Scribd Logo
Upload

Welcome to Scribd!

  • Thiet Ke Web

    Uploaded by

    loc0190
    9 views25 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views25 pages

    Thiet Ke Web

    Uploaded by

    loc0190

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    BY BC THIT K TRANG WEB N TNG V HIU QU

    Mc d vic thit k trang web i hi phi c nhiu kh nng v m thut, tuy nhin vn c th a ra mt qu trnh thit k c th gip bn tng kh nng to ra cc trang web hiu qu v n tng. C th nhiu ngi s cho rng vic a ra cc bc trong qu trnh thit k s lm mt i qu trnh sng to, iu ny c l ng i vi nhng nh thit k gii, nhng ngi c qu trnh thit k v sng to ca ring h. Nhng vi nhng ngi khng c o to bi bn v thc hnh nhiu th vic nghin cu xem ngi khc thit k v ng dng cc bc nh th no c th s gip ch rt nhiu cho h. Bc 1 : Phn tch ngi dng v t nh gi chnh mnh Nu bn khng bit ngi dng d nh l ai, th tt c vic thit k, cho d c c thc hin k lng n u cng ch dn n tht bi. Bn cn phi bit cc thng tin v ngi dng nh trnh , s thch, cc lnh vc quan tm, cu hnh trang thit b, phn mm, trnh a ra mt trang web v tch s. Bn cng cn phi phn tch cc mi quan tm v kh nng ca chnh bn. Bn c kh nng thit k cc trang web c hiu qu v n tng khng? Bn c trnh chuyn mn to ra c cc trang c lng thng tin phong ph da trn cc ti nguyn sn c khng? Sau y l mt s k thut gip cho bc ny : 1. M t mc tiu: Hy xc nh chnh xc mc tiu ca trang ny mt cch ngn gn. Mc tiu cn c m t mt cch sc tch, r rng, khng qu rm r, chi tit. 2. Xc nh vn gii quyt: T m t mc tiu bc trn, nu ra cc vn cn gii quyt t c mc tiu, tm tt phng php gii quyt, ... 3. Xc nh ngi dng: Lit k cc c im ca khch hng nh tui tc, ngh nghip, gii tnh, thu nhp, trnh , vng c tr, cu hnh trang thit b, phn mm, vo mt danh sch phn tch v x l sau ny. 4. Lit k cc ngun ti nguyn: Bn c sn nhng g hon thnh cng vic c v mt trang thit b, cng c phn mm, v c v trnh chuyn mn ? Bn c th lm c nhng g, v bn s nh gip nhng g ? 5. Xy dng bng tin thc hin: Xc nh thi gian cn hon thnh sn phm vi cc ti nguyn sn c, thi gian cn thc hin tng bc ca qu trnh, Bc 2 : Thit k cc chc nng v cu trc trang C th lc ny bn rt mun ngi ngay vo my v bt tay vo vic xy dng trang web nhng ng vi! Hy dnh thi gian cho vic thit k cc chc nng v cu trc ca cc trang chnh, v

    PDF processed with CutePDF evaluation edition www.CutePDF.com

    y l bc quan trng nht trong qu trnh thit k. Sau y l mt s hng dn thc hin bc ny : 1. Chn cch lm vic sao cho c th phc tho thit k mt cch thoi mi: Bn c th dng bt v s trn giy, hay c th dng cc chng trnh my tnh phc tho. Tuy nhin vic s dng cc chng trnh my tnh c th s lm hn ch nng sut lm vic v cc cng c c sn thng b gii hn. 2. Vic thit k nn i t tru tng n c th: Vic a ra cc chi tit ngay t u c th s lm mt i tng quan ca vn . Phi xc nh khung ca chc nng trc ri sau mi la chn ni dung in vo. Bc 3 : Tm cch trnh by n tng v hiu qu Ngay c mt cu trc tt nht cng s tht bi nu vic trnh by thng tin khng trc quan v n tng. Mt cch trnh by c n tng v hiu qu c nh gi khng ch bng cch trng n nh th no m cn xem n ng gp nh th no vo qu trnh t mc tiu ban u. Sau y l mt s cch tm ra ngun cung cp cho cc trnh by tt: 1. a ra cng nhiu cch trnh by t kh nng ca chnh bn. Lun quan st v su tp cc trnh by tt ot gii, c nhiu ngi cng nhn, hay cc trnh by m bn thch, ... 2. Lun cp nht cc thay i v cng ngh web. Bn nn lun c cc ti liu mi nht v HTML, cng nh cc thng tin v cc dng tp tin v cc thit b mi c h tr bi cc nh sn xut. 3. Lun ghi nh: i tng nh gi cch trnh by l ngi dng ch khng phi bn. 4. Th cng nhiu gii php cng tt v hy ghi nhn cc nhn xt, phn hi ca nhng ngi cng tc hon chnh thit k. Bc 4 : Xy dng ni dung L mt ngi thit k trang web, bn c th c hoc khng chu trch nhim to ni dung (nh vn bn, hnh nh, m thanh, video, ..). V vic to ni dung thng khng th i n lc thit k hnh thnh, bn c th tin hnh cc bc sau m bo rng ni dung v thit k ca bn l tng thch vi nhau: 1. Sa i, hiu chnh cc ni dung c hoc cc ni dung m bn c quyn sa. 2. Xin h tr v c vn ca nhng chuyn gia i vi cc ch ngoi lnh vc chuyn mn ca bn. 3. Thit lp ng dy lin lc gia bn (ngi thit k) v nhng ngi to ni dung. a ra cc qui c, cc c t cho ni dung nh mi trng h tr, nh dng tp tin, cch nn, qui c t tn tp tin,

    4. m bo cng nhiu thng tin cng tt. Cn phi c s kt hp cht ch gia vn bn v ha, hnh nh, m thanh trong ni dung. 5. To mt cu trc cy th mc hp l cho ni dung v thng xuyn sao lu m bo an ton. Bc 5 : Thit k v kim tra khung trang web Trong khi ang tin hnh xy dng ni dung, y l lc kim tra cc chc nng v cu trc c xy dng trong bc 2 xem n hot ng nh th no. y l bc m bn chuyn cc m t v chc nng, v thit k ban u sang mt th hin l cc trang web c th. Sau y l mt s hng dn thc hin bc ny : 1. Lin lc vi ngi qun tr server xem vic t chc cc tp tin nh th no v cc c t no c sn. Cho ngi qun tr bit cc loi tp tin no m bn ang s dng cha c h tr. 2. S dng cc lin kt trong cc trang ti cc cu trc th mc tng t nh cu trc th mc trn server. 3. Ghi nhn cc nh thng c dng trong vic truy xut cc trang thng thng a vo cache. Bng cch ny bn c th tng tc truy xut cc trang. 4. Th nghim trn server kim tra xem n hot ng ng nh thit k hay khng. Bc 6 : a ni dung vo Trong trng hp tt nht, cc khung dnh cho vn bn v ha s c in vo bng ni dung thc s ca n mt cch d dng v n khp. Tuy nhin iu ny him khi xy ra v mt l, hnh nh v vn bn a vo c th khng va vi khung thit k dnh cho n nh d nh ban u. Cn phi thm mt s thao tc na mi c th thc hin xong chuyn ny. vic a ni dung vo tht s n gin, n khp, cn phi gi mi lin lc tt gia cc thnh vin lin quan nh ngi thit k, ngi minh ha, ngi vit ni dung, ngi bin tp, v ngi qun tr server, Sau y l mt s hng dn cho vic thc hin tt bc ny : 1. Trc tin hy cho cc trang hot ng cc b, ring l d kim tra, hiu chnh, nh gi, ... 2. Lm vic theo module, ngha l cho nhm cc trang lin quan nhau hot ng tri chy trc khi m rng ra. 3. ng ngi thay i mt quyt nh thit k trc . C th bn gi nh sai, hoc l cng ngh thay i vo lc a ni dung vo,

