Other Topics and Tips

1
Other Topics and Tips
2
Important Note!!

• These slides cover a variety of miscellaneous
  topics.
• Often, few details are given. These slides just
  give you a starting point for solving various
  problems.
• I HAVE NOT tested a lot of the code in these
  slides.
• Think before using anything in this presentation!

3
Index

• Tips for Access
• Programming Tricks
• Server-side Form Validation
• Cookies
• Redirect to Login Page
• Cryptography and Certificates
• That Darn Back Button
• Miscellaneous Tips
• ASP Errors

4
Tips for Access

• How can you speed up the process of making
  databases with many fields?
• You can copy and paste variable names and then
  add numbers. Copy survey and then paste-1,
  paste-2, paste-3, etc.
• You can rapidly set the data type to be, for
  example, number by Down Arrow, n, and Down
  Arrow again.

5
Making a Database by Importing Values

• See An alternate way to make Access tables on web
  site under May 25th.
• Suppose you want to make a database with field
  names Survey1, Survey2, ... Survey1000. Do you
  want to type that?
• Use Excel to make a list of numbers from 1 to
  1000. (Cell A1 is 1. Cell A2 is A11. Fill
  down to row 1000.)
• Save as a CSV file.
• Open with Textpad.
• Search and replace , with \n which replaces
  commas with line breaks. Check the regular
  expression box for this to work.

6
Making a Database by Importing Values

• Put the cursor in front of the 1 on the first
  row.
• Macro, Record.
• Type Survey, hit the Home button on your
  keyboard, hit the down arrow once.
• Macro, Stop Recording. Save the macro.
• Macro, Multiplay, choose the macro, repeat to end
  of file.
• Replace all \n with ,. Save as CSV file.
• Import into Access.
• Adjust data types, if needed.

7
Programming Tricks
8
Finding mins and maxs

• Suppose you want to find the maximum value out of
  a list of numbers from the database.
• Maximum rs(number) Or, Minimum
  rs(number)
• DO WHILE NOT rs.EOF
• IF rs(number) gt Maximum THEN lt for
  minimum
• Maximum rs(number)
• END IF
• rs.MoveNext
• Loop

9
Converting Text to Numbers

• You will run into this error someday.
• Sometimes, if you collect a number in a form, ASP
  will get confused and think it is text. When you
  try to do something with that number, your
  program will crash.
• You can force ASP to recognize a number by
  multiplying that number by one
• Number request.form(number) 1
• FOR i 1 TO Number

10
rs.Update errors

• An error on this line occurs when something is
  wrong but the server cant figure out what.
• It can be very annoying trying to track down the
  error.
• Suggestion
• Copy all your rs(something) statements to
  another file.
• Try deleting some of your rs() lines. Try
  again. Repeat until you find the problem.

11
rs.Update errors

• Sometimes you will get an error on the rs.Update
  line when there is a problem connecting to the
  database.
• You might try deleting everything in between
  rs.AddNew and rs.Update.
• If the error still occurs then something else is
  wrong non-existent table, wrong permissions on
  the database folder, etc.

12
JavaScript AND and OR

• JavaScript uses to mean AND and to mean OR.
• To test if someones age is in between 19 and 65
• if (theForm.age.value gt 19 theForm.age.value
  lt 65)
• To test if it is outside that range
• if (theForm.age.value lt 19 theForm.age.value gt
  65)
• All such tests should be placed inside an IF
  statement that verifies whether or not
  theForm.age.value is actually a number or you
  will get an error if a non-number is entered as
  their age.
• if (isNaN(theForm.age.value))

13
Server-side Form Validation
14
Server-side Form Validation

• See server_side_error_checking.asp in
  common_files (Use FTP, page wont load in a web
  browser).
• Line 4 is an array that is large enough to hold
  every error message, even if they were all set
  off. If you count up number of the IF-THEN
  blocks the array should probably be the same size
  as the number of IF-THEN blocks.
• Each IF-THEN block checks one thing. If there is
  no answer or an answer that doesnt make sense,
  then the number of errors (count) is increased by
  1 and the error message for that question is
  stored in the missed() array.

15
Server-side Form Validation

• The IF statement on Line 26 checks to see if
  there are any errors. If so, the subject is told
  there is a problem, all the error messages are
  printed out, and the subject needs to click their
  back button to fix the errors.
• If there are no problems, the ELSE statement on
  Line 39 writes their data to the database and
  then shows them the next page.

