Export (0) Print
Expand All
7 out of 32 rated this helpful - Rate this topic

Request.ServerVariables Collection

IIS 6.0

The ServerVariables collection retrieves the values of predetermined environment variables and request header information.

Server variables obtain most of their information from headers. It is wise to not trust the data that is contained in headers, as this information can be falsified by malicious users. For example, do not rely on data such as cookies to securely identify a user.

Important noteImportant Note:

As a security precaution, always encode header data or user input before using it. A general method of encoding data is to use Server.HTMLEncode. Alternatively, you can validate header data and user input with a short function such as the one described in Validating User Input to Avoid Attacks. For more detailed information about developing secure Web applications, see chapter 12 of MS Press - Writing Secure Code.

NoteNote:

The full list of IIS server variables is available in the IIS Server Variables topic.

Request.ServerVariables(server environment variable)

server environment variable

Specifies the name of the server environment variable to retrieve. It can be one of the variables listed in IIS Server Variables.

If a client request includes a header other than those specified in the IIS Server Variables table, you can retrieve the value of that header by preceding the header name with "HTTP_" in the call to Request.ServerVariables. For example, if the client sends a header such as SomeNewHeader:SomeNewValue, you can retrieve SomeNewValue by using the following syntax:

<% Request.ServerVariables("HTTP_SomeNewHeader") %> 

IIS cannot create client headers. Only a client application, such as a Web browser, can send new headers through an HTTP request. If you want to send hidden data between the client and the server, consider setting and retrieving cookies with Response.Cookies and Request.Cookies. If a client does not accept cookies, you can use the following HTML form tag to send hidden data and retrieve it using the Request.Form collection:

<FORM ACTION = "myfile.asp" METHOD = "post"> 
<INPUT NAME="hiddendata" TYPE="hidden" VALUE="secret value"> 
<INPUT TYPE = SUBMIT> 
</FORM>

However, this requires the user to click a button. Alternatively, you can store data in the Session.Contents collection if sessions are enabled on your Web site.

The following classic ASP example displays several server variables by name:

<html>
<body>
<table border="1">
   <tr>
      <td>ALL_HTTP server variable:</td>
      <td><%=Request.ServerVariables("ALL_HTTP")%></td>
   </tr>
   <tr>
      <td>CONTENT_LENGTH server variable:</td>
      <td><%=Request.ServerVariables("CONTENT_LENGTH")%></td>
   </tr>
   <tr>
      <td>CONTENT_TYPE server variable:</td>
      <td><%=Request.ServerVariables("CONTENT_TYPE")%></td>
   </tr>
   <tr>
      <td>QUERY_STRING server variable:</td>
      <td><%=Request.ServerVariables("QUERY_STRING")%></td>
   </tr>
   <tr>
      <td>SERVER_SOFTWARE server variable:</td>
      <td><%=Request.ServerVariables("SERVER_SOFTWARE")%></td>
   </tr>
</table>
</body>
</html>

The following classic ASP example uses the VBScript For Each loop to iterate through each existing server variable name. Some will be empty if you have Anonymous Access enabled. The following script lists all of the server variables in a table:

<html>
<body>
<table border="1">
   <tr>
      <td><b>Server Variable</b></td>
      <td><b>Value</b></td>
   </tr>
   <% For Each strKey In Request.ServerVariables %>
   <tr>
      <td><%= strKey %></td>
      <td><%= Request.ServerVariables(strKey) %></td>
   </tr>
   <% Next %>
</table>
</body>
</html>

The following classic ASP example specifies the URL of the request into the action attribute for an HTML form, thereby creating a postback page.

<html>
<body>
<form method="POST" action="<%=Request.ServerVariables("URL")%>">
   <p><input type="text" name="MyText" size="20"></p>
   <p><input type="submit" value="Submit"> <input type="reset" value="Reset"></p>
</form>
</body>
</html>

Client: Requires Windows XP Professional, Windows 2000 Professional, or Windows NT Workstation 4.0.

Server: Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.

Product: IIS

Show:
© 2014 Microsoft. All rights reserved.