Xy dng ni dung L mt ngi thit k trang web, bn c th c hoc khng chu trch nhim to ni dung (nh vn bn, hnh nh, m thanh, video, ..). V vic to ni dung thng khng th i n lc thit k hnh thnh, bn c th tin hnh cc bc sau m bo rng ni dung v thit k ca bn l tng thch vi nhau: 1. Sa i, hiu chnh cc ni dung c hoc cc ni dung m bn c quyn sa. 2. Xin h tr v c vn ca nhng chuyn gia i vi cc ch ngoi lnh vc chuyn mn ca bn. 3. Thit lp ng dy lin lc gia bn (ngi thit k) v nhng ngi to ni dung. a ra cc qui c, cc c t cho ni dung nh mi trng h tr, nh dng tp tin, cch nn, qui c t tn tp tin,
4. m bo cng nhiu thng tin cng tt. Cn phi c s kt hp cht ch gia vn bn v ha, hnh nh, m thanh trong ni dung. 5. To mt cu trc cy th mc hp l cho ni dung v thng xuyn sao lu m bo an ton. Bc 5 : Thit k v kim tra khung trang web Trong khi ang tin hnh xy dng ni dung, y l lc kim tra cc chc nng v cu trc c xy dng trong bc 2 xem n hot ng nh th no. y l bc m bn chuyn cc m t v chc nng, v thit k ban u sang mt th hin l cc trang web c th. Sau y l mt s hng dn thc hin bc ny : 1. Lin lc vi ngi qun tr server xem vic t chc cc tp tin nh th no v cc c t no c sn. Cho ngi qun tr bit cc loi tp tin no m bn ang s dng cha c h tr. 2. S dng cc lin kt trong cc trang ti cc cu trc th mc tng t nh cu trc th mc trn server. 3. Ghi nhn cc nh thng c dng trong vic truy xut cc trang thng thng a vo cache. Bng cch ny bn c th tng tc truy xut cc trang. 4. Th nghim trn server kim tra xem n hot ng ng nh thit k hay khng. Bc 6 : a ni dung vo Trong trng hp tt nht, cc khung dnh cho vn bn v ha s c in vo bng ni dung thc s ca n mt cch d dng v n khp. Tuy nhin iu ny him khi xy ra v mt l, hnh nh v vn bn a vo c th khng va vi khung thit k dnh cho n nh d nh ban u. Cn phi thm mt s thao tc na mi c th thc hin xong chuyn ny. vic a ni dung vo tht s n gin, n khp, cn phi gi mi lin lc tt gia cc thnh vin lin quan nh ngi thit k, ngi minh ha, ngi vit ni dung, ngi bin tp, v ngi qun tr server, Sau y l mt s hng dn cho vic thc hin tt bc ny : 1. Trc tin hy cho cc trang hot ng cc b, ring l d kim tra, hiu chnh, nh gi, ... 2. Lm vic theo module, ngha l cho nhm cc trang lin quan nhau hot ng tri chy trc khi m rng ra. 3. ng ngi thay i mt quyt nh thit k trc . C th bn gi nh sai, hoc l cng ngh thay i vo lc a ni dung vo,
Bc 7 : Kim tra v nh gi Cc trang hiu qu nht l kt qu ca vic thit k v nh gi cn thn. Mt web site tr gi na triu la c th c n 70% tng chi ph dnh cho vic thit k v nh gi. Sau y l mt s bc thc hin vic ny: 1. Kim tra hot ng ca cc lin kt ni b v cc ngun ti nguyn. 