The StatCounter.asp "image"

The image file that the browser tries to open is the normal asp file shown below.

<%@ Language=JavaScript    %> <!--#include file = "include/Config.asp"--> <%    // are we configured to store stats?    if ( !bStoreStats )       Response.End ( );    // get raw data    var sAgent = "" + Request.ServerVariables("HTTP_USER_AGENT");    var sIP = "" + Request.ServerVariables("REMOTE_ADDR");    var sRefer = "" + Request.QueryString( 'refer' );    var sPage = "" + Request.QueryString ( 'url' );    var sWidth = "" + Request.QueryString ( 'width' );    // for pages viewed without JavaScript..    if ( sPage == "undefined" )       sPage = "" + Request.ServerVariables("HTTP_REFERER");    if ( sRefer == "undefined" )       sRefer = "n/a";    if ( sWidth == "undefined" )       sWidth = "n/a";    // dont store any pages that contain my password    // (see http://CoverYourASP.com/Security.asp)    if ( -1 == sPage.indexOf ( sPassword ) &&          // also don't store any pages that start with          // an underscore - they're my private files!          '_' != sPage.charAt ( 0 ) )    {       // for reporting purposes let's strip off all the fluff       // such as http://, any www that appears, etc.       // this will mean our reports will show as few as       // possible duplicate URLs       // make everything lowercase       sAgent = sAgent.toLowerCase ( );       sRefer = sRefer.toLowerCase ( );       sPage = sPage.toLowerCase ( );       // strip off http:// if present       sRefer = RemoveFluff ( sRefer, 'http://' );       sPage = RemoveFluff ( sPage, 'http://' );       // slice off www if present       sRefer = RemoveFluff ( sRefer, 'www.' );       sPage = RemoveFluff ( sPage, 'www.' );       // create database connection       oConnection = Server.CreateObject( 'ADODB.Connection' );       // open connection       oConnection.Open( sConnectionString );       // add record to Stats table       oConnection.Execute ( 'INSERT INTO Stats (Width,Agent,Refer,IP,Page) VALUES (\'' + sWidth + '\',\'' + sAgent + '\',\'' + sRefer + '\',\'' + sIP + '\',\'' + sPage + '\');' );       // close connection       oConnection.Close();    } // ============================================ // remove sFluff from sURL if present at start of sURL // ============================================ function RemoveFluff ( sURL, sFluff ) {    if ( 0 == sURL.indexOf ( sFluff ) )       sURL = sURL.slice ( sFluff.length );    return sURL; } %>

After the normal SSI, I get some data from the client (via the URL) and some from the server (via Request.ServerVariables).

For pages viewed without JavaScript I found the page being viewed from the ServerVariables too.

I then stopped the counter from storing any URL that contained my password, for obvious reasons, and set everything to lowercase (to help with sorting reports later).

Lastly, I opened my database and INSERT'ed the data into my Stats table.

Could that BE any easier?!!