CHAPTER 8
Publishing Information and Applications
Internet Information Server can publish both information and applications. This means that your Web site can contain anything from static pages of information to interactive applications. You can also find and extract information from, and insert information into, databases.
This chapter explains how to:
Preparing Information for Publishing You use the HTML editor or other system to create HTML files, which can include hyperlinks to other files on your system. If you want to include images or sounds, you will also need appropriate software to create and edit those files.
Once you have created your information in HTML or other formats, you can either copy the information to the default directory InetPub\Wwwroot, or you can change the default home directory to the directory containing your information.
To configure additional MIME mappings, start the Registry Editor (Regedt32.exe) and open
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InetInfo\Parameters\MimeMap
Add a REG_SZ value for the MIME mapping required for your computer with the following syntax:
<mime type>,<filename extension>,<unused parameter>,<gopher type>
For example:
text/html,htm,/unused,1
image/jpeg,jpeg,/unused,5
The string associated with the value (that is, the value content) should be blank. The default entry with the file-name extension specified as an asterisk (*) is the default MIME type used when a MIME mapping does not exist. For example, to handle a request for the file Current.vgr when the the file-name extension .vgr is not mapped to a MIME type, your computer will use the MIME type specified for the asterisk extension, which is the type used for binary data.Usually, this will cause browsers to save the file to disk.
The format of the include statement is:
<!--#include file="value"-->
The value can contain a relative path or the full path, from the home directory of your WWW service.
For example, to include a link to your home page in each HTML document:
<A HREF="/homepage.htm"><IMG SRC="/images/button_h.gif"></A>
Using .stm files may affect performance. Therefore, use this extension only when necessary.
You can return to: <!--#include file="/linkhome.htm"--> at any time
Note that all paths are relative to the WWW home directory and can include virtual directories.
Publishing Dynamic Applications Applications that use ISAPI are compiled as dynamic-link libraries (DLLs) that are loaded by the WWW service at startup. Because the programs are resident in memory, ISAPI programs are significantly faster than applications written to the CGI specification.
ISAPI can be used to create applications that run as DLLs on your Web server. If you have used Common Gateway Interface (CGI) scripts before, you will find that the ISAPI applications have much better performance because your applications are loaded into memory at server run-time. They require less overhead because each request does not start a separate process.
![[08_i260b 3328 bytes ]](08_i260b.gif)
Another feature of ISAPI allows pre-processing of requests and post-processing of responses, permitting site-specific handling of Hypertext Transfer Protocol (HTTP) requests and responses. ISAPI filters can be used for applications such as customized authentication, access, or logging.
![[08_i260c 3205 bytes ]](08_i260c.gif)
You can create very complex sites by using both ISAPI filters and applications. ISAPI extensions can also be combined with the Internet Database Connector to create highly interactive sites.
![[08_i260d 3982 bytes ]](08_i260d.gif)
For complete information about programming with ISAPI, see the Microsoft Win32 BackOffice Software Development Kit (SDK), available from MSDN. See the introductory chapter of this guide, “Before You Begin,” for further information about obtaining the ISAPI SDK.
Microsoft Internet Information Server can use most 32-bit applications that run on Windows NT and conform to the CGI specifications.
The following figure illustrates how a browser, a server, and a CGI application exchange information by using CGI. The rest of this section discusses this five-part process.
![[08_i260e 3494 bytes ]](08_i260e.gif)
GET
POST
The client initiates a CGI process by clicking any of the following on an HTML page:
.pl: REG_SZ: C:\RESKIT\PERL\BIN\PERL.EXE %s %s
Where
2. A blank line must follow server directives.
3. The data the application returns to the client follows the blank line.
For more information about CGI, refer to the CGI specifications at http://hoohoo.ncsa.uiuc.edu/cgi/.
It is highly recommended that you configure script mapping. Script mapping ensures that the correct interpreter (Cmd.exe, for example) starts when a client requests an executable file.
World Wide Web content directories should be assigned Read permission only. Any executable files intended for downloading from Windows NT File System (NTFS) drives should have only Read access enabled.
You can run batch files as CGI executable files, but you must do so with extreme caution to prevent potential security risk to the server.
Note CGI executable files can also have the file-name extension .exe or .cgi.
