Sunit Katkar's Home Page Home Java Palm OS ASP COM XML XSL PHP Personal Your IP: 38.103.63.18

 Tutorials:



 ASP COM Links: 		 

Steps for building our component: 3

Step 11: First we will code the method for POST forms. Now add the following code to the FormPOST method.
Look for explanations and short comments in the source code comments below. 
    STDMETHODIMP     CProcessForm::FormPOST()
    {
          // TODO: Add your implementation code here
          HRESULT       hr = S_OK;
          CComVariant   vtTemp;
          IUnknown*     pUnknown = NULL;
          IEnumVARIANT* pEnum = NULL;
          ULONG         lValue = 0;

           //declare a IRequestDictionary interface pointer
           CComPtr   piRequestVariables;

           
           /*--------------------------------------------------------------------
            * We will use the get_Form method to access the Form
            * collection of the Reqeust object which returns a pointer
            * to the IRequestDictionary object.
            *--------------------------------------------------------------------
            * IRequestDictionary interface pointer receives the Forms collection
            * You can iterate through the Form collection with the
            * get__NewEnum method exposed by the IRequestDictionary interface.
            * You can also retrieve a specific Form value with the get_Item
            * method.
            *--------------------------------------------------------------------*/
            

              hr = m_piRequest->get_Form(&piRequestVariables);

            // if failure then just return
            if(FAILED(hr))
            {
                return hr;
            }

            
            /*-----------------------------------------------------
             * double check that the page has started executing
             * and that the reqeust object is available
             *-----------------------------------------------------*/
             

            if((m_bOnStartPageCalled == TRUE) && (m_piRequest != NULL))
            {

                //get enumerator object
                hr = piRequestVariables->get__NewEnum(&pUnknown);

                if(!FAILED(hr))
                {
                    hr = pUnknown->QueryInterface(IID_IEnumVARIANT, (void**)&pEnum);
                }
                if(FAILED(hr))
                {
                    return hr;
                }

             
             /*-----------------------------------------------------
              * The IEnumVARIANT interface provides a method for
              * enumerating a collection of variants
              *-----------------------------------------------------
              * HRESULT Next
              *  ( unsigned long celt, <-no.of elements to be returned
              *    VARIANT FAR* rgVar, <-array of sizecelt in which elements are to be returned
              *    unsigned long FAR* pCeltFetched <-pointer to no. elements returned in rgVar
              *  );
              *----------------------------------------------------- */
             
                while(S_OK == (pEnum->Next(1,&vtTemp,&lValue)))
                {
                    CComVariant     vtValue;
                    CComBSTR        bstrTemp;

                    //write out the field name and equal to sign
                    m_piResponse->Write(vtTemp);
                    vtValue = "=";
                    m_piResponse->Write(vtValue);

                    //get the field value and write it out
                    piRequestVariables->get_Item(vtTemp,&vtValue);

    
    /*----------------------------------------------------------------------------
    * Before you proceed, remember that the FORM input can be deliberate malicious
    * cross -site scripting attack. It means that some hackers might enter <SCRIPT>
    * tags and some malicious code in between. A good way to avoid this as part of
    * Form input is to use the HTMLEncode method provided by the Server object
    *----------------------------------------------------------------------------*/
    
                  
                   /*-------------------------------------------------------
                    * The field value needs to be made safe
                    * from cross site scripting by using the
                    * IServer:;HTMLEncode() method which is :
                    *-------------------------------------------------------
                    * HRESULT HTMLEncode
                    *  (
                    *     BSTR bstrIn,   //binary string that contains the text to be encoded
                    *     BSTR *pbstrEncoded //pointer to a binary string that receives
                    *                        //the encoded text
                    *  );
                    *------------------------------------------------------- */
                  

                    //Change the CComVariant type to BSTR
                    vtValue.ChangeType(VT_BSTR);

                   
                   /*------------------------------------
                    * But HTMLEncode accepts only BSTR's
                    * so we extract the BSTR part of
                    * vtValue by using bstrVal
                    *-------------------------------------*/
                    

                        m_piServer->HTMLEncode(vtValue.bstrVal,&bstrTemp);

                        
                        //Again cast it to CComVariant as Write only accepts variants
                        m_piResponse->Write(CComVariant(bstrTemp));
                        vtTemp = "<P>\n";
                        m_piResponse->Write(vtTemp);
                }

            }
            return hr;
    }

 

Step 12: Similarly we will code the method for GET forms. Now add the following code to the FormGET method.
Look for explanations and short comments in the source code comments below. 
    
