Every time we hit a new error in ASP work, add the rule here so Claude never hits it again. Currently tracking 28 rules.
Paste directly from an error message or Claude's fix explanation. Only Category and Title are required — fill in what you have.
Click Edit on any row to load it into the form above. Deleting soft-archives the rule (IsActive=0) — not gone forever, but hidden from GetCodingRules.asp.
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 8.1 | Request.Cookies — coerce with & "" and always validate | critical | cookie,auth,security | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 3.1 | MARS deadlock — one open recordset per connection | critical | database,mars,recordset,sqlserver | on | |
| 3.2 | Always close recordsets and null the reference | warning | database,recordset,cleanup | on | |
| 3.3 | Always SQL-escape user values before building SQL | critical | database,security,sql-injection | on | |
| 3.4 | Clamp form input lengths to column width before SQL | warning | database,validation,input | on | |
| 3.5 | Migrations must be idempotent | warning | database,migration,idempotent | on | |
| 3.6 | Admin check on BN_Members is MemberRole='admin', NOT a boolean IsAdmin column | critical | database,schema,admin,members,bn_members | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 9.1 | Master defensive pattern — never let data crash the page | critical | error-handling,defensive | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 4.1 | Define helper Functions at the TOP of the ASP file | warning | file-organization,hoisting | on | |
| 4.2 | Never use <!--#include--> inside a conditional | warning | file-organization,include | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 7.1 | Always HTMLEncode user-provided values | critical | html,xss,escape | on | |
| 7.2 | Use a separate attribute-safe escape for HTML attributes | warning | html,escape,attribute | on | |
| 7.3 | JS-safe inline needs a JSReady helper | warning | html,javascript,escape | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 6.1 | Use ===SECTION=== delimiters, not nested JSON-in-string | critical | ai,llm,parsing,gemini | on | |
| 6.2 | Set maxOutputTokens generously (8192+) | warning | ai,llm,tokens,gemini | on | |
| 6.3 | In the system prompt, say "no JSON, no markdown, no preamble" | warning | ai,llm,prompting | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 2.1 | Null & "" = Null (not "") | critical | null,vbscript,string | on | |
| 2.2 | Always coerce recordset field reads with & "" | critical | null,recordset,database | on | |
| 2.3 | Mid/Left/InStr on non-string Variants throws Type mismatch | critical | null,vbscript,string,dictionary | on | |
| 2.4 | CDate can throw Type mismatch even when IsDate is True | critical | date,cdate,vbscript | on | |
| 2.5 | Read migration-added columns defensively | warning | migration,schema,defensive | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 5.1 | Coerce every form value with & "" before using | warning | input,form,coerce | on | |
| 5.2 | Validate numeric input with IsNumeric before casting | critical | input,validation,numeric | on | |
| 5.3 | Multi-valued checkboxes join with ", " automatically | best-practice | input,form,checkbox | on |
| # | Title | Sev | Tags | Active | |
|---|---|---|---|---|---|
| 1.1 | Identifiers cannot start with an underscore | critical | vbscript,syntax,naming | on | |
| 1.2 | Single-line If/Then cannot be chained with ElseIf | critical | vbscript,syntax,control-flow | on | |
| 1.3 | Functions return by assigning to the function name | critical | vbscript,syntax,function | on | |
| 1.4 | VBScript has no native IIf — define your own | critical | vbscript,syntax,iif | on |