For example, to secure the IDC without putting permissions on the .idc file, you can grant NTFS Execute permission for Inetsrv\Httpodbc.dll to the appropriate users. Httpodbc.dll is the name of the ISAPI application DLL that implements the IDC. Then, whenever a user tries to execute the IDC, the server will check the permissions. Access will be allowed only if Execute permission has been granted for that user.
Note Once an ISAPI application has been loaded, it remains loaded until the WWW service is stopped. Internet Information Server does not track security descriptor changes after the ISAPI application has been loaded. If you change permissions for an ISAPI application after it has been loaded, you must stop and restart the WWW service before the change will take effect.
Take care in setting Access Control Lists (ACLs) on the Winnt directory and its subdirectories. Some ISAPI applications and databases require access to files and DLLs in these directories.
Note ISAPI application DLLs can have the file-name extension .dll or .isa.
You must also ensure that every process started by your application is running by using an account with adequate permissions. If your application interacts with other files, the account you assign to your program must have the appropriate permissions to use those files. By default, applications run using the IUSR_computername account, which must have adminstrator and execute permissions for these application files.
An HTML link to an application that does not require input from the user might look like the following example:
http://www.company.com/scripts/catalog.exe
where Scripts is the virtual directory for interactive applications.
If you are creating an application that requires input from the user, you will need to understand both HTML forms and how to use the forms with ISAPI or CGI. This information is widely available on the Internet or from other sources.
| Extension | Default Interpreter |
| .bat, .cmd | Cmd.exe |
| .idc | Httpodbc.dll |
| .exe, .com | System |
First, the virtual directory Scripts contains your applications. Only an administrator can add programs to a directory marked as an execute-only directory. Thus, unauthorized users cannot copy a malicious application and then run it on your computer without first gaining administrator access.
It is recommended that you grant read and execute permission for the IUSR_computername account on the directory associated with the virtual folder, and full control only to the administrator. Perl scripts (.pl file-name extension) and IDC files (.idc and .htx file-name extensions) need both read and execute permission. However, to prevent someone from installing an unsafe file on your server, do not grant write permission.
Second, if you have configured the WWW service to allow only anonymous logons, all requests from remote users will use the IUSR_computername account. By default, the IUSR_computername account is unable to delete or change files by using the Windows NT File System (NTFS) unless specifically granted access by an administrator. Thus, even if a malicious program were copied to your computer, it would be unable to cause much damage to your content because it will only have IUSR_computername access to your computer and files.
Publishing Information and Using a Database
![[08_i260f 3244 bytes ]](08_i260f.gif)
Web browsers (such as Internet Explorer, or browsers from other companies such as Netscape) submit requests to the Internet server by using HTTP. The Internet server responds with a document formatted in HTML. Access to databases is accomplished through a component of Internet Information Server called the Internet Database Connector (IDC). The Internet Database Connector, Httpodbc.dll, is an ISAPI DLL that uses ODBC to gain access to databases.
The following illustration shows the components for connecting to databases from Internet Information Server.
![[08_i260g 4407 bytes ]](08_i260g.gif)
The IDC uses two types of files to control how the database is accessed and how the output Web page is constructed. These files are Internet Database Connector (.idc) files and HTML extension (.htx) files.
The Internet Database Connector files contain the necessary information to connect to the appropriate ODBC data source and execute the SQL statement. An Internet Database Connector file also contains the name and location of the HTML extension file.
The HTML extension file is the template for the actual HTML document that will be returned to the Web browser after the database information has been merged into it by the IDC.
System DSNs were introduced in ODBC version 2.5 to allow Windows NT services to use ODBC.
2. Click the OK button.
3. Click the Add/Remove button.
4. Click the OK button.
5. Select the ODBC Drivers and Administration option.
6. Click the OK button.
7. The Install Drivers dialog box appears.
8. To install the SQL Server driver, select the SQL Server driver from the Available ODBC Drivers list box, and click the OK button.
2. Double-click the ODBC icon.
You may see other data sources in the list if you previously installed other ODBC drivers.
6. Enter the name of the data source.
For Microsoft SQL Server, the server name, network address, and network library displayed in the Setup dialog box are specific to your installation. If you do not know what to enter in these controls, accept the defaults. To find out the details, click the Help button and find the section that describes your network.