16
Cookies
17
Cookies

• The web was not originally designed to keep track
  of you as you moved through a web site. That is
  the reason we have to put hidden ID fields in
  every form to keep track of our subjects.
• A cookie is a small text file placed on your
  computer by a web server. (Sometimes they are
  just held in memory and not written as a text
  file.)
• Cookies are one way to keep track of people.

18
Cookies

• Pro It is easy to keep track of someone.
• Pro You dont need hidden fields.
• Pro Easy to program.
• Con There are privacy issues with them.
• Con Many firewalls block them which will break
  your study.
• Con Cookies destroy themselves after a period of
  time. 20 minutes is the default. If a subject
  spends more than 20 minutes on one page, all
  cookies disappear.
• Con Lengthening the time a cookie lives is much
  more likely to trigger a privacy alert from their
  firewall.

19
Cookies

• If you are running a study in a controlled
  environment, cookies can provide an excellent way
  for you to keep track of subjects.
• Keep in mind, that if you use cookies in a
  controlled environment, your pages might not work
  if you later decide to expand your subject pool
  by allowing people to complete your study at home.

20
Using Cookies

• Access cookies using Request.Cookies
• If, when you generate their subject ID, you say
• Request.Cookies(id) id
• Then, on any page you can type
• id Request.Cookies(id)
• And id will hold their subject ID.
• This is great when it works but it often doesnt
  work. (See the Cons two slides ago.)

21
Redirect to Login Page
22
Redirect to Login Page

• Suppose your study is being taken on a public
  computer, such as in a lab.
• The pages of your study will remain in the
  history of that browser.
• Later, someone could sit down at that computer,
  deliberately or accidentally go to a page of your
  study, and start entering data.

23
Redirect to Login Page

• How to prevent people from accidentally ending up
  in the middle of your study.
• Require a simple password to get into your study.
• Use HTTP_REFER at the top of every page to check
  if they were just on a page of your study. If
  not, send them to the login page.

24
Redirect to Login Page

• For example, suppose your study is in the
  /930/username/ folder. This is what each page
  would look like
• lt IF InStr(Request.Servervariables(HTTP_REFERER
  ), 930/username) 0 THEN
• Response.redirect index.asp
• ELSE
• gt
• The rest of your page goes here ASP and HTML.
• lt END IF gt This is the very last line of your
  page.

25
Cryptography and Certificates
26
Secret Codes

• Suppose we wanted to exchange a secret message.
• We could have a secret code, maybe on a disk, and
  give our code to each other.
• Then I could encrypt my message with the code,
  send it to you, and you could decrypt it with the
  same code.
• If we are far away from each other, how do we
  exchange our code?
• If we mail it, the CIA might steal it. If we
  email it, the NSA might steal it. If we FedEx
  it, your cousin who works for FedEx might steal
  it.

27
Public Key Cryptography

• There is a family of secret codes called public
  key cryptography.
• A public key code comes in two pieces that work
  together.
• The public key is, for example, posted on the
  Internet so anyone can encrypt a message and send
  it to you.
• Your private key, which no one sees, can decrypt
  messages sent to you through your public key.

28
Web Cryptography

• When you communicate with a web site, it can tell
  your browser its public key, and then your
  browser can send encrypted messages to the web
  site.
• Think shopping carts.
• This is usually called SSL encryption.
• SSL Secure sockets layer.

29
Certificates

• If you trust your computer to send your credit
  card information to Amazon, how do you know you
  are dealing with Amazon?
• Public key encryption codes can be
  registered/checked out from certain authorities
  who will vouch for your identity.
• This electronic ID is called a certificate.
• You need a certificate if you are going to deal
  with public key encryption on a large scale.
  (You can make your own, but no one will trust
  you.)

30
Trusted/Certificate Authorities

• The companies that issue certificates are called
  Trusted Authorities or Certificate Authorities.
• If you want a certificate, you have to go through
  the registration process for that Trusted
  Authority.
• You can expect to answer a long list of questions
  such as your birth date and drivers license
  number.