    Bc 7 : Kim tra v nh gi Cc trang hiu qu nht l kt qu ca vic thit k v nh gi cn thn. Mt web site tr gi na triu la c th c n 70% tng chi ph dnh cho vic thit k v nh gi. Sau y l mt s bc thc hin vic ny: 1. Kim tra hot ng ca cc lin kt ni b v cc ngun ti nguyn. 2. Kim tra chnh xc ca cc lin kt ngoi. Khng c g t hn l cc lin kt vi cc trang bn ngoi khng cn tn ti na, hoc l c chuyn n ni khc, hoc l khng cn ph hp na. 3. Th cc trang vi nhiu trnh duyt khc nhau. Thc hin iu ny kim tra tnh tng thch ca trang vi cc trnh duyt, xem th thit k trang tn dng ht cc h tr ca trnh duyt cha, 4. Th cc trang bng nhiu cch kt ni khc nhau. Th xem vic hin th cc trang c nh hng nh th no nu kt ni bng mng cc b, ng kt ni tc cao, ng in thoi, 5. Th cc trang tnh trng mc truy cp cao. Nu server ca bn chy tt trong cc gi cao im th nhng gi khc c th chp nhn c. 6. Th cc trang vi nhiu dng ngi dng khc nhau. Nu trang ca bn cp v cc mi quan tm chung th hy tranh th th trang web vi nhng ng s, bn b, Hy ghi ch v quan st. C th bn s khng cn thay i phin bn ca trang web nhng bn s cn cc thng tin v trang lin tc c cp nht ha. Trn y l cc bc gip bn c th to cc trang web tt. Chc cc bn thnh cng. L nh Duy ldduy@fit.hcmuns.edu.vn

    LP TRNH WEB ASP VI TING VIT UNICODE


    L nh Duy Khoa CNTT - HKHTN Tp. HCM ldduy@fit.hcmuns.edu.vn 08.2002 1. Mt s khi nim cn bn v biu din k t bn trong my tnh 1.1. Khi nim v im m, n v m, bng m V mt bn cht, my tnh ch lm vic vi cc con s, do biu din cc k t trn my tnh cn phi c mt qui c nht qun gia cc k t cn biu din v cc con s tng ng m my tnh x l. Qui c ny c th hin qua cc bc sau: Chn tp cc k t cn m ha (character set). Gn cho mi k t cn m ha mt gi tr nguyn khng m, gi l im m (code point). Chuyn cc im m thnh dy cc n v m (code units) cho phc v cho vic lu tr v m ha. Mt n v m l mt n v ca b nh, c th l 8, 16, hay 32 bit. Cc im m khng nht thit phi c cng s n v m. Tp hp nhng im m ca mt tp cc k t c gi l mt trang m (code page) hay cn gi l bng m hay b m. Nh vy khi ni v mt bng m, chng ta quan tm n hai iu chnh, s lng cc k t c m ha, v cch m ha chng thnh cc n v m. Ly v d bng m ASCII, tp k t cn m ha c 128 k t bao gm cc k t ting Anh, k t s, k t tin t Anh, M v cc k t iu khin h thng ngoi vi. Cc im m c gi tr nm trong khong t 0-127. Mi im m c m ha bng ng mt n v m 8 bit, c ngha l ng mt byte. Vic quyt nh chn cch m ha nh th no s quyt nh s lng k t c m ha. V d, nu chn cch m ha cc im m bng ng mt n v m 8-bit th s lng im m ca mt bng m (tm gi l bng m 8 bit) ch c th ti a l 256. Do bng m ASCII khng biu din cc k t ca cc ngn ng khc, v d nh ting Vit, nn Microsoft ni rng bng m ASCII bng cch s dng 128 im m c gi tr t 128-255 m ha cho cc k t ngoi ASCII ny. Tuy nhin do ch c 128 im m, trong khi s lng cc k t ca cc ngn ng khc nhiu hn, nn Microsoft to ra nhiu bng m khc nhau cho tng loi ngn ng [1]. V d:
    code page 1250 upper 128 lower 128 ASCII ASCII 1251 1252 1253 1254 Turkish 1258 etc.,

    Eastern Europe Cyrillic

    West Euro Greek ANSI ASCII ASCII

    Vietnamese etc.,

    ASCII

    ASCII

    etc.,

    Tuy nhin trong tng bng m ny, khng phi tt c cc k t ca mt ngn ng u c trong bng m. Hay ni chnh xc hn l khng phi tt c cc k t u c biu din bng duy nht mt im m. Ly v d ting Vit chng ta c 134 k t t hp t 28 ch ci v 5 du thanh. Do ch c 128 im m nn bng m windows-1258 dnh cho ting Vit biu din mt s k t thnh hai im m lin tip, mt im m dnh cho k t c s v mt im m dnh cho du thanh. V d: k t c biu din bng hai im m

    tng ng vi cc k t v k t du sc: = + . Cch biu din nh vy c gi l cch biu din tch ri (decomposed) m thut ng chng ta hay gi l t hp. Bng m TCVN3-ABC dng 134 im m biu din ht cc k t ting Vit, chnh iu ny dn n phi s dng mt s im m ca bng m ASCII. y chnh l l do m cc trang web s dng bng m ny khng hin th c k t trong cc trnh duyt Internet Explorer 5.0 tr ln. Cch biu din nh vy c gi l cch biu din kt hp sn (precomposed) m thut ng chng ta hay gi l dng sn. 1.2. Bng m Unicode V mt bn cht cc bng m trn ca Windows l bng m 8-bit, ngha l mi im m c m ha bng ng mt n v m 8-bit. Chnh iu ny gii hn s lng cc cc k t c m ch l 256. Do trong mt vn bn khng th cng hin th nhiu k t ca cc ngn ng khc nhau c. Unicode ra i nhm thng nht chung cc k t ca mi ngn ng trong mt bng m duy nht [2]. Hai vn nn lu khi cp n thut ng Unicode l: Tp k t m Unicode biu din: y mun ni n tp k t v cch nh x cc k t bng cc im m tng ng. Cch m ha cc im m thnh cc n v m. Unicode dng 16 bit biu din cc im m, do n c th biu din c n 65,536 k t c im m nm trong khong t 0-65,535. Do vy vi Unicode ngi ta c th biu din c hu ht cc k t ca cc ngn ng. Cch n gin nht m ha cc k t Unicode l biu din mi im m bng ng mt n v m 16-bit. y chnh l cch m ha nguyn thy ca Unicode trong phin bn 2.0 c ISO/IEC chun ha thnh ISO/IEC 10646 hay cn gi l UCS-2. Tuy nhin, tng thch vi cc h thng x l trc khi Unicode ra i cng nh ti u ha trong qu trnh lu tr v truyn d liu, ngi ta dng cc cch khc nhau m ha cc im m thnh cc n v m. Mi cch m ha nh vy c gi l mt dng bin i ca Unicode (UTF Unicode Transformation Format). Thng dng nht hin nay l UTF-8 v UTF-16 dng dy cc n v m c di khc nhau m ha cc im m. UTF-8 dng 1 n 4 n v m 8-bit trong khi UTF-16 dng 1 n 2 n v m 16-bit m ha. V d sau minh ha cch m ha ca UTF-8: 128 k t u tin ca Unicode t im m U+0000 n U+007F, c m ha thnh 1 byte. T im m U+0080 n U+07FF, c m ha thnh 2 byte. T im m U+0800 n U+FFFF, c m ha thnh 3 byte. T im m U+0800 n U+FFFF, c m ha thnh 4 byte.