9. Click the Close button to close the Data Sources dialog box.
10. Click the OK button to complete the ODBC and DSN setup.
The following graphic shows Dbsamp1.htm as it is displayed by Microsoft Internet Explorer (assuming that Internet Information Server has been installed on a computer called “webserver”).
![[08_i260m 3471 bytes ]](08_i260m.gif)
When the hyperlink “Click here to run query” is clicked, another Uniform Resource Locator (URL) is sent to the server. The URL precedes the hyperlink text (it is formatted as hidden text):
<A HREF="http://webserver/samples/dbsamp/dbsamp1.idc">Click here to run query</A>
The Internet Database Connector file for the IDC to use (Dbsamp1.idc) is referenced in the URL. Extension file mapping precludes the need to reference Httpodbc.dll in the URL.
On Internet Information Server, the entire process of using the Internet Database Connector for this example is performed in six steps, as shown in the following diagram.
![[08_i260n 4533 bytes ]](08_i260n.gif)
field: value
Datasource: Web SQL
Template: sample.htx
Datasource: Web SQL
Username: sa
Template: sample.htx
SQLStatement:
+SELECT au_lname, ytd_sales
+ from pubs.dbo.titleview
+ where ytd_sales>5000
The other items contained in the sample .idc file include:
The SQLStatement in Sample.idc returns all the author last names and year-to-date sales in units from the “pubs” sample database in SQL Server for authors whose books have year-to-date sales of more than 5000 dollars.
The resulting Web page is displayed in the Microsoft Internet Explorer as shown following.
![[08_i260o 5000 bytes ]](08_i260o.gif)
The .htx file is an HTML document with some additional tags enclosed by <%%> or <!--%%-->, which the .idc file uses to add dynamic data to the document. The HTML formatting in the .htx file typically formats the data being returned. There are six keywords (begindetail, enddetail, if, else, endif, and “%z”) that control how the data from the database is merged with the HTML format in the .htx file. Database column names specify what data is returned in the HTML document. For example, the following line in an .htx file merges data from the Emailname column for every record processed:
<%begindetail%><%Emailname%><%enddetail%>
The Sample.htx file is an HTML document that contains Internet Database Connector tags for data returned from the database (the tags are shown in bold for clarity). Some HTML formatting has been removed to highlight the IDC tags.
Most of the HTML formatting has been removed for clarity.
<HTML>
<BODY>
<HEAD><TITLE>Authors and YTD Sales</TITLE></HEAD>
<%if idc.sales eq ""%>
<H2>Authors with sales greater than <I>5000</I></H2>
<%else%>
<H2>Authors with sales greater than <I><%idc.sales%></I></H2>
<%endif%>
<P>
<%begindetail%>
<%if CurrentRecord EQ 0 %>
Query results:
<B>Author YTD Sales<BR></B>
<%endif%>
<%au_lname%><%ytd_sales%>
<%enddetail%>
<P>
<%if CurrentRecord EQ 0 %>
<I><B>Sorry, no authors had YTD sales greater than </I><%idc.sales%>.</B>
<P>
<%else%>
<HR>
<I>
The Web page you see here was created by merging the results of the SQL query with the template file Sample.htx.
<P>
The merge was done by the Microsoft Internet Database Connector and the results were returned to this Web browser by the Microsoft Internet Information Server.
</I>
<%endif%>
</BODY>
</HTML>
The <%begindetail%> and <%enddetail%> sections delimit where rows returned from the database will appear in the document. Columns returned from the query are surrounded by <%%>, such as <%au_lname%> and <%ytd_sales%> in this example.
For example, in the last section the query in Sample.idc returned only the authors whose year-to-date sales exceeded 5000. By using a parameter, you could build a Web page that asks the user to decide what number to use instead of 5000.
The Web page must prompt the user for the year-to-date sales figure and then name the associated variable to “sales.” Dbsamp2.htm shows a form with an input field used to obtain the number:
![[08_i260p 3967 bytes ]](08_i260p.gif)
The HTML syntax for the input field and button in Sample2.htm is:
<FORM METHOD="POST" ACTION="/scripts/samples/sample2.idc">
<P>
Enter YTD sales amount: <INPUT NAME="sales" VALUE="5000" >
<P>
<INPUT TYPE="SUBMIT" VALUE="Run Query">
</FORM>
In the Internet Database Connector file Sample2.idc, you use the parameter shown in bold in place of the number 5000:
SQLStatement:
+SELECT au_lname, ytd_sales
+ from pubs.dbo.titleview
+ where ytd_sales > %sales%
Here the parameter name must be “sales” so that it corresponds to the <INPUT NAME= “sales” …> on the Web page. Parameters must be enclosed with percent characters (%) to distinguish them from a normal identifier in SQL. When the Internet Database Connector encounters the parameter in the .idc file, the Internet Database Connector substitutes the value sent by the Web browser and then sends the SQL statement to the ODBC driver.