2. Kim tra chnh xc ca cc lin kt ngoi. Khng c g t hn l cc lin kt vi cc trang bn ngoi khng cn tn ti na, hoc l c chuyn n ni khc, hoc l khng cn ph hp na. 3. Th cc trang vi nhiu trnh duyt khc nhau. Thc hin iu ny kim tra tnh tng thch ca trang vi cc trnh duyt, xem th thit k trang tn dng ht cc h tr ca trnh duyt cha, 4. Th cc trang bng nhiu cch kt ni khc nhau. Th xem vic hin th cc trang c nh hng nh th no nu kt ni bng mng cc b, ng kt ni tc cao, ng in thoi, 5. Th cc trang tnh trng mc truy cp cao. Nu server ca bn chy tt trong cc gi cao im th nhng gi khc c th chp nhn c. 6. Th cc trang vi nhiu dng ngi dng khc nhau. Nu trang ca bn cp v cc mi quan tm chung th hy tranh th th trang web vi nhng ng s, bn b, Hy ghi ch v quan st. C th bn s khng cn thay i phin bn ca trang web nhng bn s cn cc thng tin v trang lin tc c cp nht ha. Trn y l cc bc gip bn c th to cc trang web tt. Chc cc bn thnh cng. L nh Duy ldduy@fit.hcmuns.edu.vn
Vietnamese etc.,
ASCII
ASCII
etc.,
Tuy nhin trong tng bng m ny, khng phi tt c cc k t ca mt ngn ng u c trong bng m. Hay ni chnh xc hn l khng phi tt c cc k t u c biu din bng duy nht mt im m. Ly v d ting Vit chng ta c 134 k t t hp t 28 ch ci v 5 du thanh. Do ch c 128 im m nn bng m windows-1258 dnh cho ting Vit biu din mt s k t thnh hai im m lin tip, mt im m dnh cho k t c s v mt im m dnh cho du thanh. V d: k t c biu din bng hai im m
tng ng vi cc k t v k t du sc: = + . Cch biu din nh vy c gi l cch biu din tch ri (decomposed) m thut ng chng ta hay gi l t hp. Bng m TCVN3-ABC dng 134 im m biu din ht cc k t ting Vit, chnh iu ny dn n phi s dng mt s im m ca bng m ASCII. y chnh l l do m cc trang web s dng bng m ny khng hin th c k t trong cc trnh duyt Internet Explorer 5.0 tr ln. Cch biu din nh vy c gi l cch biu din kt hp sn (precomposed) m thut ng chng ta hay gi l dng sn. 1.2. Bng m Unicode V mt bn cht cc bng m trn ca Windows l bng m 8-bit, ngha l mi im m c m ha bng ng mt n v m 8-bit. Chnh iu ny gii hn s lng cc cc k t c m ch l 256. Do trong mt vn bn khng th cng hin th nhiu k t ca cc ngn ng khc nhau c. Unicode ra i nhm thng nht chung cc k t ca mi ngn ng trong mt bng m duy nht [2]. Hai vn nn lu khi cp n thut ng Unicode l: Tp k t m Unicode biu din: y mun ni n tp k t v cch nh x cc k t bng cc im m tng ng. Cch m ha cc im m thnh cc n v m. Unicode dng 16 bit biu din cc im m, do n c th biu din c n 65,536 k t c im m nm trong khong t 0-65,535. Do vy vi Unicode ngi ta c th biu din c hu ht cc k t ca cc ngn ng. Cch n gin nht m ha cc k t Unicode l biu din mi im m bng ng mt n v m 16-bit. y chnh l cch m ha nguyn thy ca Unicode trong phin bn 2.0 c ISO/IEC chun ha thnh ISO/IEC 10646 hay cn gi l UCS-2. Tuy nhin, tng thch vi cc h thng x l trc khi Unicode ra i cng nh ti u ha trong qu trnh lu tr v truyn d liu, ngi ta dng cc cch khc nhau m ha cc im m thnh cc n v m. Mi cch m ha nh vy c gi l mt dng bin i ca Unicode (UTF Unicode Transformation Format). Thng dng nht hin nay l UTF-8 v UTF-16 dng dy cc n v m c di khc nhau m ha cc im m. UTF-8 dng 1 n 4 n v m 8-bit trong khi UTF-16 dng 1 n 2 n v m 16-bit m ha. V d sau minh ha cch m ha ca UTF-8: 128 k t u tin ca Unicode t im m U+0000 n U+007F, c m ha thnh 1 byte. T im m U+0080 n U+07FF, c m ha thnh 2 byte. T im m U+0800 n U+FFFF, c m ha thnh 3 byte. T im m U+0800 n U+FFFF, c m ha thnh 4 byte.