        STDMETHODIMP CProcessForm::FormGET()
        {
            // TODO: Add your implementation code here
            HRESULT          hr = S_OK;
            CComVariant      vtTemp;
            IUnknown*        pUnknown = NULL;
            IEnumVARIANT*    pEnum = NULL;
            ULONG             lValue = 0;


            //declare a IRequestDictionary interface pointer
            CComPtr  piRequestVariables;

           
           /*------------------------------------------------------------
            * We will use the get_QueryString method to access
            * the Reqeust object collection which returns a pointer
            * to the IRequestDictionary object.
            * IRequestDictionary interface pointer receives the QueryString
            * collection.
            * You can iterate through the QueryString collection with the
            * get__NewEnum method exposed by the IRequestDictionary interface.
            * You can also retrieve a specific Querystring value with the
            * get_Item method.
            *------------------------------------------------------------ */
            hr = m_piRequest->get_QueryString(&piRequestVariables);

            //if failure then just return
            if(FAILED(hr))
            {
                return hr;
            }

            
            /*-----------------------------------------------------
             * double check that the page has started executing
             * and that the reqeust object is available
             *-----------------------------------------------------*/
             
            if((m_bOnStartPageCalled == TRUE) && (m_piRequest != NULL))
            {
                //get enumerator object
                hr = piRequestVariables->get__NewEnum(&pUnknown);

                if(!FAILED(hr))
                {
                    hr = pUnknown->QueryInterface(IID_IEnumVARIANT, (void**)&pEnum);
                }

                if(FAILED(hr))
                {
                    return hr;
                }

             
             /*-----------------------------------------------------
              * The IEnumVARIANT interface provides a method for
              * enumerating a collection of variants
              *-----------------------------------------------------
              * HRESULT Next
              *  ( unsigned long celt, <-no.of elements to be returned
              *    VARIANT FAR* rgVar, <-array of sizecelt in which elements are to be returned
              *    unsigned long FAR* pCeltFetched <-pointer to no. elements returned in rgVar
              *  );
              *----------------------------------------------------- */
              

                while(S_OK == (pEnum->Next(1,&vtTemp,&lValue)))
                {
                    CComVariant vtValue;
                    CComBSTR bstrTemp;
                    //write out the field name and equal to sign
                    m_piResponse->Write(vtTemp);
                    vtValue = " = ";
                    m_piResponse->Write(vtValue);

                    //get the field value and write it out
                    piRequestVariables->get_Item(vtTemp,&vtValue);
        
        /*----------------------------------------------------------------------------
        * Before you proceed, remember that the FORM input can be deliberate malicious
        * cross -site scripting attack. It means that some hackers might enter <SCRIPT>
        * tags and some malicious code in between. A good way to avoid this as part of
        * Form input is to use the HTMLEncode method provided by the Server object
        *----------------------------------------------------------------------------*/
        
               
                   /*-------------------------------------------------------
                    * The field value needs to be made safe
                    * from cross site scripting by using the
                    * IServer:;HTMLEncode() method which is :
                    *-------------------------------------------------------
                    * HRESULT HTMLEncode
                    *  (
                    *     BSTR bstrIn,   //binary string that contains the text to be encoded
                    *     BSTR *pbstrEncoded //pointer to a binary string that receives
                    *                        //the encoded text
                    *  );
                    *------------------------------------------------------- */
                    

                    //Change the CComVariant type to BSTR
                    vtValue.ChangeType(VT_BSTR);

                    
                    /*------------------------------------
                    * But HTMLEncode accepts only BSTR's
                    * so we extract the BSTR part of
                    * vtValue by using bstrVal
                    *-------------------------------------*/
                    
                    m_piServer->HTMLEncode(vtValue.bstrVal,&bstrTemp);

                    //Again cast it to CComVariant as Write only accepts variants
                    m_piResponse->Write(CComVariant(bstrTemp));
                    vtTemp = "<P>\n";
                    m_piResponse->Write(vtTemp);
                }

            }
            return hr;
        }

 

Step 13: Now our COM component is ready to be compiled and used via ASP pages.
Compile the component. You will now get a file called MyForm.dll in the debug directory of your project. Visual C++ will register it for you.
If you are running your web server on a different machine then you will have to copy this dll to that machine and manually register it by using the regsvr32.exe command line utility.
The next steps will show you two simple ASP files to test this component.

Note: We have not added any error checking code to this example. It is left upto you as an exercise.

Main |  1 |  2 |  3 |  4 |  5


Home |  Java  |  Palm OS |  ASP COM |  XML XSL |  PHP |  Personal |  Contact