The percent character (%) is also a wildcard character in SQL. You can use wildcards in an SQL query to search for an element in a table that contains certain characters. To insert a single “%” for a SQL wildcard, use “%%.” This prevents the IDC from trying to use the % as a parameter marker. For example:
SQLStatement:
+SELECT au_lname, ytd_sales, title
+ from pubs.dbo.titleview
+ where title like '%%%title%%%'
For a percent sign to be recognized as an SQL wildcard you must double it and then add the percent characters around the parameter to distinguish the string as a parameter. In the example, the query searches for all entries in the title column with the word title in them. This query returns the following:
title
title and deed
main title page
author and title
To return all entries with the word title as the first five letters, you would format the query as follows:
SQLStatement:
+SELECT au_lname, ytd_sales, title
+ from pubs.dbo.titleview
+ where title like '%title%%%'
In this example, the following results are returned:
title
title and deed
To return all entries with the word title as the last five letters, you format the query as follows:
SQLStatement:
+SELECT au_lname, ytd_sales, title
+ from pubs.dbo.titleview
+ where title like '%%%title%'
In this example, the following results are returned:
title
author and title
You can build powerful collections of Web pages by using the output of one query to provide links to other queries. For example, to show the titles for an individual author, instead of returning the author name as plain text, you can format it as a link and then use the link to do another query.
Another example included Internet Information Server shows how to do this type of linkage. Dbsamp3.htm is used to run the query in Sample3.idc, which uses Sample3.htx for the output template. Sample3.htx will return author last names as links, which, when clicked, will display the titles for each author by using Sample3a.idc and Sample3a.htx.
Required Fields in an Internet Database Connector (.idc) File
| Field | Description |
| Datasource | The name that corresponds to the ODBC system Data Source Name (DSN) you created earlier by using the ODBC Administrator or the tool provided with the samples. |
| Template | The name of the HTML extension file that formats the data returned from this query. By convention these files use the file-name extension .htx. |
| SQLStatement | The SQL statement to execute. The SQL statement can contain parameter values, which must be enclosed with percent characters (%) from the client. The SQLStatement can occupy multiple lines in the Internet Database Connector file. Following the SQLStatement field, each subsequent line beginning with a plus sign (+) is considered part of the SQLStatement field. Multiple SQLStatements can appear in the same file. |
| Field | Description |
| DefaultParameters = param=value
[, param=value]
|
The parameter values, if any, that will be used in the Internet Database Connector file if a parameter is not specified by the client. |
| Expires | The number of seconds to wait before refreshing a cached output page. If a subsequent request is identical, the cached page will be returned without ever accessing the database. The Expires field is useful when you want to force a requery of the database after a certain period of time. The IDC does not cache output pages by default. It caches them only when the Expires field is used. |
| MaxFieldSize | The maximum buffer space allocated by the IDC per field. Any characters beyond this will be truncated. The parameter applies only to fields returned from the database that exceed 8192 bytes. The default value is 8192 bytes. |
| MaxRecords | The maximum number of records that the IDC will return from any one query. The MaxRecords value is not set by default, meaning that a query can return up to 4 billion records. Set this value to limit the records returned. |
| ODBCConnection | Insert this field with the value of pool to add the connection to the connection pool, which keeps the connection to the database open for future requests. The IDC then sends data through a pooled connection for subsequent execution of an .idc file that contains the same values for Datasource, Username, and Password. Set this option to improve performance using the Internet Database Connector. Also, there is a nonpool option, which specifies that the connection for the .idc file in which this option is set should not be taken from the connection pool. Set the value of this field to nopool to manage the cache of connections more precisely. Also, if there is a limit on the number of current connections, you do not want the connection pool to monopolize all the connections; otherwise, no one else could connect to the SQL Server.