Nh vy khi cp n Unicode trong lp trnh, cn phi xc nh r chng ta dng bng m Unicode theo dng bin i no: UCS-2, UTF-8, hay UTF-16, UCS-2 c dng trong cc h qun tr c s d liu nh SQL Server 7.0/2000, Microsoft Access 2000, UTF-8 thng c dng trong cc ng dng web, trong khi UTF-16 li c dng trong cc h thng nh Windows 2000/XP, Java, 2. Lp trnh web vi ting Vit Unicode 2.1. Ch nh bng m dng trong trang web Khi mt trang web c server chuyn xung cho client, trnh duyt s dng thng tin v bng m m trang web s dng chuyn dy cc byte trong ti liu thnh cc k t tng ng hin th ln mn hnh. Ngoi ra, mt khi d liu trong cc FORM c gi i sau khi ngi dng submit, trnh duyt cng s cn c vo bng m ny chuyn i d liu khi truyn i. V d, nu trang web c ch nh dng bng
m windows-1252 th khi FORM c submit, d liu s c m ha theo bng m ny cho d trc trong cc hp iu khin ca FORM, d liu c g di dng Unicode [3]. Vic ch nh bng m c vai tr rt quan trng trong vic hin th ng ni dung m ngi thit k mong mun, bi v nu khng ch nh bng m c dng trong trang web hin hnh mt cch r rng, trnh duyt s s dng bng m mc nh. V d, nu d liu chuyn n cho trang web l E1 BB 81, nu ch nh bng m l UTF-8 th 3 byte ny chnh l biu din m ca k t trong khi nu h thng dng bng m mc nh, v d nh windows-1252, th 3 byte ny li c xem nh l biu din 3 k t khc nhau v s c hin th l . ch nh bng m m trang web hin hnh s dng, ta dng tag META vi thuc tnh HTTP-EQUIV c gn l Content-Type, v ch nh tn ca bng m c dng trong thuc tnh CONTENT (Thng tin v cc bng m c dng trn Windows c th xem ti [4]). Trong v d sau, tag META c dng ch nh bng m windows-1252 cho mt trang web:
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=windows-1252">
yu cu trnh duyt s dng mt bng m cho ton b trang web, ta phi t tag META ny trc tag BODY. Thng thng l t tag META ny trong tag HEAD nh v d sau:
<HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=windows-1252"> <TITLE>New Page 1</TITLE> </HEAD> <BODY> </BODY> </HTML>
Trong trng hp bng m c ch nh khng c kh nng biu din c tt c cc k t ca trang web, ngi ta phi dng n s tham chiu ca k t (NCRs - numerical character references). S tham chiu k t l im m ca k t Unicode tng ng m n biu din. S tham chiu k t c hai dng thp phn v thp lc phn. Dng thp phn c c php l &#D;, vi D l s thp phn. Dng thp lc phn c c php l &#xH;, vi H l s thp lc phn. V d: å v å l cc s tham chiu ca k t a trong bng m Unicode. Mt khi gp s tham chiu ca k t, trnh duyt s tham chiu trc tip n k t c im m tng ng trong bng m Unicode m khng s dng n bng m c ch nh hin hnh [5]. Ly v d mt trang web c m ha vi bng m windows-1252, lc hin th on vn bn: Ting Vit, d liu cho trang web phi l Tiếng Việt , trong ế v ệ ln lt l cc s tham chiu ca cc k t v trong bng m Unicode. iu ny cho php gii thch ti sao, cc trang web khng dng bng m UTF-8, v d nh windows-1252, vn c th hin th c cc k t Unicode khng thuc bng m hay khi chuyn i t bng m UTF-8 sang windows-1252, MS FrontPage 2000 li t ng thm vo cc s tham chiu k t theo cch trn. 2.2. Hot ng ca webserver Khi trnh duyt yu cu mt trang .asp, trnh x l trang asp ti webserver s thng dch cc m lnh trong trang web ny v gi kt qu v cho trnh duyt. Thng thng, lnh Response.Write c dng cho cc kt xut t cc hng chui hay t cc bin ra mn hnh. V d nh:
<% Response.Write Cho mng bn n vi trang web ny in mt hng chui Response.Write rs(TEN_NV) in d liu ca mt bin, v d nh l mt trng ca recordset %>
yu cu webserver m ha cc d liu trong cc hng chui v bin theo bng m s c dng hin th ti client, ta cn phi t thuc tnh CodePage v bng m tng ng. Cc lnh trong v d sau s yu cu webserver m ha cc chui d liu theo bng m UTF-8 (Thng tin v cc codepage tng ng vi cc bng m xem ti [4]):
<%Session.CodePage=65001%> // Dng cho ton b cc trang trong Session hin hnh <%@CodePage=65001%> // Dng cho trang hin hnh
Ly v d trong trng hp dng c s d liu SQL Server 7.0, d liu c tr v t cc cu truy vn theo bng m UCS-2. Nu ta ch nh CodePage l 65001, webserver s t ng chuyn d liu t UCS-2 sang UTF-8, ngc li nu khng ch nh thuc tnh CodePage, webserver s chuyn d liu n client theo bng m mc nh (v d nh windows-1252). iu ny gii thch cho trng hp mt s trang web asp hin th khng ng d liu Unicode c lu trong cc c s d liu nh SQL Server 7.0/2000, MS Access 2000. Ngoi ra, cc trang asp c s dng on m lnh thit lp CodePage l 65001 phi c lu theo nh dng tng ng l UTF-8 [6]. Nh vy, vic thit lp thuc tnh CodePage trong trang asp s gip cho webserver hiu c cc d liu c lu trong cc c s d liu, hng chui k t, theo bng m no m ha (encode) n trc khi chuyn n cho trnh duyt. Vic ch nh bng m dng trong trang web bng tag META s gip cho trnh duyt din dch (decode) d liu c chuyn n t webserver ng nht khi hin th [7]. 2.3. Cc bc c bn ca lp trnh web asp s dng ting Vit Unicode Son v lu tr tp tin .asp di dng m ha UTF-8. Trong cc tp tin asp, chn cc on m ch nh cho web server v trnh duyt x l d liu trong trang web nh l UTF-8. Cc on m ny phi t u trang asp. S dng v d mu sau:
<%@CODEPAGE=65001%> <%Session.Codepage=65001%> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> </HEAD> <BODY> </BODY> </HTML>
S dng cc h qun tr CSDL h tr Unicode nh SQLServer 7.0/2000, MS Access 2000. Nu dng SQL Server th phi khai bo kiu d liu cho cc trng lu d liu Unicode l NCHAR, NVARCHAR, NTEXT, Cc kiu d liu nh TEXT, MEMO, HYPERLINK trong MS Access 2000 mc nh l h tr lu d liu Unicode.
