So you want to learn ASP, well hopefully you will find some of the tutorials and articles in this section of Web Wiz Guide useful.

If you have an SQL database set up with your web host, a useful tip to know is how to connect to your SQL database via Enterprise Manager. The advantage of knowing

Following example, extracts all of the records in a database table and stores into a 2-dimensional array. This gives you an advantages to modify and work on data.

If you are developing a password-protected web site, you have to make a decision about how to store user password information securely.

What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).

MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good.

MD5 does have its weaknesses. MD5 encryption is not infallible: if the password is not strong enough, a brute force attack can still reveal it. So, you can ask: "Why should I use MD5 if I know it is not the most secure?" The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. The greatest advantage of MD5 is its speed and ease of use.

It is vitally important to understand that password encryption will not protect your website, it can protect your passwords only. If your website does not have sufficient protection, password encryption will not make it safe from cracking. If your system has been cracked, a hacker can inflict a irreparable damage to it and also gain an access to confidential information, including passwords database. But if you store this information encrypted, hackers practically cannot make use of it. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.

There are no built-in MD5 functions in ASP. To enable MD5 encryption you should include md5.asp.


So, let's start. First of all, you need to add a new account to your database. The following code allows to do it.

This one's like a double whammie! Welcome to the world of hard core SQL Server stored procedures and to the NextRecordset method of ADO's recordset object... Before we go on, this requires SQL Server. WON'T WORK WITH ACCESS.

That said, the goal for this example was easy... Get a list of all current tables in the database created by your's truly, get a list of dependent stored procedures for each table and do it all in a stored procedure! Easy...

There are basically 2 parts to this example. The calling application (a VBScript class called SQLServerTools) and the SQL Server stored procedure: sp_Admin_ExampleTablesDependencies (included with the class). The VBScript class is easy and contains only 1 method. That method is a great example of how to use the NextRecordset method of ADO to capture a second (or 50th) recordset returned by a procedure. For example, did you know this was valid SQL:

"SELECT * FROM table1;SELECT * FROM table2;"

Well it is, SQL Server knows that this statement should produce two separate and distinct recordsets however if you execute that and don't use NextRecordset, you will only get that first RS back. The stored procedure I wrote to do all the work is the second part of the example. That procedure returns (2 * num of tables) recordsets which is variable and based on the number of tables found in sysobjects for your particular db. Bottom line, that procedure always returns more than 1 recordset.

Right now, as you read this, I estimate that the procedure returned as many as 30 recordsets that were looped through with NextRecordset... But that's not the real magic. The class only exists to call the procedure and work with it's results. The stored procedure itself does all the work.

I've commented both the app and the stored procedure to the max but I'll give you an overview of the stored procedure... The stored procedure uses a cursor to loop through the records of a recordset returned by the system table: sysobjects. The process used is almost the same as using ADO to manipulate a recordset but right in the db itself... this means huge speed bonus and, by writing a stored procedure, all that logic is forever contained within and isn't spilled out into the class where it doesn't belong.

So anyways, while the procedure is looping through each table returned by sysobjects, it's simultaneously calling the system stored procedure: sp_depends. sp_depends is a handy function that returns a recordset of names representing every stored procedure that references the entered table! sp_depends can be used on any object, not just tables, but that is another discussion for another day...