    Nh vy khi cp n Unicode trong lp trnh, cn phi xc nh r chng ta dng bng m Unicode theo dng bin i no: UCS-2, UTF-8, hay UTF-16, UCS-2 c dng trong cc h qun tr c s d liu nh SQL Server 7.0/2000, Microsoft Access 2000, UTF-8 thng c dng trong cc ng dng web, trong khi UTF-16 li c dng trong cc h thng nh Windows 2000/XP, Java, 2. Lp trnh web vi ting Vit Unicode 2.1. Ch nh bng m dng trong trang web Khi mt trang web c server chuyn xung cho client, trnh duyt s dng thng tin v bng m m trang web s dng chuyn dy cc byte trong ti liu thnh cc k t tng ng hin th ln mn hnh. Ngoi ra, mt khi d liu trong cc FORM c gi i sau khi ngi dng submit, trnh duyt cng s cn c vo bng m ny chuyn i d liu khi truyn i. V d, nu trang web c ch nh dng bng

    m windows-1252 th khi FORM c submit, d liu s c m ha theo bng m ny cho d trc trong cc hp iu khin ca FORM, d liu c g di dng Unicode [3]. Vic ch nh bng m c vai tr rt quan trng trong vic hin th ng ni dung m ngi thit k mong mun, bi v nu khng ch nh bng m c dng trong trang web hin hnh mt cch r rng, trnh duyt s s dng bng m mc nh. V d, nu d liu chuyn n cho trang web l E1 BB 81, nu ch nh bng m l UTF-8 th 3 byte ny chnh l biu din m ca k t trong khi nu h thng dng bng m mc nh, v d nh windows-1252, th 3 byte ny li c xem nh l biu din 3 k t khc nhau v s c hin th l . ch nh bng m m trang web hin hnh s dng, ta dng tag META vi thuc tnh HTTP-EQUIV c gn l Content-Type, v ch nh tn ca bng m c dng trong thuc tnh CONTENT (Thng tin v cc bng m c dng trn Windows c th xem ti [4]). Trong v d sau, tag META c dng ch nh bng m windows-1252 cho mt trang web:
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=windows-1252">

    yu cu trnh duyt s dng mt bng m cho ton b trang web, ta phi t tag META ny trc tag BODY. Thng thng l t tag META ny trong tag HEAD nh v d sau:
    <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=windows-1252"> <TITLE>New Page 1</TITLE> </HEAD> <BODY> </BODY> </HTML>

    Trong trng hp bng m c ch nh khng c kh nng biu din c tt c cc k t ca trang web, ngi ta phi dng n s tham chiu ca k t (NCRs - numerical character references). S tham chiu k t l im m ca k t Unicode tng ng m n biu din. S tham chiu k t c hai dng thp phn v thp lc phn. Dng thp phn c c php l &#D;, vi D l s thp phn. Dng thp lc phn c c php l &#xH;, vi H l s thp lc phn. V d: &#229; v &#xE5; l cc s tham chiu ca k t a trong bng m Unicode. Mt khi gp s tham chiu ca k t, trnh duyt s tham chiu trc tip n k t c im m tng ng trong bng m Unicode m khng s dng n bng m c ch nh hin hnh [5]. Ly v d mt trang web c m ha vi bng m windows-1252, lc hin th on vn bn: Ting Vit, d liu cho trang web phi l Ti&#7871;ng Vi&#7879;t , trong &#7871; v &#7879; ln lt l cc s tham chiu ca cc k t v trong bng m Unicode. iu ny cho php gii thch ti sao, cc trang web khng dng bng m UTF-8, v d nh windows-1252, vn c th hin th c cc k t Unicode khng thuc bng m hay khi chuyn i t bng m UTF-8 sang windows-1252, MS FrontPage 2000 li t ng thm vo cc s tham chiu k t theo cch trn. 2.2. Hot ng ca webserver Khi trnh duyt yu cu mt trang .asp, trnh x l trang asp ti webserver s thng dch cc m lnh trong trang web ny v gi kt qu v cho trnh duyt. Thng thng, lnh Response.Write c dng cho cc kt xut t cc hng chui hay t cc bin ra mn hnh. V d nh:

    <% Response.Write Cho mng bn n vi trang web ny in mt hng chui Response.Write rs(TEN_NV) in d liu ca mt bin, v d nh l mt trng ca recordset %>

    yu cu webserver m ha cc d liu trong cc hng chui v bin theo bng m s c dng hin th ti client, ta cn phi t thuc tnh CodePage v bng m tng ng. Cc lnh trong v d sau s yu cu webserver m ha cc chui d liu theo bng m UTF-8 (Thng tin v cc codepage tng ng vi cc bng m xem ti [4]):
    <%Session.CodePage=65001%> // Dng cho ton b cc trang trong Session hin hnh <%@CodePage=65001%> // Dng cho trang hin hnh

    Ly v d trong trng hp dng c s d liu SQL Server 7.0, d liu c tr v t cc cu truy vn theo bng m UCS-2. Nu ta ch nh CodePage l 65001, webserver s t ng chuyn d liu t UCS-2 sang UTF-8, ngc li nu khng ch nh thuc tnh CodePage, webserver s chuyn d liu n client theo bng m mc nh (v d nh windows-1252). iu ny gii thch cho trng hp mt s trang web asp hin th khng ng d liu Unicode c lu trong cc c s d liu nh SQL Server 7.0/2000, MS Access 2000. Ngoi ra, cc trang asp c s dng on m lnh thit lp CodePage l 65001 phi c lu theo nh dng tng ng l UTF-8 [6]. Nh vy, vic thit lp thuc tnh CodePage trong trang asp s gip cho webserver hiu c cc d liu c lu trong cc c s d liu, hng chui k t, theo bng m no m ha (encode) n trc khi chuyn n cho trnh duyt. Vic ch nh bng m dng trong trang web bng tag META s gip cho trnh duyt din dch (decode) d liu c chuyn n t webserver ng nht khi hin th [7]. 2.3. Cc bc c bn ca lp trnh web asp s dng ting Vit Unicode Son v lu tr tp tin .asp di dng m ha UTF-8. Trong cc tp tin asp, chn cc on m ch nh cho web server v trnh duyt x l d liu trong trang web nh l UTF-8. Cc on m ny phi t u trang asp. S dng v d mu sau:
    <%@CODEPAGE=65001%> <%Session.Codepage=65001%> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8"> </HEAD> <BODY> </BODY> </HTML>

    S dng cc h qun tr CSDL h tr Unicode nh SQLServer 7.0/2000, MS Access 2000. Nu dng SQL Server th phi khai bo kiu d liu cho cc trng lu d liu Unicode l NCHAR, NVARCHAR, NTEXT, Cc kiu d liu nh TEXT, MEMO, HYPERLINK trong MS Access 2000 mc nh l h tr lu d liu Unicode.