Truy xut c s d liu thng qua JScript/VBScript/ODBC. Khi lm vic trn h qun tr CSDL SQL Server 7.0/2000, nu dng cc hng chui trong cc cu lnh SQL, phi thm tip u ng N (bt buc l ch in hoa) vo [8]. Nu khng s dng tip u
ng ny, SQL Server s t ng chuyn chui d liu sang bng m mc nh hin hnh trc khi s dng n trong cc thao tc cp nht CSDL. V d, nu bn dng cu lnh sau: INSERT INTO SINHVIEN(TEN_SV) VALUES(Trn Nam Hi) th hng chui d liu Trn Nam Hi s c SQL Server xem nh l chui k t thng ch khng phi l chui Unicode. iu ny s dn n hu qu l d liu s c lu tr khng chnh xc. V d nh d liu ca k t trong chui trn l E1 BA A7, s c lu thnh 3 k t khc nhau. Trong khi nu dng cu lnh INSERT INTO SINHVIEN(TEN_SV) VALUES(NTrn Nam Hi) th 3 byte E1 BA A7 s c xem nh l mt k t khi lu xung [9]. 3. H tr Unicode ca cc phn mm 3.1. Cc phn mm h tr son tho trang web Visual Studio.NET, Notepad, MS FrontPage2002: H tr lu tp tin di dng UTF-8 Visual InterDev 6.0: Nu trong trang asp ta s dng cc hng chui c g vo di dng Unicode, v d nh: Response.Write Cho mng bn th lc lu tp tin, chng trnh s pht hin ra trong trang asp ny c xut hin k t Unicode v yu cu lu xung di dng Unicode, nu khng cc k t Unicode s b mt. Tuy nhin, nu chn lu di dng Unicode th chng trnh s lu tp tin ny di dng m ha UCS-2. Hin nay webserver IIS khng th x l c trang asp ny [10]. Do khng nn dng Visual InterDev 6.0 son tho cc trang asp trong cc ng dng Unicode ting Vit. Cc phn mm thng dng h tr g ting Vit Unicode: UniKey, VietKey. SQL Server 7.0/2000 v MS Access 2000 h tr Unicode. Vi mi k t Unicode, h thng s s dng bng m UCS-2 lu tr, ngha l dng c nh 2 byte cho mt k t. SQL 6.5 v MS Access 97 khng h tr Unicode. Tm li Unicode ra i nhm khc phc hn ch v s lng k t c m ha ca cc bng m 8-bit trc , cho php mi ngn ng c th s dng chung mt bng m duy nht. Do vn tng thch trong lu tr v truyn d liu m Unicode c cc dng m ha khc nhau nh UCS-2, UTF-8, UTF-16. UTF-8 l dng m ha Unicode thng dng nht trong cc ng dng web hin nay. vit cc ng dng web dng ting Vit Unicode, cn chn cc phn mm son tho h tr lu tr tp tin di dng m ha UTF-8 nh Visual Studio.NET, MS FrontPage2000, NotePad, ; s dng cc h qun tr CSDL h tr Unicode nh SQL Server 7.0/2000, MS Access 2000, ; t cc on m ch nh bng m m webserver v trnh duyt dng m ha v gii m d liu. Ti liu trch dn 1. http://www.microsoft.com/globaldev/articles/unicode.asp 2. http://www.unicode.org/unicode/standard/principles.html 3. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q303612 4. http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/charsets/charset4.asp 5. http://www.w3.org/TR/html401/charset.html#code-position IIS 5.0 khng th c c cc tp tin lu di dng UCS-2 [10], khng h tr CodePage ca bng m UTF-16 l 1200 [11]. IIS 4.0 khng h tr CodePage ca bng m UTF-8 l 65001 [11]. 3.2. Cc phn mm h thng khc
KT XUT D LIU RA DNG EXCEL T TRANG ASP Thng thng, cc ng dng web kt xut d liu ca cc bo co ra di dng bng biu. S rt cn thit nu ngi dng cng nhn c d liu ny di dng Excel c th s dng cho cc mc ch khc. K thut t c mc ch ny kh n gin. tng chnh ca k thut ny l s dng thuc tnh ContentType ca i tng Response trong ASP v thc hin theo cc bc tun t sau: Bc 1: Ch nh d liu s c chuyn i theo nh dng Excel n gin ch cn dng cu lnh: Response.ContentType = application/vnd.ms-excel. Thng thng, cn phi t cu lnh Response.Buffer = True v Response.Clear trc cu lnh ny m bo d liu c chuyn xung client chnh xc. Bc 2: Kt xut d liu di dng bng theo cch lm thng thng. Dng u tin ca bng cha tn ca cc ct s c hin th trong tp tin excel. Hy xem v d minh ha sau:
Data2Excel.asp <% Response.Buffer = True Response.Clear thit lp nh dng s kt xut l Excel Response.ContentType = application/vnd.ms-excel kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("myDB.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM myTable set rs = Conn.Execute(strSQL) rowstart = <tr> rowend = </tr> cellstart = <td> cellend = </td> Response.Write <TABLE border=1> dng u tin in tn cc ct Response.Write rowstart For i = 0 to rs.Fields.Count -1 Response.Write cellstart & "<b>" & rs.Fields(i).name & "</b>" & cellend Next Response.Write rowend in d liu ca tng dng Do while not rs.EOF Response.Write rowstart For i = 0 to rs.Fields.Count 1