Note To set the default to connection pooling, you must set the PoolIDCConnections registry entry to 1. For details, see Chapter 10, “Configuring Registry Entries.” |
| Password | The password that corresponds to the user name. If the password is null, this field can be left out. |
| RequiredParameters | The parameter names, if any, that Httpodbc.dll will ensure are passed from the client; otherwise, it will return an error. Parameter names are separated with a comma. |
| Translationfile | The path to the file that maps non-English characters (such as à, ô, or é) so that browsers can display them properly in HTML format. If the translation file is not in the same directory as the .idc file, you must type the full path to the translation file. Syntax: Translationfile: C:\directoryname\filename. Use the Translationfile field if you are publishing a database in a language other than English. A translation file is a text file with each special character mapped in the following format: value=string<CR> where value is an international character and string is the HTML translation code. |
| Username | A valid user name for the data source name supplied in the Datasource field.
Note If you use Microsoft SQL Server with the integrated security option, the username and password fields in the .idc file are ignored. The logon to SQL Server is performed using the credentials of the Web user. If the request is made as the anonymous user, the username and password are determined by the settings for the anonymous user (IUSR_computername by default) in the Internet Service Manager. If the client request contained logon credentials, the username and password supplied by the end user are used to log on to SQL Server. |
| Content-Type | Any valid MIME type describing what will be returned to the client. Almost always this will be “text/html” if the .htx file contains HTML. |
ODBCOptions: Option Name=Value[,Option Name=Value…]
For example, to stop the SQL statement from running for more than 10 seconds and enabling tracing of ODBC function calls, in the IDC file you would specify:
ODBCOptions: SQL_QUERY_TIMEOUT=10, SQL_OPT_TRACE=1, SQL_OPT_TRACEFILE=C:\Sql.log
All options are described in the following table:
| Option Name | Value | Purpose |
| SQL_ACCESS_MODE | 0 = Read/Write
1 = Read Only. |
An indicator for the ODBC driver or data source that the connection is not required to support SQL statements that cause updates to occur. This mode can be used to optimize locking strategies, transaction management, or other areas as appropriate to the driver or data source. The driver is not required to prevent such statements from being submitted to the data source. The behavior of the driver and data source when asked to process SQL statements that are not read-only during a read-only connection is implementation-defined. SQL_ACCESS_MODE set to 0 is the default, which allows reading and writing. |
| SQL_LOGIN_TIMEOUT | Integer | The number of seconds to wait for a logon request to complete before disconnecting. The default is driver-dependent and must be nonzero. If the value is 0, the timeout is disabled and a connection attempt will wait indefinitely. If the specified timeout exceeds the maximum log on timeout in the data source, the driver substitutes that value. |
| SQL_OPT_TRACE | 0 = Trace off
1 = Trace on |
When tracing is on, each ODBC function call made by Httpodbc.dll is written to the trace file. You can specify a trace file with the SQL_OPT_TRACEFILE option. If the file already exists, the ODBC appends to the file. Otherwise, it creates the file. If tracing is on and no trace file has been specified, ODBC writes to the file Sql.log. |
| SQL_OPT_TRACEFILE | File name | The name of the trace file to use when SQL_OPT_TRACE=1. The default is SQL.LOG |
| SQL_PACKET_SIZE | Integer | The network packet size, in bytes, to be used to exchange information between the database management system (DBMS) and the Web Server.