    Truy xut c s d liu thng qua JScript/VBScript/ODBC. Khi lm vic trn h qun tr CSDL SQL Server 7.0/2000, nu dng cc hng chui trong cc cu lnh SQL, phi thm tip u ng N (bt buc l ch in hoa) vo [8]. Nu khng s dng tip u

    ng ny, SQL Server s t ng chuyn chui d liu sang bng m mc nh hin hnh trc khi s dng n trong cc thao tc cp nht CSDL. V d, nu bn dng cu lnh sau: INSERT INTO SINHVIEN(TEN_SV) VALUES(Trn Nam Hi) th hng chui d liu Trn Nam Hi s c SQL Server xem nh l chui k t thng ch khng phi l chui Unicode. iu ny s dn n hu qu l d liu s c lu tr khng chnh xc. V d nh d liu ca k t trong chui trn l E1 BA A7, s c lu thnh 3 k t khc nhau. Trong khi nu dng cu lnh INSERT INTO SINHVIEN(TEN_SV) VALUES(NTrn Nam Hi) th 3 byte E1 BA A7 s c xem nh l mt k t khi lu xung [9]. 3. H tr Unicode ca cc phn mm 3.1. Cc phn mm h tr son tho trang web Visual Studio.NET, Notepad, MS FrontPage2002: H tr lu tp tin di dng UTF-8 Visual InterDev 6.0: Nu trong trang asp ta s dng cc hng chui c g vo di dng Unicode, v d nh: Response.Write Cho mng bn th lc lu tp tin, chng trnh s pht hin ra trong trang asp ny c xut hin k t Unicode v yu cu lu xung di dng Unicode, nu khng cc k t Unicode s b mt. Tuy nhin, nu chn lu di dng Unicode th chng trnh s lu tp tin ny di dng m ha UCS-2. Hin nay webserver IIS khng th x l c trang asp ny [10]. Do khng nn dng Visual InterDev 6.0 son tho cc trang asp trong cc ng dng Unicode ting Vit. Cc phn mm thng dng h tr g ting Vit Unicode: UniKey, VietKey. SQL Server 7.0/2000 v MS Access 2000 h tr Unicode. Vi mi k t Unicode, h thng s s dng bng m UCS-2 lu tr, ngha l dng c nh 2 byte cho mt k t. SQL 6.5 v MS Access 97 khng h tr Unicode. Tm li Unicode ra i nhm khc phc hn ch v s lng k t c m ha ca cc bng m 8-bit trc , cho php mi ngn ng c th s dng chung mt bng m duy nht. Do vn tng thch trong lu tr v truyn d liu m Unicode c cc dng m ha khc nhau nh UCS-2, UTF-8, UTF-16. UTF-8 l dng m ha Unicode thng dng nht trong cc ng dng web hin nay. vit cc ng dng web dng ting Vit Unicode, cn chn cc phn mm son tho h tr lu tr tp tin di dng m ha UTF-8 nh Visual Studio.NET, MS FrontPage2000, NotePad, ; s dng cc h qun tr CSDL h tr Unicode nh SQL Server 7.0/2000, MS Access 2000, ; t cc on m ch nh bng m m webserver v trnh duyt dng m ha v gii m d liu. Ti liu trch dn 1. http://www.microsoft.com/globaldev/articles/unicode.asp 2. http://www.unicode.org/unicode/standard/principles.html 3. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q303612 4. http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/reference/charsets/charset4.asp 5. http://www.w3.org/TR/html401/charset.html#code-position IIS 5.0 khng th c c cc tp tin lu di dng UCS-2 [10], khng h tr CodePage ca bng m UTF-16 l 1200 [11]. IIS 4.0 khng h tr CodePage ca bng m UTF-8 l 65001 [11]. 3.2. Cc phn mm h thng khc

    6. http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q295063& 7. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/iisref/html/psdk/asp/vbob150l.asp 8. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q239530 9. http://support.microsoft.com/default.aspx?scid=kb;en-us;q232580 10. http://support.microsoft.com/default.aspx?scid=kb;en-us;Q245000 11. http://support.microsoft.com/default.aspx?scid=kb;[LN];Q254313 HT

    KT XUT D LIU RA DNG EXCEL T TRANG ASP Thng thng, cc ng dng web kt xut d liu ca cc bo co ra di dng bng biu. S rt cn thit nu ngi dng cng nhn c d liu ny di dng Excel c th s dng cho cc mc ch khc. K thut t c mc ch ny kh n gin. tng chnh ca k thut ny l s dng thuc tnh ContentType ca i tng Response trong ASP v thc hin theo cc bc tun t sau: Bc 1: Ch nh d liu s c chuyn i theo nh dng Excel n gin ch cn dng cu lnh: Response.ContentType = application/vnd.ms-excel. Thng thng, cn phi t cu lnh Response.Buffer = True v Response.Clear trc cu lnh ny m bo d liu c chuyn xung client chnh xc. Bc 2: Kt xut d liu di dng bng theo cch lm thng thng. Dng u tin ca bng cha tn ca cc ct s c hin th trong tp tin excel. Hy xem v d minh ha sau:
    Data2Excel.asp <% Response.Buffer = True Response.Clear thit lp nh dng s kt xut l Excel Response.ContentType = application/vnd.ms-excel kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("myDB.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM myTable set rs = Conn.Execute(strSQL) rowstart = <tr> rowend = </tr> cellstart = <td> cellend = </td> Response.Write <TABLE border=1> dng u tin in tn cc ct Response.Write rowstart For i = 0 to rs.Fields.Count -1 Response.Write cellstart & "<b>" & rs.Fields(i).name & "</b>" & cellend Next Response.Write rowend in d liu ca tng dng Do while not rs.EOF Response.Write rowstart For i = 0 to rs.Fields.Count 1

    Response.Write cellstart & rs.Fields(i)& cellend Next Response.Write rowend rs.MoveNext Loop rs.Close set rs = Nothing Conn.Close set Conn = nothing Response.Write </TABLE> Response.End %>