Response.Write cellstart & rs.Fields(i)& cellend Next Response.Write rowend rs.MoveNext Loop rs.Close set rs = Nothing Conn.Close set Conn = nothing Response.Write </TABLE> Response.End %>
Bn lun: u im ca cch lm trn l cho php bn s dng cc on m sn c lc kt xut d liu ra dng bng theo cch thng thng chuyn sang nh dng Excel. Tuy nhin vic kt xut d liu theo nh dng Excel nh trong v d trn c th chim ti nguyn ca webserver c bit khi d liu ln do ch nn dng cch ny nu trang ny khng c s dng thng xuyn. Nu mun kt xut d liu ln v thc hin thng xuyn, ta c th kt xut thng qua nh dng CSV (Comma-Separated Values) ti u hn. Cc tp tin theo nh dng CSV l cc tp tin vn bn m d liu trong cc ct c ngn cch vi nhau bi du phy , (comma), rt thng c dng cho vic trao i d liu gia cc h qun tr CSDL v cc chng trnh bng tnh nh Excel. V d, nu bn m mt tp tin csv c ni dung nh sau trong Excel, ta s nhn c mt bng 3 dng, 3 ct: Doe,John,944-7077 Johnson,Mary,370-3920 Smith,Abigail,299-3958 chuyn d liu sang nh dng CSV, vn vi cch lm tng t bng cch thay i thuc tnh ContentType v dng application/csv v thm dng lnh sau yu cu trnh duyt hin th hp thoi ti tp tin v: Response.AddHeader "Content-Disposition", "filename=mydata.csv;". Sau , thay v nh dng d liu di dng bng, ta nh dng d liu theo dng d liu cc ct c phn cch vi nhau bng du phy ,. Xem v d minh ha sau:
Data2CSV.asp <% Response.Buffer = True Response.Clear thit lp nh dng s kt xut l Excel Response.ContentType = application/csv Response.AddHeader "Content-Disposition", "filename=mydata.csv;" kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ="
ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("myDB.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM myTable set rs = Conn.Execute(strSQL) dng u tin in tn cc ct For i = 0 to rs.Fields.Count -1 Response.Write rs.Fields(i).name & ", Next Response.Write vbNewLine kt thc mt dng d liu in d liu ca tng dng Do while not rs.EOF For i = 0 to rs.Fields.Count 1 Response.Write rs.Fields(i)& , Next Response.Write vbNewLine kt thc mt dng d liu rs.MoveNext Loop rs.Close set rs = Nothing Conn.Close set Conn = nothing Response.End %>
Hn ch ca nh dng ny l do d liu ch l cc k t ASCII nn s khng dng c trong trng hp d liu s dng Unicode, ngoi ra cn phi c cch x l thch hp trong trng hp d liu trong cc ct c du phy ,. Excel x l trng hp ny bng cch thay t ton b d liu trong du . V d nu bn c d liu l Abc, xyz th d liu s c i thnh Abc, xyz Tham kho thm ti: http://www.web-savant.com/users/kathi/asp/samples/tut/Export_to_Excel.asp http://gethelp.devx.com/techtips/asp_pro/10min/10min0699.asp L nh Duy ldduy@fit.hcmuns.edu.vn
Gi s ta dng CSDL l MS Access vi tp tin CSDL l DB_USERS c lu trong th mc APP_DB, bng d liu APP_USERS c dng lu thng tin ca ngi dng v hnh nh tng ng. on m sau ca tp tin showimage.asp minh ha cc bc trn:
showimage.asp <% kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN gi s cn hin th hnh nh lu trong bn ghi c trng APP_USERID bng vUserID strSQL = SELECT * FROM APP_USERS WHERE strSQL = strSQL & APP_USERID = & vUserID c d liu hnh nh vo recordset Set rs = Conn.Execute(strSQL) gn thuc tnh ContentType l image/gif Response.ContentType = image/gif ghi d liu hnh nh ra tp tin chuyn xung client Response.BinaryWrite(rs(APP_IMGDATA)) rs.close set rs = nothing Conn.close set Conn = nothing %>