Note Many data sources either do not support this option or can return only the network packet size. If the specified size exceeds the maximum packet size or is smaller than the minimum packet size, the driver substitutes that value. |
| SQL_TRANSLATE_DLL | File name | The name of a DLL containing the functions SQLDriverToDataSource and SQLDataSourceToDriver that the driver loads and uses to perform tasks such as character-set translation. |
| SQL_TRANSLATE_OPTION | Integer | Value controlling translation functionality, which is specific to the translation DLL being used. Consult the documentation for the driver and translation DLL for details. |
| SQL_TXN_ISOLATION | Integer
1=Read Uncommited 2=Read Committed 4=Repeatable Read 8=Serializable 16=Versioning |
Sets the transaction isolation level. The Internet Database Connector does not support transactions than span more than the request in the .idc file. However, for some DBMSs, setting the SQL_TXN_ISOLATION option to 1 (Read Uncommited) will result in higher concurrency and therefore better performance. However, with this setting, data that has not been committed to the database by other transactions may be retrieved . |
| SQL_MAX_LENGTH | Integer | The maximum amount of data that the driver returns from a character or binary column. This option is intended to reduce network traffic and should only be used when the data source (as opposed to the driver) in a multiple-tier driver can implement it. |
| SQL_MAX_ROWS | Integer | The maximum number of rows to return for a SELECT statement. If the value equals 0 (the default), then the driver returns all rows. This option is intended to reduce network traffic when the data source itself can limit the return rows, as opposed to the MaxRecords built-in variable in the Internet Database Connector, which limits the rows fetched. |
| SQL_NOSCAN | 0=Scan for and convert escape clauses
1=Do not scan for and convert escape clauses |
Specifies whether the driver does not scan SQL strings for escape clauses. If set to 0 (the default), the driver scans SQL strings for escape clauses. If set to 1, the driver does not scan SQL strings for escape clauses; instead, the driver sends the statement directly to the data source. If your SQL statement does not contain any ODBC escape clauses, a special syntax enclosed by curly braces ( { } ), then setting this option to 1 will provide a small performance gain by directing the driver to not scan the SQL string. |
| SQL_QUERY_TIMEOUT | Integer
0=No timeout |
The number of seconds to wait for a SQL statement to execute before canceling the query. When set to 0 (the default) there is no timeout. If the specified timeout exceeds the maximum timeout in the data source, or is smaller than the minimum timeout, the driver substitutes that value. |
| Integer | Driver Specific | Driver-specific option values can be specified in the form number=value. For example,
4322=1, 234=String |
If the parameter name in the .idc file is enclosed in single quotation marks, each element of the list will be enclosed in single quotation marks also. You should enclose the parameter name in single quotation marks whenever the column in the IN clause is a character column or other type in which literals are quoted (dates and times, for example). If there are no single quotation marks around the parameter name, no quotation marks will be placed around each element of the list. You should not enclose the parameter name in single quotation marks when the column in the IN clause is a numeric type or any other type in which literals are not enclosed in single quotation marks.
For example, if an HTML form contained the multiple-choice list box shown below:
<SELECT MULTIPLE NAME="region">
<OPTION VALUE="Western">
<OPTION VALUE="Eastern">
<OPTION VALUE="Northern">
<OPTION VALUE="Southern">
</SELECT>
You can construct an .idc file with an SQL statement:
SQLStatement: SELECT name, region FROM customer WHERE region IN ('%region%')
If the user selected “Northern,” “Western,” and “Eastern” from the HTML form, the SQL statement would be converted to:
SELECT name, region FROM customer WHERE region IN ('Northern', 'Western', 'Eastern')
Another example of an HTML form is shown below, but this time uses numeric data, and therefore no quotation marks enclose the parameter in the .idc file.
<SELECT MULTIPLE NAME="year">
<OPTION VALUE="1994">
<OPTION VALUE="1995">
<OPTION VALUE="1996">
</SELECT>
You can construct an .idc file with an SQLStatement:
SQLStatement: SELECT product, sales_year FROM sales WHERE sales_year IN (%year%)
If the user selected “1994” and “1995” from the HTML form, the SQL statement would be converted to:
SELECT product, sales_year FROM sales WHERE sales_year IN (1994, 1995)
SQLSTatement:
+insert into perf(testtime, tag) values (getdate(), '%tag%')
+SELECT au_lname, ytd_sales from pubs.dbo.titleview where ytd_sales>5000
+SELECT count(*) as nrecs from pubs.dbo.titleview where ytd_sales>5000
SQLStatement:
+insert into perf(testtime, tag) values (getdate(), '%tag%')
SQLStatement:
+SELECT au_lname, ytd_sales from pubs.dbo.titleview where ytd_sales>5000
SQLStatement:
+SELECT count(*) as nrecs from pubs.dbo.titleview where ytd_sales>5000
Batch queries are processed together at once, whereas multiple queries are processed one at a time. Therefore, you will get better performance by formatting your queries as a batch if your database can handle batch queries.
<%begindetail%>
<%au_lname%>: <%ytd_sales%>
<%enddetail%>
will list the columns au_lname and ytd_sales. Any column can be referred to in this way. Column names can also be referred to elsewhere in the HTML extension file.