    Bn lun: u im ca cch lm trn l cho php bn s dng cc on m sn c lc kt xut d liu ra dng bng theo cch thng thng chuyn sang nh dng Excel. Tuy nhin vic kt xut d liu theo nh dng Excel nh trong v d trn c th chim ti nguyn ca webserver c bit khi d liu ln do ch nn dng cch ny nu trang ny khng c s dng thng xuyn. Nu mun kt xut d liu ln v thc hin thng xuyn, ta c th kt xut thng qua nh dng CSV (Comma-Separated Values) ti u hn. Cc tp tin theo nh dng CSV l cc tp tin vn bn m d liu trong cc ct c ngn cch vi nhau bi du phy , (comma), rt thng c dng cho vic trao i d liu gia cc h qun tr CSDL v cc chng trnh bng tnh nh Excel. V d, nu bn m mt tp tin csv c ni dung nh sau trong Excel, ta s nhn c mt bng 3 dng, 3 ct: Doe,John,944-7077 Johnson,Mary,370-3920 Smith,Abigail,299-3958 chuyn d liu sang nh dng CSV, vn vi cch lm tng t bng cch thay i thuc tnh ContentType v dng application/csv v thm dng lnh sau yu cu trnh duyt hin th hp thoi ti tp tin v: Response.AddHeader "Content-Disposition", "filename=mydata.csv;". Sau , thay v nh dng d liu di dng bng, ta nh dng d liu theo dng d liu cc ct c phn cch vi nhau bng du phy ,. Xem v d minh ha sau:
    Data2CSV.asp <% Response.Buffer = True Response.Clear thit lp nh dng s kt xut l Excel Response.ContentType = application/csv Response.AddHeader "Content-Disposition", "filename=mydata.csv;" kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ="

    ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("myDB.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM myTable set rs = Conn.Execute(strSQL) dng u tin in tn cc ct For i = 0 to rs.Fields.Count -1 Response.Write rs.Fields(i).name & ", Next Response.Write vbNewLine kt thc mt dng d liu in d liu ca tng dng Do while not rs.EOF For i = 0 to rs.Fields.Count 1 Response.Write rs.Fields(i)& , Next Response.Write vbNewLine kt thc mt dng d liu rs.MoveNext Loop rs.Close set rs = Nothing Conn.Close set Conn = nothing Response.End %>

    Hn ch ca nh dng ny l do d liu ch l cc k t ASCII nn s khng dng c trong trng hp d liu s dng Unicode, ngoi ra cn phi c cch x l thch hp trong trng hp d liu trong cc ct c du phy ,. Excel x l trng hp ny bng cch thay t ton b d liu trong du . V d nu bn c d liu l Abc, xyz th d liu s c i thnh Abc, xyz Tham kho thm ti: http://www.web-savant.com/users/kathi/asp/samples/tut/Export_to_Excel.asp http://gethelp.devx.com/techtips/asp_pro/10min/10min0699.asp L nh Duy ldduy@fit.hcmuns.edu.vn

    HIN TH HNH NH T C S D LIU TRONG CC NG DNG WEB


    L nh Duy Khoa CNTT HKHTN Tp.HCM ldduy@fit.hcmuns.edu.vn 12.2002 1. Gii thiu Vic lu tr v hin th hnh nh t CSDL trong cc ng dng web l cn thit. V d nh cc ng dng qun l h s ca nhn vin, ngoi thng tin bng vn bn nh H tn, a ch, bng cp, s rt cn thit nu c thm d liu v nh ca nhn vin. Hay trong cc ng dng bn hng, bn cnh thng tin v sn phm nh Tn sn phm, phn loi sn phm, gi c, hnh nh trc quan v sn phm cng rt cn thit gip cho ngi dng d dng hn khi chn la, Thng thng ngi ta dng mt trong hai cch t c mc ch ny. Cch th nht l lu tr tp tin hnh nh trn mt th mc ring, trong CSDL ngoi d liu vn bn ch lu ng dn n tp tin hnh nh. Cch th hai l lu tr c d liu hnh nh v vn bn trong cng mt bn ghi trong CSDL. Cch tip cn th nht thng c dng hn v CSDL c kch thc nh v thao tc hin th kh n gin thng qua tag IMG vi thuc tnh SRC c gn bng thng tin v ng dn n tp tin hnh nh c trong CSDL. Hn ch ca cch tip cn ny l i hi d liu nh phi c lu tr trn webserver hoc mt my tnh no m webserver c th truy cp c. Trong cc ng dng m c s d liu c th c sao lu nhiu bn phn tn, ri ro s xy ra nu cc tp tin hnh nh khng c sao lu theo ng ng dn sn c. Cch tip cn th hai do lu tr hnh nh trong CSDL nh l d liu nh phn nn s dn n hn ch l lm cho kch thc ca CSDL tng ln ang k. Nhng b li, d liu hnh nh v vn bn chung mt ni nn c th dng cho cc CSDL c sao lu nhiu ni. lu tr d liu hnh nh trn cc h qun tr CSDL ta phi dng cc kiu d liu dng nh phn cho n. V d, trong MS SQL Server l kiu d liu image, trong MS Access l kiu d liu OLE Object. 2. Hin th hnh nh c trong CSDL Nu dng cch tip cn th nht, ta s to ra trong bng d liu mt trng tn chng hn l IMAGE_URL lu tr ng dn n tp tin hnh nh, v d nh l: images/id1234.gif. hin th hnh nh ny trong trang web, n gin ch cn dng tag IMG vi thuc tnh SRC c gn bng d liu trong trng ImageURL nh: Response.Write("<IMG SRC="" & rs("IMAGE_URL") & """>"). Nu dng cch tip cn th hai, ta s to ra trong bng d liu mt trng c tn chng hn l APP_IMGDATA lu tr d liu hnh nh di dng nh phn. Sau , hin th hnh nh ny ln, ta thc hin tun t cc bc sau: c d liu hnh nh lu trong ImgData vo recordset. Gn thuc tnh ContentType ca i tng Response tng ng vi nh dng nh lu tr. Nu lu tp tin di dng .gif, ta t Response.ContentType=image/gif. S dng hm Response.BinaryWrite ghi ni dung d liu ca hnh nh ra.

    Gi s ta dng CSDL l MS Access vi tp tin CSDL l DB_USERS c lu trong th mc APP_DB, bng d liu APP_USERS c dng lu thng tin ca ngi dng v hnh nh tng ng. on m sau ca tp tin showimage.asp minh ha cc bc trn:
    showimage.asp <% kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN gi s cn hin th hnh nh lu trong bn ghi c trng APP_USERID bng vUserID strSQL = SELECT * FROM APP_USERS WHERE strSQL = strSQL & APP_USERID = & vUserID c d liu hnh nh vo recordset Set rs = Conn.Execute(strSQL) gn thuc tnh ContentType l image/gif Response.ContentType = image/gif ghi d liu hnh nh ra tp tin chuyn xung client Response.BinaryWrite(rs(APP_IMGDATA)) rs.close set rs = nothing Conn.close set Conn = nothing %>