Vi on m trn do ta t ni dung chuyn xung cho trnh duyt l image/gif nn khng th va cng hin th d liu vn bn va hin th hnh nh c. 3. Ti tp tin nh ln CSDL c th ti cc tp tin d liu ln server, thng thng ta dng cc component c vit sn h tr cho vic ny. Mt trong cc component cung cp min ph l aspSmartUpload (http://www.aspsmart.com/aspSmartUpload/). Hai vn cn lu khi s dng cc component dng ny l form trong trang dnh cho ngi dng nhp phi c t thuc tnh ENCTYPE l multipart/form-data v trang x l upload phi dng i tng Form ca cc component ly d liu v thay cho Request.Form. Vi aspSmartUpload ta c th ti ng thi nhiu tp tin ln server, thm ch c th hn ch kch thc tp tin, kiu tp tin, s c dng ti. V d sau minh ha vic ti d liu ln CSDL bng cch dng tp tin upload.htm cho php ngi dng ch nh tp tin cn upload, tp tin upload.asp dng lu d liu tp tin cn upload vo mt trng trong bng CSDL hoc lu thnh mt tp tin trong th mc no :
upload.htm <H1>aspSmartUpload : Sample </H1> <HR> <FORM method="POST" action="upload.asp" enctype="multipart/form-data"> <input type="FILE" name ="FILE1" ><br> <input type="submit" value="Upload"> </FORM>
upload.asp <% ' to i tng aspSmartUpload Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload") ' upload tp tin mySmartUpload.Upload kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN set rs = Server.CreateObject(ADODB.Recordset) set rs.ActiveConnection = Conn rs.Source = app_users rs.LockType = 3 rs.Open rs.close For each file In mySmartUpload.Files If NOT file.IsMissing then nu tp tin tn ti rs. AddNew lu di dng mt field trong CSDL file.FileToField rs.Fields(APP_IMGDATA) lu di dng mt tp tin trn th mc ca server vi ng dn tuyt i file.SaveAs("c:\temp\" & file.FileName) lu di dng mt tp tin trn th mc ca server vi ng dn tng i so vi th mc webroot file.SaveAs("dbimages/upload" & file.FileName) rs.Update End if Next rs.close set rs = nothing Conn.close set Conn = nothing %>
4. Kt lun Bi vit va trnh by cc hai thao tc c bn cho vic qun l hnh nh trong c s d liu ca cc ng dng web. Thao tc th nht lin quan n n vic chn hnh thc lu tr d liu nh, thao tc th hai lin quan n vic ti cc hnh nh ln server. Lu tr d liu nh di dng l mt trng c s d liu s lm cho kch thc c s d liu ln, vic x l kh phc tp nhng c thun li trong trng hp ng dng c thit k cho vic s dng phn tn. n gin v thng c dng hn c l lu tr cc tp tin hnh nh trong mt th mc nh trc trn server v lu tr ng dn n tp tin ny trong c s d liu.
o o o
Cc tag HTML Cc on m chng trnh pha client t trong cp tag <SCRIPT> v </SCRIPT> M chng trnh ASP c t trong cp tag <% v %>:
Ba thnh phn ban u l cu trc ca mt trang HTML thng thng, do c th xem mt trang ASP l mt trang HTML c nhng thm phn x l vit bng m ASP (VBScript, JScript, Perl, ...). V d sau minh ha mt trang ASP, d liu vn bn l Welcome to my website. Today is:, cc tag HTML l <P>, <B>, ... v on m chng trnh t gia <% v %>
<HTML> <BODY> <P> <B>Welcome to my website</B>. Today is <% Response.Write Date() %> </BODY> </HTML>
3. Mt s sch, website tham kho Thit k v Lp trnh ng dng web bng ASP L nh Duy NXB Thng k, 2001 Xy dng trang web ng vi ASP Nhm tc gi ELICOM - 2001 ASP Databases Nhm tc gi SAIGONBOOK - 2001 Professional Active Server Pages 3.0 Alex Homer et al - 1999 MSDN Active Server Pages Tutorial http://www.learnasp.com http://www.4guysfromrolla.com http://www.15seconds.com http://asp.superexpert.com http://www.aspfaqs.com
duy nht. Tt nhin, ta c th to thm cc trng khc qun l nh H Tn, a ch Email (c th s cn gi email khi qun mt khu), Ln ng nhp cui cng, Thi gian s dng h thng, Sau khi to xong, gi s tp tin ny c lu ti th mc APP_DB. Bc 2: To trang ng nhp login.htm yu cu ngi dng nhp thng tin v tn ng nhp v mt khu:
Login.htm <FORM action=login.asp method=POST> Username: <input type="text" name="fmUserName" size="20"><br> Password: <input type="password" name="fmPassword" size="20"><br> <input type="submit" value="Submit" name="btnSubmit"> <input type="reset" value="Reset" name="btnReset"> </FORM>
Bc 3: To trang login.asp kim tra thng tin ngi dng va nhp c trng khp vi thng tin c sn trn CSDL hay khng. Nu trng khp, gi tr bin blLoginOK s c chuyn thnh True.