Note If there are no records returned from the query, the <%begindetail%> section will be skipped. For each SQL statement that generates a result set (for example, SELECT), there should be a corresponding <%begindetail%> <%enddetail%> section in the .htx file.
<%begindetail%><%if CurrentRecord EQ 0 %>
Query results:
</BODY>
<B>Author YTD Sales<BR></B>
<%endif%>
<%au_lname%><%ytd_sales%>
<%enddetail%>
<P>
<%if CurrentRecord EQ 0 %>
<I><B>Sorry, no authors had YTD sales greater than </I><%idc.sales%>.</B>
<P>
<%else%>
<HR>
<I>
The Web page you see here was created by merging the results of the SQL query with the template file Sample.htx.
<P>
The merge was done by the Microsoft Internet Database Connector and the results were returned to this Web browser by the Microsoft Internet Information Server.
</I>
<%endif%>
</HTML>
The general syntax is:
<%if condition %>
HTML text
[<%else%>
HTML text]
<%endif%>
Where condition is of the form:
and operator can be one of the following:
| EQ | if value1 equals value2 |
| LT | if value1 is less than value2 |
| GT | if value1 is greater than value2 |
| CONTAINS | if any part of value1 contains the string value2 |
<%begindetail%>
<%if au_lname EQ "Green"%>
this guy is green!
<%endif%>
<%enddetail%>
The <%if%> statement can also be used to do special processing based on information from HTTP variables. For example, to format a page differently based on the type of client Web browser you could include the following in the HTML extension file.
<%if HTTP_USER_AGENT contains "Mozilla"%>
client supports advanced HTML features
<%else%>
client is <%HTTP_USER_AGENT%>
<%endif%>
The MaxRecords built-in variable contains the value of the MaxRecords field in the Internet Database Connector file. MaxRecords and CurrentRecord can only be used in <%if%> statements.
The value of the sales parameter is: <%idc.sales%>
2. Convert all dashes to underscores.
3. Convert all letters to uppercase.
The following table gives a listing of default variables. These are environment variables for CGI applications and HTTP variables for IDC applications.
Internet Information Server Variables
| Variable | Meaning |
| ALL_HTTP | All HTTP headers that were not already parsed into one of the listed variables. These variables are of the form HTTP_<header field name>, for example:
HTTP_ACCEPT: */*, q=0.300, audio/x-aiff, audio/basic, image/jpeg, image/gif, text/plain, text/html |
| AUTH_TYPE | The type of authorization in use. If the user name has been authenticated by the server, this will contain Basic. Otherwise, it will not be present. |
| CONTENT_LENGTH | The number of bytes that the script can expect to receive from the client. |
| CONTENT_TYPE | The content type of the information supplied in the body of a POST request. |
| GATEWAY_INTERFACE | The revision of the CGI (Common Gateway Interface) specification with which this server complies. |
| HTTP_ACCEPT | Special-case HTTP header. Values of the Accept: fields are concatenated, separated by a comma (,); for example, if the following lines are part of the HTTP header:
accept: */*; q=0.1then the HTTP_ACCEPT variable will have a value of: */*; q=0.1, text/html, image/jpeg |
| LOGON_USER | The user’s Windows NT account. |
| PATH_INFO | Additional path information, as given by the client. This comprises the trailing part of the URL after the script name but before the query string (if any). |
| PATH_TRANSLATED | The value of PATH_INFO, but with any virtual path name expanded into a directory specification. |
| QUERY_STRING | The information that follows the question mark (?) in the URL that referenced this script. |
| REMOTE_ADDR | The IP address of the client. |
| REMOTE_HOST | The hostname of the client. |
| REMOTE_USER | The user name supplied by the client and authenticated by the server. |
| REQUEST_METHOD | The HTTP request method. |
| SCRIPT_NAME | The name of the script program being executed. |
| SERVER_NAME | The server’s hostname (or IP address) as it should appear in self-referencing URLs. |
| SERVER_PORT | The TCP/IP port on which the request was received. |
| SERVER_PORT_SECURE | The value of 0 or 1. The value 1 indicates the request is on the encrypted port. |
| SERVER_PROTOCOL | The name and version of the information-retrieval protocol relating to this request, usually HTTP/1.0. |
| SERVER_SOFTWARE | The name and version of the Web server under which the Internet Server Extension is running. |
| URL | The URL of the request. |
© 1996 by Microsoft Corporation. All rights reserved.