mark dixon 1 22 – web applications: writing data to databases using asp.net
TRANSCRIPT
Mark Dixon 1
22 – Web applications:Writing data to Databases
using ASP.Net
Mark Dixon 2
Questions: HTML in VB• Are these correct (assume variables and
fields exist)?
f = f + r("Description")
h = h + r("<br />Name")
a = "<p>" + a "</p>"
html = html + <img src=face.gif />
h = "<table>" + h + "</table>"
Mark Dixon 3
Questions: Databases• How many primary keys?• How many foreign keys?
32
PlantPlantID EnglishName ScientificName Price Toxic FileName
1 Foxglove Digitalis purpurea 2.5 TRUE Foxglove.jpg2 Daisy Bellis perennis 0.45 FALSE Daisy.jpg3 Hemlock Conium maculatum 8.79 TRUE Hemlock.jpg4 Marsh Mallow Althaea officinalis 3.25 FALSE MarshMallow.jpg5 Lords-and-Ladies Arum maculatum 2.25 TRUE Lords.jpg6 Wild Carrot Daucus carota 1.25 FALSE WildCarrot.jpg7 Bluebell Hyacinthoides non-scripta 1.8 FALSE Bluebell.jpg8 Common Poppy Papaver rhoeas 1.28 FALSE Poppy.jpg
OrderOrderID CustID PlantID Quantity Date Current
1 1 7 10 14-Mar-06 TRUE2 2 5 2 14-Mar-06 TRUE3 1 3 1 14-Mar-06 FALSE5 2 4 4 14-Mar-06 FALSE
46 1 2 9 09-Jun-06 FALSE
CustomerCustID Surname Forenames email Password
1 Dixon Mark [email protected] a2 Jones Sally [email protected] sally
Mark Dixon 4
Session Aims & Objectives• Aims
– To introduce the fundamental ideas involved in using server-side code to write data to databases
• Objectives,by end of this week’s sessions, you should be able to:
– create an ASP web page that allows the user to store data in database
Mark Dixon 5
Advice• Don’t
– put anything on desktop– Especially database
Mark Dixon 6
Example: Person v1 (Specification)
• User requirement:– Display people's details from database online– need 2 pages:
smithjonesdixon
list of people
jonessally
person's details
Mark Dixon 7
Example: PeopleList.aspx v1<%@ Page Language="VB" %><%@ Import Namespace="System.Data.ODBC" %><script runat="server">
Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & r("Surname") & "<br />" Loop cn.Close parData.InnerHtml = s End Sub</script>
<html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body></html>
Mark Dixon 8
Example: PeopleList.aspx v2<%@ Page Language="VB" %><%@ Import Namespace="System.Data.ODBC" %><script runat="server">
Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & "<a href='Person.aspx?id=" & r("ID") & "'>" s = s & r("Surname") & "</a><br />" Loop cn.Close parData.InnerHtml = s End Sub</script>
<html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body></html>
now links
Mark Dixon 9
Example: Person.aspx v2<%@ Page Language="VB" %><%@ Import Namespace="System.Data.ODBC" %><script runat="server">
Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim sql As String Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() s = "" If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub</script>
<html> <head><title></title></head> <body> <a href="PeopleList2.aspx">Back to People List</a><br /> <form runat="server"> Surname: <input id="txtSurname" runat="server" /><br /> <input id="btnSave" type="submit" value="Save" runat="server" /> </form> </body></html>
reads querystring(from previous page)
displays data forselected record only
Mark Dixon 10
Example: Person v2 (Specification)
• User requirement:Display person’s details from database online
– Change surname and save to database
Mark Dixon 11
Changing Data• SQL
– INSERT: inserts a new recordINSERT INTO Person (Surname, Age) VALUES ('Smith', 21);
– UPDATE: makes changes to specified recordUPDATE Person Set Surname = 'Smith', Age = 21 WHERE id = 14;
– DELETE: deletes specified recordDELETE FROM Person WHERE id = 14
Mark Dixon 12
WARNING!!• All changes permanent (no undo)
• WHERE clause is CRITICAL
DELETE FROM Person;
Will delete ALL records in table
Mark Dixon 13
Example: Person.aspx v3 (error)<%@ Page Language="VB" %><%@ Import Namespace="System.Data.ODBC" %><script runat="server">Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";"Dim cn As New OdbcConnection(cs)
Sub Page_Load() Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub</script>
Save buttonexecutes SQL UPDATE
PROBLEM: Page_Loadre-reads old surname first
Mark Dixon 14
Example: Person.aspx v3b<%@ Page Language="VB" %><%@ Import Namespace="System.Data.ODBC" %><script runat="server">Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";"Dim cn As New OdbcConnection(cs)
Sub Page_LoadComplete(s As Object, e As EventArgs) Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub</script>
Save buttonexecutes SQL UPDATE
Fix: Use Page_LoadComplete
Mark Dixon 15
Example: Person.aspx v3cDim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";"Dim cn As New OdbcConnection(cs)Dim sql As String
Sub Page_Load() cn.Open() End Sub
Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cmd.ExecuteNonQuery() End Sub
Sub Page_LoadComplete(s As Object, e As EventArgs) Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub
• Page_Load: first• Click events• Page_LoadComplete:
last
Mark Dixon 16
Database Permissions• Generally
– Read: works by default– Write: requires permissions
• Asp.Net pages run as user:– Visual Studio
• Logged in user
– IIS• ASP.Net Account• NETWORKSERVICE• IIS APPPOOL\DefaultAppPool
Mark Dixon 17
Database Permissions 1• Windows Explorer
– Tools– Folder Options– View Tab
• Need to turn'simple file sharing' off(as this disables the security tab in file properties)
Mark Dixon 18
Database Permissions 2• In order for ASP to
write to a database– Need to give write
access to Internet Guest Account for database file (People.mdb)
• Right-click on file in Windows Explorer(the following screens are for Windows XP)
Mark Dixon 19
Database Permissions 3• Click Security tab
• Click Add button
Mark Dixon 20
Database Permissions 4• Click Advanced
button
Mark Dixon 21
• Select Internet Guest Account IUSR_ … ClickFind button
Clickuser
ClickOK button
Database Permissions 5
Mark Dixon 22
Database Permissions 6• Select Internet
Guest Account
• Ensure writeaccess is on
• Repeat forASPNET account
Mark Dixon 23
Tutorial Exercise: Person• Task 1: Get the Person (v1) example from the lecture
working.• Task 2: Modify your code, so that forename is displayed as
well as surname (use a table).• Task 3: Get the Person (v2 and v3) example from the
lecture working.• Task 3: Modify your code, so that a line of text is displayed
confirming that data has been saved.• Task 4: Modify your code, so that an add button is
included, which allows a new record to be added.• Task 5: Modify your code, so that a delete button is
included, which allows the current record to be deleted.