Login.asp <% On Error Resume Next vUserName = Request.Form(fmUserName) Thay th du nhy n thnh hai du nhy n trnh li SQL injection vUserName = Replace(vUserName, , ) vPassword = Request.Form(fmPassword) vPassword = Replace(vPassword, , ) strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM APP_USERS WHERE strSQL = strSQL & APP_USERNAME = & & vUserName & strSQL = strSQL & AND & APP_PASSWORD = & & vPassword & Set rs = Conn.Execute(strSQL) if rs.eof then ngi dng khng hp l Response.Redirect(login.htm) else Session(blLoginOK) = True end if set rs = nothing set Conn = nothing %>
Bc 4: Trong cc trang web v d nh Admin.asp m ta ch mun nhng ngi c chng thc mi c quyn s dng, t on m kim tra bin blLoginOK l True hay False ngay u trang:
Admin.asp <% if (Session(blLoginOK) <> True) then Response.Redirect(login.htm) end if %>
3. Kt lun Nhu cu hn ch ngi dng truy cp n mt s trang web no trong ng dng l mt nhu cu thng xuyn khi xy dng cc ng dng. Bng cch s dng bin Session v CSDL ca ngi dng cng vi cc trang login.htm, login.asp, ta c th t c mc ch trn mt cch d dng.
BO V C S D LIU ACCESS TRONG CC NG DNG WEB Cc ng dng web s dng CSDL Access thng hay t tp tin CSDL .mdb vo mt th mc c th truy cp c t web, v d nh: D:\inetpub\wwwroot\myDB.mdb. iu nguy him nht theo cch lm thng thng ny l nu ngi dng bit c hay on c ng dn n tp tin .mdb, h c th ti tp tin CSDL v v ton b thng tin lu tr trn CSDL b nh cp. bo v CSDL Access trong cc ng dng web, nn kt hp cc phng n an ton sau: Phng n 1: t tp tin CSDL .mdb vo th mc c khng c quyn truy cp t Web. Gi s ta c website c th mc webroot l D:\inetpub\wwwroot\. Th mc cha tp tin CSDL v d l: D:\inetpub\wwwroot\Site1\data\myDB.mdb. Mc nh nu ngi dng on c ng dn ny: http//www.yourserver.com/site1/data/myDB.mdb, h c th ti c tp tin CSDL ny v bi v thng thng cc tp tin trong th mc ny c thit lp quyn Read. hn ch khng cho php ngi dng ti tp tin CSDL v, ta s b quyn Read c thit lp trong th mc ny bng cch dng tin ch Internet Service Manager.