31
Trusted/Certificate Authorities

• A brief introduction to certificates
• http//security.fnal.gov/pki/what_is_cert.html
• Wikipedia article
• http//en.wikipedia.org/wiki/Certificate_authority
  
• Two Certificate Authorities
• http//www.verisign.com/
• http//www.thawte.com/

32
Working with Certificates

• First, get a certificate from a Certificate
  Authority.
• Second, install it on your computer
• http//www.ipswitch.com/support/ws_ftp-server/guid
  e/v5/ch10_sslconfig7.html
• Third, write web pages that use HTTP_REFER to
  make sure they are being called using an https//
  URL.
• Last, give out your (https//) URL.
• The server automatically handles encryption for
  all https// pages.

33
Debugging Your Web Site
34
Steps in Making a Web-based Survey

• Write each page and its corresponding process
  page separately. Test them.
• Chain them together but dont randomize.
• Turn on randomization. Test again.
• Add server-side form validation (optional).
• Add client-side form validation.

35
Debugging Your Web Site

• Here are some trick for debugging your web site.
• On your client computer, turn off friendly HTTP
  error messages. (Internet Explorer, Tools,
  Internet Options)
• I think Firefox does this automatically

36
Debugging Your Web Site

• This sequence allows you to thoroughly debug your
  pages while causing the least annoyance
• Write each page and its corresponding process
  page separately. Test them.
• Chain them together but dont randomize. Test
  them a few times.
• You can chain them together manually. Or,
• Setup the randomization code. After Line 75 in
  Randomizing Page Order.txt insert the following
  code
• FOR i 1 TO NumberOfPages
• Order(i) Pages(i)
• NEXT
• And change the DO WHILE CurrentPages gt 0 on Line
  80 to read DO WHILE CurrentPages lt 0.
• These two changes cause the pages to always be
  displayed in the same order (whatever order they
  are in Pages) and turns off the randomization
  (CurrentPages lt 0 is never true so the
  randomization code never runs).

37
Debugging Your Web Site

• During Step 1 or 2 or both, erase all the data
  from the database (open a table, Ctrl-A to select
  all records, press the delete key on your
  keyboard). Then go through the study a few
  times, FTP the database to your computer, and
  make sure every field is receiving data.
• This is important!!! A single typo anywhere in
  your rs(field) request.form(field) will
  cause data to be lost.

38
Debugging Your Web Site

• Answer the questions in your study in different
  patterns to make sure everything is getting
  written properly. Some suggestions
• Alternate checkboxes each time through the study

39
Debugging Your Web Site

• Answer radio button question in a serpentine
  pattern and look for 1-2-3-2-1 patterns in the
  database

40
Debugging Your Web Site

• Turn on randomization by deleting the lines from
  Step 2. Test again. You can just next through
  the pages quickly a few times to make sure
  randomization is getting all the pages.
• Add server-side error checking (optional).
• Add client-side error checking.

41
That Darn Back Button
42
That Darn Back Button

• After a person enters data on a page, later, they
  could hit the back button on their browser, so
  back to that page, and reenter data. How can I
  stop this?
• Short answer You cant. There is no perfect way
  to solve this problem.

43
That Darn Back Button

• You used to be able to pull a trick with
  auto-forwarding subjects from one page to
  another. When they tried to click back the
  intermediate page would forward them back to the
  appropriate page. This doesnt work any more
  since now browsers will jump back two pages if
  they know you are using auto-forwarding.

44
That Darn Back Button

• You can use JavaScript to popup a warning asking
  them not to click the back button but they can
  just ignore it and click back again.
• You can use a pragma, no cache command to force
  each page to reload if they go back but then you
  have to program what to do when you detect a page
  reload.

45
That Darn Back Button

• There just doesnt seem to be a good solution to
  people hitting the back button.
• If you have their subject id be the primary key
  in each table, then when they resubmit a page the
  study will crash. (You might want this to
  happen.)
• If you have an AutoNumber field as the primary
  key then they can enter multiple records in each
  page and you can decide what to do about that
  later, e.g. drop them.

46
That Darn Back Button

• You can detect if they are submitting a page
  twice by checking to see if the relevant table
  already holds a record from the first time they
  submitted the page. You still have to program
  around that and decide what to do about it.

47
That Darn Back Button

• One solution would be to embed the entire study
  into a Flash file. You cant go back in Flash.
  That is a whole other course in programming
  Flash-database communication.
• Conclusion There is no good and easy solution.