    Vi on m trn do ta t ni dung chuyn xung cho trnh duyt l image/gif nn khng th va cng hin th d liu vn bn va hin th hnh nh c. 3. Ti tp tin nh ln CSDL c th ti cc tp tin d liu ln server, thng thng ta dng cc component c vit sn h tr cho vic ny. Mt trong cc component cung cp min ph l aspSmartUpload (http://www.aspsmart.com/aspSmartUpload/). Hai vn cn lu khi s dng cc component dng ny l form trong trang dnh cho ngi dng nhp phi c t thuc tnh ENCTYPE l multipart/form-data v trang x l upload phi dng i tng Form ca cc component ly d liu v thay cho Request.Form. Vi aspSmartUpload ta c th ti ng thi nhiu tp tin ln server, thm ch c th hn ch kch thc tp tin, kiu tp tin, s c dng ti. V d sau minh ha vic ti d liu ln CSDL bng cch dng tp tin upload.htm cho php ngi dng ch nh tp tin cn upload, tp tin upload.asp dng lu d liu tp tin cn upload vo mt trng trong bng CSDL hoc lu thnh mt tp tin trong th mc no :
    upload.htm <H1>aspSmartUpload : Sample </H1> <HR> <FORM method="POST" action="upload.asp" enctype="multipart/form-data"> <input type="FILE" name ="FILE1" ><br> <input type="submit" value="Upload"> </FORM>

    upload.asp <% ' to i tng aspSmartUpload Set mySmartUpload = Server.CreateObject("aspSmartUpload.SmartUpload") ' upload tp tin mySmartUpload.Upload kt ni vi CSDL strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN set rs = Server.CreateObject(ADODB.Recordset) set rs.ActiveConnection = Conn rs.Source = app_users rs.LockType = 3 rs.Open rs.close For each file In mySmartUpload.Files If NOT file.IsMissing then nu tp tin tn ti rs. AddNew lu di dng mt field trong CSDL file.FileToField rs.Fields(APP_IMGDATA) lu di dng mt tp tin trn th mc ca server vi ng dn tuyt i file.SaveAs("c:\temp\" & file.FileName) lu di dng mt tp tin trn th mc ca server vi ng dn tng i so vi th mc webroot file.SaveAs("dbimages/upload" & file.FileName) rs.Update End if Next rs.close set rs = nothing Conn.close set Conn = nothing %>

    4. Kt lun Bi vit va trnh by cc hai thao tc c bn cho vic qun l hnh nh trong c s d liu ca cc ng dng web. Thao tc th nht lin quan n n vic chn hnh thc lu tr d liu nh, thao tc th hai lin quan n vic ti cc hnh nh ln server. Lu tr d liu nh di dng l mt trng c s d liu s lm cho kch thc c s d liu ln, vic x l kh phc tp nhng c thun li trong trng hp ng dng c thit k cho vic s dng phn tn. n gin v thng c dng hn c l lu tr cc tp tin hnh nh trong mt th mc nh trc trn server v lu tr ng dn n tp tin ny trong c s d liu.

    BT U HC LP TRNH NG DNG WEB VI ASP


    L nh Duy Khoa CNTT HKHTN Tp.HCM ldduy@fit.hcmuns.edu.vn 07.2002 1. Gii thiu ASP Microsoft Active Server Pages (ASP) l mi trng lp trnh ng dng pha server (server side scripting) h tr mnh trong vic xy dng cc ng dng Web. Cc ng dng ASP c th lm vic vi bt k c s d liu no tng thch vi ODBC nh SQL, Access, Oracle, Informix, ng thi rt d vit v sa i. Hn na n c th tch hp cc cng ngh sn c ca Microsoft nh COM, ... mt cch d dng. c th chy c cc trang web vit bng ASP, cn phi c webserver h tr ASP. Microsoft IIS v Personal Web Server (PWS) trn Win95,98,NT hay Internet Information Server (IIS) trn Windows2000 l cc webserver ca Microsoft h tr ASP. Trong trng hp webserver khng phi ca Microsoft, hay h iu hnh khng phi l Windows m l Unix, Linux, cn phi ci t mt th vin h tr ASP. Thng dng nht l Sun Chili!Soft (http://www.chillisoft.com) son tho cc trang ASP, ta c th dng bt c phn mm son tho vn bn no, v d nh Notepad. Thng dng v d dng thng l Visual InterDev trong b Microsoft Studio. Ngoi ra vi ng dng c lin kt vi c s d liu, cn phi ci t thm cc phn mm c s d liu nh Access, SQL, Oracle, Phn mm c s d liu n gin nht cho ngi mi bt u l Access. c th vit ng dng web bng ASP, cn phi bit cc kin thc c bn sau: Kin thc v thit k web, HTML gip thit k cc trang web. Kin thc v cc ngn ng lp trnh VB script, Java script. VB Script l ngn ng lp trnh thng dng cho ASP. Thng thng cc ng dng web c lin quan nhiu n vic qun l, truy xut, cp nht c s d liu nn cn phi nm thm kin thc v c php cc cu truy vn SQL, kin thc v kt ni v lp trnh c s d liu vi ADO. 2. Mt s kin thc c bn v ASP Mt trang ASP thng c mt s c im sau: L mt tp tin vn bn (text file) c phn m rng l .asp: Phn m rng ny s gip webserver yu cu trnh x l trang asp (ASP engine) trc khi tr v cho trnh duyt. Ngn ng script thng dng nht dng vit cc m ca ASP l VBScript. Ngoi ra, ta cng c th vit cc m bng cc ngn ng nh JScript, Perl, Python, ... nu trn webserver c ci t cc b x l ngn ng ny (script engine). Cc on m vit trong trang ASP s c cc b x l ngn ng trn webserver x l tun t t trn xung di. Kt qu ca vic x l ny l tr v trang HTML cho webserver v webserver s gi trang ny v cho trnh duyt. l l do ti sao, ti trnh duyt ta khng th thy c cc on m chng trnh c vit trong trang ASP. Mt trang ASP thng thng gm c 4 thnh phn: o D liu vn bn (text)

    o o o

    Cc tag HTML Cc on m chng trnh pha client t trong cp tag <SCRIPT> v </SCRIPT> M chng trnh ASP c t trong cp tag <% v %>:

    Ba thnh phn ban u l cu trc ca mt trang HTML thng thng, do c th xem mt trang ASP l mt trang HTML c nhng thm phn x l vit bng m ASP (VBScript, JScript, Perl, ...). V d sau minh ha mt trang ASP, d liu vn bn l Welcome to my website. Today is:, cc tag HTML l <P>, <B>, ... v on m chng trnh t gia <% v %>
    <HTML> <BODY> <P> <B>Welcome to my website</B>. Today is <% Response.Write Date() %> </BODY> </HTML>

    3. Mt s sch, website tham kho Thit k v Lp trnh ng dng web bng ASP L nh Duy NXB Thng k, 2001 Xy dng trang web ng vi ASP Nhm tc gi ELICOM - 2001 ASP Databases Nhm tc gi SAIGONBOOK - 2001 Professional Active Server Pages 3.0 Alex Homer et al - 1999 MSDN Active Server Pages Tutorial http://www.learnasp.com http://www.4guysfromrolla.com http://www.15seconds.com http://asp.superexpert.com http://www.aspfaqs.com

