Active Server Pages (ASP), now commonly referred to as **Classic ASP**, was Microsoft's first server-side scripting engine designed to create dynamic web pages. Introduced in 1996 as part of Internet Information Services (IIS) 3.0, ASP revolutionized web development by allowing developers to embed server-side scripts directly into HTML files.
When a browser requests an ASP file, the IIS web server processes the server-side code, generates standard HTML, and sends only the plain HTML back to the client. This ensures that the source code remains hidden from the end-user.
---
## Understanding Classic ASP
Classic ASP is a server-side technology. Unlike client-side languages like JavaScript (which run in the user's browser), ASP code executes entirely on the web server before the page is sent to the user.
### Why Was ASP Created?
* **Dynamic Content**: To generate web pages on-the-fly based on user input, database queries, or time-based conditions.
* **Database Integration**: To easily connect web pages to relational databases like MS Access, MS SQL Server, or Oracle.
* **Session Management**: To track user states across multiple pages (e.g., shopping carts, user logins).
* **Security**: Because the code executes on the server, sensitive business logic and database credentials are never exposed to the client.
---
## Syntax and Core Components
ASP files use the `.asp` file extension. They contain standard HTML tags mixed with ASP scripting delimiters.
### The Scripting Delimiters
The primary syntax for writing ASP code is the delimiter `<%` and `%>`. Anything written inside these tags is executed on the server.
| Syntax Element | Description | Example |
| :--- | :--- | :--- |
| `<% ... %>` | Standard server-side script block. | `<% Dim name %>` |
| `<%= ... %>` | Shortcut for writing output directly to the HTML stream (equivalent to `Response.Write`). | `<%= "Hello World" %>` |
| `@Language` | Directive that defines the scripting language used in the page (placed at the very top). | `<%@ Language="VBScript" %>` |
### Default Scripting Language
While ASP supports multiple scripting languages (including JScript), **VBScript** (Visual Basic Scripting Edition) is the default and most widely used language in Classic ASP.
### Core Built-in Objects
ASP provides several built-in objects that handle web-specific tasks without requiring external libraries:
* **`Request`**: Retrieves information from the client (e.g., query strings, form data, cookies).
* **`Response`**: Sends information to the client (e.g., writing text, setting cookies, redirecting pages).
* **`Session`**: Stores user-specific information across multiple pages.
* **`Application`**: Stores global variables accessible by all users of the website.
* **`Server`**: Provides access to server-specific methods and properties (e.g., database connections, file system access).
---
## Code Example: A Dynamic ASP Page
Below is a complete, self-contained Classic ASP example. It demonstrates how to declare VBScript, use built-in objects, handle conditional logic, and output dynamic HTML.
```asp
<%@ Language="VBScript" %>
<%
' Force explicit variable declaration for cleaner code
Option Explicit
' Declare variables
Dim userName, currentHour, greeting
' Retrieve a query string parameter (e.g., index.asp?name=Alex)
userName = Request.QueryString("name")
If userName = "" Then
userName = "Guest"
End If
' Get the current hour of the server
currentHour = Hour(Now())
' Determine the appropriate greeting based on the time of day
If currentHour < 12 Then
greeting = "Good morning"
ElseIf currentHour < 18 Then
greeting = "Good afternoon"
Else
greeting = "Good evening"
End If
%>
ASP Intro Demo - YouTip
<%= greeting %>, <%= Server.HTMLEncode(userName) %>!
Welcome to YouTip's Classic ASP introduction guide.
Server Time: <%= Now() %>
```
---
## Best Practices and Common Pitfalls
If you are maintaining legacy Classic ASP applications or migrating them to modern platforms, keep these critical practices in mind:
### 1. Always Use `Option Explicit`
By default, VBScript allows you to use variables without declaring them. This can lead to silent bugs caused by simple typos (e.g., misspelling `userEmail` as `usrEmail`). Placing `Option Explicit` at the very top of your ASP file forces you to declare all variables using the `Dim` statement, preventing these hard-to-find bugs.
### 2. Prevent SQL Injection and XSS
Classic ASP does not have built-in protection against modern web vulnerabilities.
* **Cross-Site Scripting (XSS)**: Always wrap user inputs in `Server.HTMLEncode()` before rendering them back to the browser (as shown in the code example above).
* **SQL Injection**: Never concatenate user input directly into SQL strings. Use ADO (ActiveX Data Objects) Command objects with parameterized queries to interact with databases securely.
### 3. Classic ASP vs. ASP.NET
Do not confuse **Classic ASP** with **ASP.NET**. While Classic ASP is an interpreted scripting environment based on VBScript/JScript, ASP.NET is a compiled, object-oriented framework built on the .NET runtime (using C# or VB.NET). While IIS still supports Classic ASP, all new enterprise development should be done using modern **ASP.NET Core**.