Thao tc ny khng nh hng g n vic cc on m ASP truy cp n CSDL do thit lp ny c t mc webserver ch khng phi mc h thng tp tin NTFS. Ngha l cc on m ASP vn hot ng bnh thng nh trc. im khc duy nht l ngi dng khng th ti c tp tin CSDL d bit ng dn n n m thi. Phng n 2: t tp tin CSDL .mdb ti ni m ch truy cp c mc server-side tng chnh ca phng n ny l t tp tin CSDL trong mt th mc c cp cao hn th mc webroot ca webserver. V d, nu th mc D:\inetpub\wwwroot\ l webroot ca webserver, ta c th to mt th mc private t ti D:\inetpub\private v t tp tin CSDL vo y. Bng cch ny,
ngi dng client khng th no truy cp n th mc private ny ti CSDL v. Lc ny, ng dn n tp tin CSDL trong chui DSN s c chnh li nh sau: Nu dng ng dn tuyt i: sFileName = D:\inetpub\private Nu dng ng dn tng i: sFileName = Server.MapPath(/) tr v gi tr D:\inetpub\wwwroot sFileName = Replace(sFileName, wwwroot, private) sFileName = sFileName & myDB.mdb L nh Duy ldduy@fit.hcmuns.edu.vn
Thot nhn, on m trong trang ExecLogin.asp dng nh khng cha bt c mt l hng v an ton no. Ngi dng khng th ng nhp m khng c tn ng nhp v mt khu hp l. Tuy nhin, on m ny thc s khng an ton v l tin cho mt SQL injection attack. c bit, ch s h nm ch d liu nhp vo t ngi dng c dng xy dng trc tip cu lnh truy vn SQL. Chnh iu ny cho php nhng k tn cng c th iu khin cu truy vn s c thc hin. V d, nu ngi dng nhp chui sau vo trong c 2 nhp liu username/password ca trang Login.htm: or = . Lc ny, cu truy vn s c gi thc hin l:
SELECT * FROM tblUsers WHERE Username='' or ''='' and Password = '' or ''=''
Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca tblUsers v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp hp l. Mt v d khc ca SQL injection attack na l khi cc trang web s dng d liu nhp vo theo dng querystring (bng cch g cp tham s v gi tr trc tip trn thanh a ch hoc dng form vi thuc tnh ACTION l GET). V d sau minh ha mt trang ASP nhn d liu cho bin ID thng qua querystring v pht sinh ni dung ca trang da trn ID:
<% Dim p_lngID, objRS, strSQL p_lngID = Request("ID") strSQL = "SELECT * FROM tblArticles WHERE ID=" & p_lngID Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." If (Not objRS.EOF) Then Response.Write objRS("ArticleContent") Set objRS = Nothing %>
Trong cc tnh hung thng thng, on m ny hin th ni dung ca article c ID trng vi ID c chuyn n cho n di dng querystring. V d, trang ny c th c gi nh sau: http://www.example.com/Article.asp?ID=1055, hin th ni dung ca article c ID l 1055. Ging nh v d ng nhp trc, on m ny l s h cho mt SQL injection attack. K tn cng c th thay th mt ID hp l bng cch gn ID cho mt gi tr khc, thc hin mt lnh SQL bt hp php, v d nh: 0 or 1=1 (ngha l, http://www.example.com/Article.asp?ID=0 or 1=1). Cu truy vn SQL lc ny s tr v tt c cc article t bng d liu v n s thc hin cu lnh:
SELECT * FROM tblArticles WHERE ID=0 or 1=1
Tt nhin v d ny dng nh khng c g nguy him, nhng hy th tng tng k tn cng c th xa ton b CSDL bng cch chn vo cc on lnh nguy him nh lnh DELETE. Tt c ch l n gin thay i chui gn d liu cho ID, v d nh: http://www.example.com/Article.asp?ID=1055; DELETE FROM tblArticles. 2. Cc tc hi v cch phng trnh Tc hi t SQL Injection attack ty thuc vo mi trng v cch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngi s hu CSDL - owner) khi thao tc d liu, n c th xa ton b cc bng d liu, to cc bng d liu mi, Nu ng dng s dng quyn sa (quyn qun tr h thng), n c th iu khin ton b h qun tr CSDL v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngi dng bt hp php iu khin h thng ca bn.
phng trnh cc nguy c c th xy ra, hy bo v cc cu truy vn SQL l bng cch kim sot cht ch tt c cc d liu nhp nhn c t i tng Request (Request, Request.QueryString, Request.Form, Request.Cookies, and Request.ServerVariables). Trong trng hp d liu nhp vo l chui, nh trong v d 1, li xut pht t vic c du nhy n trong d liu. trnh iu ny, thay th cc du nhy n bng hm Replace thay th bng 2 du nhy n:
p_strUsername = Replace(Request.Form("txtUsername"), "'", "''") p_strPassword = Replace(Request.Form("txtPassword"), "'", "''")
Trong trng hp d liu nhp vo l s, nh trong v d 2, li xut pht t vic thay th mt gi tr c tin on l d liu s bng chui cha cu lnh SQL bt hp php. trnh iu ny, n gin hy kim tra d liu c ng kiu hay khng:
p_lngID = CLng(Request("ID"))
Nh vy, nu ngi dng truyn vo mt chui, hm ny s tr v li ngay lp tc. Ngoi ra trnh cc nguy c t SQL Injection attack, nn ch loi b bt k thng tin k thut no cha trong thng ip chuyn xung cho ngi dng khi ng dng c li. Cc thng bo li thng thng tit l cc chi tit k thut c th cho php k tn cng bit c im yu ca h thng. Cui cng, gii hn mc ca SQL Injection attack, nn kim sot cht ch v gii hn quyn x l d liu n ti khon ngi dng m ng dng web ang s dng. Cc ng dng thng thng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn ch, thit hi cng t. Cc ti liu tham kho SQL Injection FAQ: http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 Advanced SQL Injection : http://www.nextgenss.com/papers/advanced_sql_injection.pdf Preventing SQL Injection: http://www.owasp.org/asac/input_validation/sql.shtml Bin dch t: http://www.4guysfromrolla.com/webtech/061902-1.shtml