    PHNG PHP H TR GII HN TRUY CP TRANG WEB


    L nh Duy Khoa CNTT HKHTN Tp.HCM ldduy@fit.hcmuns.edu.vn 09.2002 1. Gii thiu Thng thng, trong cc ng dng web, ngi thit k mun gii hn s truy cp n mt s trang web thng qua vic chng thc ngi dng (authentication) nhm mc ch cho php nhng ngi c quyn thc s mi c php truy cp v thc hin mt s trang web no . V d cc trang web dng cho vic cp nht CSDL t xa ch cho php ngi qun tr thc hin hay trong cc ng dng nh din n tho lun, thng thng cc trang gi bi mi ch cho php nhng ngi ng k thc hin m thi, t c mc ch ny, c hai cch tip cn: Dng chc nng bo mt ca h thng: Cch ny gii hn quyn truy cp n cc trang web cn bo v bng quyn trn h thng tp tin NTFS. V d, nu mun gii hn quyn truy cp n tp tin admin.asp, ta xc lp quyn cho mt ngi dng no c quyn c, thi hnh m thi. Cch ny c hn ch l ngi dng trang web phi c ti khon trn server. iu ny s thc s kh khn khi a s cc ng dng web thng c hosting ti cc server ca cc ISP. Dng cc on m chng trnh t vit: Cch ny s dng cookies (thng qua bin kiu Session) kt hp vi CSDL v ngi dng lm vic ny! Cch lm ny cho php p ng kh hon ho nhu cu bo mt cc trang web v tng thch d dng trong trng hp hosting cc server khc nhau. 2. Bo v bng cc on m chng trnh t vit tng chnh ca cch lm ny l ta s dng mt bin Session c kiu l boolean k lu thng tin v ngi dng c chng thc hay cha. Gi s ta t tn cho bin ny l blLoginOK, gi tr True s tng ng vi ngi dng c chng thc v ngc li. Vic chng thc ngi dng s c thng qua mt trang ng nhp (v d l trang login.htm). Trang ny s yu cu ngi dng nhp thng tin v tn ng nhp v mt khu. Sau mt on m (trang login.asp) s c dng kim tra thng tin ngi dng va nhp c trng khp vi d liu c lu tr trn CSDL hay khng. Nu thng tin trng khp, gi tr ca bin blLoginOK s c chuyn thnh True (lu ta phi thit lp bin blLoginOK c gi tr mc nh l False). Trong cc trang cn hn ch truy cp, ta ch cn kim tra gi tr ca bin ny l True hay False. Nu gi tr l True, ngi dng s c php thc hin tip cc on m tip theo ca trang, cn ngc li, ta s thng bo yu cu ngi dng chng thc thng qua mt trang ng nhp trc khi tip tc. Cc bc thc hin tun t nh sau: Bc 1: To c s d liu cha thng tin v ngi dng Gi s ta dng MS Access to c s d liu c tn l DB_USERS.MDB, trong ta to mt bng d liu c tn l APP_USERS. Hai trng chnh ca bng d liu ny l APP_USERNAME v APP_PASSWORD. Nu t APP_USERNAME nh l kha chnh th mt ngi dng s c xc nh bng mt tn ng nhp

    duy nht. Tt nhin, ta c th to thm cc trng khc qun l nh H Tn, a ch Email (c th s cn gi email khi qun mt khu), Ln ng nhp cui cng, Thi gian s dng h thng, Sau khi to xong, gi s tp tin ny c lu ti th mc APP_DB. Bc 2: To trang ng nhp login.htm yu cu ngi dng nhp thng tin v tn ng nhp v mt khu:
    Login.htm <FORM action=login.asp method=POST> Username: <input type="text" name="fmUserName" size="20"><br> Password: <input type="password" name="fmPassword" size="20"><br> <input type="submit" value="Submit" name="btnSubmit"> <input type="reset" value="Reset" name="btnReset"> </FORM>

    Bc 3: To trang login.asp kim tra thng tin ngi dng va nhp c trng khp vi thng tin c sn trn CSDL hay khng. Nu trng khp, gi tr bin blLoginOK s c chuyn thnh True.
    Login.asp <% On Error Resume Next vUserName = Request.Form(fmUserName) Thay th du nhy n thnh hai du nhy n trnh li SQL injection vUserName = Replace(vUserName, , ) vPassword = Request.Form(fmPassword) vPassword = Replace(vPassword, , ) strDSN = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" ng dn tng i n tp tin CSDL strDSN = strDSN & Server.MapPath("app_db/db_users.mdb") set Conn = Server.CreateObject("ADODB.Connection") Conn.Open strDSN strSQL = SELECT * FROM APP_USERS WHERE strSQL = strSQL & APP_USERNAME = & & vUserName & strSQL = strSQL & AND & APP_PASSWORD = & & vPassword & Set rs = Conn.Execute(strSQL) if rs.eof then ngi dng khng hp l Response.Redirect(login.htm) else Session(blLoginOK) = True end if set rs = nothing set Conn = nothing %>

    Bc 4: Trong cc trang web v d nh Admin.asp m ta ch mun nhng ngi c chng thc mi c quyn s dng, t on m kim tra bin blLoginOK l True hay False ngay u trang:
    Admin.asp <% if (Session(blLoginOK) <> True) then Response.Redirect(login.htm) end if %>

    3. Kt lun Nhu cu hn ch ngi dng truy cp n mt s trang web no trong ng dng l mt nhu cu thng xuyn khi xy dng cc ng dng. Bng cch s dng bin Session v CSDL ca ngi dng cng vi cc trang login.htm, login.asp, ta c th t c mc ch trn mt cch d dng.

    BO V C S D LIU ACCESS TRONG CC NG DNG WEB Cc ng dng web s dng CSDL Access thng hay t tp tin CSDL .mdb vo mt th mc c th truy cp c t web, v d nh: D:\inetpub\wwwroot\myDB.mdb. iu nguy him nht theo cch lm thng thng ny l nu ngi dng bit c hay on c ng dn n tp tin .mdb, h c th ti tp tin CSDL v v ton b thng tin lu tr trn CSDL b nh cp. bo v CSDL Access trong cc ng dng web, nn kt hp cc phng n an ton sau: Phng n 1: t tp tin CSDL .mdb vo th mc c khng c quyn truy cp t Web. Gi s ta c website c th mc webroot l D:\inetpub\wwwroot\. Th mc cha tp tin CSDL v d l: D:\inetpub\wwwroot\Site1\data\myDB.mdb. Mc nh nu ngi dng on c ng dn ny: http//www.yourserver.com/site1/data/myDB.mdb, h c th ti c tp tin CSDL ny v bi v thng thng cc tp tin trong th mc ny c thit lp quyn Read. hn ch khng cho php ngi dng ti tp tin CSDL v, ta s b quyn Read c thit lp trong th mc ny bng cch dng tin ch Internet Service Manager.

    Thao tc ny khng nh hng g n vic cc on m ASP truy cp n CSDL do thit lp ny c t mc webserver ch khng phi mc h thng tp tin NTFS. Ngha l cc on m ASP vn hot ng bnh thng nh trc. im khc duy nht l ngi dng khng th ti c tp tin CSDL d bit ng dn n n m thi. Phng n 2: t tp tin CSDL .mdb ti ni m ch truy cp c mc server-side tng chnh ca phng n ny l t tp tin CSDL trong mt th mc c cp cao hn th mc webroot ca webserver. V d, nu th mc D:\inetpub\wwwroot\ l webroot ca webserver, ta c th to mt th mc private t ti D:\inetpub\private v t tp tin CSDL vo y. Bng cch ny,

    ngi dng client khng th no truy cp n th mc private ny ti CSDL v. Lc ny, ng dn n tp tin CSDL trong chui DSN s c chnh li nh sau: Nu dng ng dn tuyt i: sFileName = D:\inetpub\private Nu dng ng dn tng i: sFileName = Server.MapPath(/) tr v gi tr D:\inetpub\wwwroot sFileName = Replace(sFileName, wwwroot, private) sFileName = sFileName & myDB.mdb L nh Duy ldduy@fit.hcmuns.edu.vn