48
No Cache

• You can force your web pages to be reloaded every
  time they are viewed by adding this line into
  your ltheadgt section
• ltMETA HTTP-EQUIV"Pragma" CONTENT"no-cache"gt
• The following command is similar, in that it says
  the web page has expired in the past and
  therefore needs to be reloaded
• ltMETA HTTP-EQUIV"Expires" CONTENT"-1"gt
• This trick and get useful in combination with
  other techniques to determine if they have
  clicked the back button.

49
Other Technologies and Products
50
MySQL

• MySQL is a free database product available from
  www.mysql.com
• Many servers run MySQL so you might have to deal
  with it someday.
• The book MySQL by Paul DuBois is a wonderful
  reference.
• One advantage You can have 2660 fields in a
  single table. Most databases, even high-end
  products, only allow 255.

51
MySQL

• If you use MySQL, or other databases, you might
  not be able to use the rs.AddNew, rs(field)
  something, rs.Update syntax. You might have to
  work in real SQL.
• sql INSERT INTO TableName (id, q1, q3) VALUES
  (123, 5, 3)
• Do this by making one string for the first half,
  a second string for the second half, and
  concatenating them together at the end.

52
MySQL

• sql1 INSERT INTO TableName (
• sql2 VALUES (
• ...
• sql1 sql1 id,
• sql2 sql2 (123,
• ...
• sql1 sql1 q1,
• sql2 sql2 5,
• ...
• sql sql1 sql2

53
SQL Server

• SQL Server is Microsofts high end database.
• Im pretty sure that you can still use the
  rs.AddNew, rs(field) something, rs.Update
  syntax.
• SQL Server will also import Access files.

54
PHP

• PHP is a free scripting engine available from
  www.php.net
• The general idea is exactly the same as ASP but
  the syntax is different.
• ASP lt Response.write Hello Worldgt
• PHP lt?php echo 'Hello World' ?gt

55
JSP

• JSP stands for Java Server Pages and is another
  way to write dynamic web pages.
• lt! String message "Hello, World" gtlt
  messagegt

56
Flash and Java

• Flash or Shockwave is a wonderful plug-in for
  web browsers which allows your web page to do
  amazing things with little or no programming on
  your part.
• Java also gives your web pages magic powers but
  it usually involves more programming.
• You embed these objects into your web page
  using the ltobjectgt tag.

57
CGI

• CGI stands for Common Gateway Interface.
• It is how dynamic web pages were written before
  ASP, JSP, and PHP.
• A common use is when your web hosting company
  provides you with a CGI program that will email
  you the contents of a form.
• You usually do this by making your form action
  attribute point to the program and putting other
  information, such as your email address, into
  hidden fields.

58
Email

• You can have a web page email its contents to you
  in ASP by using the CDONTS (see-don-ts) command
• server.CreateObject("CDONTS.Newmail")
• Consult google.com or other sources for exactly
  how to do this.

59
Upload

• You can also allow people to upload a file to the
  server.
• It is complicated and a security risk but it can
  be done.

60
Miscellaneous Tips

• I suggest making a complete backup of (all or
  pieces of) your website before you work on it. I
  like to copy the entire folder on my computer and
  save it to a different name, such as todays
  date.
• If FTP garbles your database, which happens
  sometimes, or you keep getting errors and cant
  figure out why, it is nice to be able to roll
  back to a previous version in a different folder.

61
Miscellaneous Tips

• It is best to avoid spaces everywhere, such as in
  file name, field names, variable names, form
  element names. Sometimes spaces cause problems.
  Use hyphens or underscores instead.
• You can use DreamWeaver or FrontPage to write the
  HTML version of your web pages and then use
  Textpad to make the processing pages.

62
ASP Errors

• Type mismatch almost always means that some
  field in your database was expecting a number but
  you gave it something else.
• If a form element is outside of the ltformgtlt/formgt
  tags, it will submit nothing to the database.
  Nothing isnt a number!
• If someone entered text into a text box that you
  intended to be a number, you might get this
  error. Use dropdowns for numbers or JavaScript
  isNaN to force the answer to be a number.
• If you accidentally put the same form element
  into the form twice, the result will not be a
  number. Delete one of them.

63
ASP Errors

• You get a strange error when you open the
  database, but you dont see anything wrong.
• Make sure you have included the adovbs.inc file
  into your page.