    BO V NG DNG WEB CHNG TN CNG KIU SQL INJECTION


    L nh Duy Khoa CNTT HKHTN Tp.HCM ldduy@fit.hcmuns.edu.vn 11.2002 1. SQL Injection l g? Vic thit k v a vo hot ng mt website lun i hi cc nh pht trin phi quan tm n cc vn v an ton, bo mt nhm gim thiu ti a kh nng b tn cng t cc tin tc. Tuy nhin, thng thng cc nh pht trin a s tp trung vo cc vn an ton trong vic chn h iu hnh, h qun tr CSDL, webserver s chy ng dng, ... V d, ngi ta thng quan tm nhiu n cc l hng v an ton trn IIS hn l quan tm n cc on m ca ng dng c tim n cc l hng nghim trng hay khng. Mt trong s cc l hng ny l SQL injection attack. SQL injection l mt k thut cho php nhng k tn cng thi hnh cc cu lnh truy vn SQL bt hp php (khng c ngi pht trin lng trc) bng cch li dng l hng trong vic kim tra d liu nhp trong cc ng dng web. Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hin cc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ng dng. Li ny thng xy ra trn cc ng dng web c d liu c qun l bng cc h qun tr CSDL nh SQL Server, Oracle, DB2, Sysbase. Xt mt v d in hnh, thng thng cho php ngi dng truy cp vo cc trang web c bo mt, h thng thng xy dng trang ng nhp yu cu ngi dng nhp thng tin v tn ng nhp v mt khu. Sau khi ngi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mt khu c hp l hay khng quyt nh cho php hay t chi thc hin tip. Trong trng hp ny, ngi ta c th dng 2 trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t pha ngi dng. V d:
    Login.htm <form action="ExecLogin.asp" method="post"> Username: <input type="text" name="txtUsername"><br> Password: <input type="password" name="txtPassword"><br> <input type="submit"> </form> ExecLogin.asp <% Dim p_strUsername, p_strPassword, objRS, strSQL p_strUsername = Request.Form("txtUsername") p_strPassword = Request.Form("txtPassword") strSQL = "SELECT * FROM tblUsers " & _ "WHERE Username='" & p_strUsername & _ "' and Password='" & p_strPassword & "'" Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." If (objRS.EOF) Then Response.Write "Invalid login." Else Response.Write "You are logged in as " & objRS("Username")

    End If Set objRS = Nothing %>

    Thot nhn, on m trong trang ExecLogin.asp dng nh khng cha bt c mt l hng v an ton no. Ngi dng khng th ng nhp m khng c tn ng nhp v mt khu hp l. Tuy nhin, on m ny thc s khng an ton v l tin cho mt SQL injection attack. c bit, ch s h nm ch d liu nhp vo t ngi dng c dng xy dng trc tip cu lnh truy vn SQL. Chnh iu ny cho php nhng k tn cng c th iu khin cu truy vn s c thc hin. V d, nu ngi dng nhp chui sau vo trong c 2 nhp liu username/password ca trang Login.htm: or = . Lc ny, cu truy vn s c gi thc hin l:
    SELECT * FROM tblUsers WHERE Username='' or ''='' and Password = '' or ''=''

    Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca tblUsers v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp hp l. Mt v d khc ca SQL injection attack na l khi cc trang web s dng d liu nhp vo theo dng querystring (bng cch g cp tham s v gi tr trc tip trn thanh a ch hoc dng form vi thuc tnh ACTION l GET). V d sau minh ha mt trang ASP nhn d liu cho bin ID thng qua querystring v pht sinh ni dung ca trang da trn ID:
    <% Dim p_lngID, objRS, strSQL p_lngID = Request("ID") strSQL = "SELECT * FROM tblArticles WHERE ID=" & p_lngID Set objRS = Server.CreateObject("ADODB.Recordset") objRS.Open strSQL, "DSN=..." If (Not objRS.EOF) Then Response.Write objRS("ArticleContent") Set objRS = Nothing %>

    Trong cc tnh hung thng thng, on m ny hin th ni dung ca article c ID trng vi ID c chuyn n cho n di dng querystring. V d, trang ny c th c gi nh sau: http://www.example.com/Article.asp?ID=1055, hin th ni dung ca article c ID l 1055. Ging nh v d ng nhp trc, on m ny l s h cho mt SQL injection attack. K tn cng c th thay th mt ID hp l bng cch gn ID cho mt gi tr khc, thc hin mt lnh SQL bt hp php, v d nh: 0 or 1=1 (ngha l, http://www.example.com/Article.asp?ID=0 or 1=1). Cu truy vn SQL lc ny s tr v tt c cc article t bng d liu v n s thc hin cu lnh:
    SELECT * FROM tblArticles WHERE ID=0 or 1=1

    Tt nhin v d ny dng nh khng c g nguy him, nhng hy th tng tng k tn cng c th xa ton b CSDL bng cch chn vo cc on lnh nguy him nh lnh DELETE. Tt c ch l n gin thay i chui gn d liu cho ID, v d nh: http://www.example.com/Article.asp?ID=1055; DELETE FROM tblArticles. 2. Cc tc hi v cch phng trnh Tc hi t SQL Injection attack ty thuc vo mi trng v cch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngi s hu CSDL - owner) khi thao tc d liu, n c th xa ton b cc bng d liu, to cc bng d liu mi, Nu ng dng s dng quyn sa (quyn qun tr h thng), n c th iu khin ton b h qun tr CSDL v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngi dng bt hp php iu khin h thng ca bn.

    phng trnh cc nguy c c th xy ra, hy bo v cc cu truy vn SQL l bng cch kim sot cht ch tt c cc d liu nhp nhn c t i tng Request (Request, Request.QueryString, Request.Form, Request.Cookies, and Request.ServerVariables). Trong trng hp d liu nhp vo l chui, nh trong v d 1, li xut pht t vic c du nhy n trong d liu. trnh iu ny, thay th cc du nhy n bng hm Replace thay th bng 2 du nhy n:
    p_strUsername = Replace(Request.Form("txtUsername"), "'", "''") p_strPassword = Replace(Request.Form("txtPassword"), "'", "''")

    Trong trng hp d liu nhp vo l s, nh trong v d 2, li xut pht t vic thay th mt gi tr c tin on l d liu s bng chui cha cu lnh SQL bt hp php. trnh iu ny, n gin hy kim tra d liu c ng kiu hay khng:
    p_lngID = CLng(Request("ID"))

    Nh vy, nu ngi dng truyn vo mt chui, hm ny s tr v li ngay lp tc. Ngoi ra trnh cc nguy c t SQL Injection attack, nn ch loi b bt k thng tin k thut no cha trong thng ip chuyn xung cho ngi dng khi ng dng c li. Cc thng bo li thng thng tit l cc chi tit k thut c th cho php k tn cng bit c im yu ca h thng. Cui cng, gii hn mc ca SQL Injection attack, nn kim sot cht ch v gii hn quyn x l d liu n ti khon ngi dng m ng dng web ang s dng. Cc ng dng thng thng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn ch, thit hi cng t. Cc ti liu tham kho SQL Injection FAQ: http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 Advanced SQL Injection : http://www.nextgenss.com/papers/advanced_sql_injection.pdf Preventing SQL Injection: http://www.owasp.org/asac/input_validation/sql.shtml Bin dch t: http://www.4guysfromrolla.com/webtech/061902-1.shtml

    You might also like