230 likes | 325 Views
22 – Web applications: Writing data to Databases using ASP.Net. Questions: HTML in VB. Are these correct (assume variables and fields exist)? f = f + r(" Description ") h = h + r("<br /> Name ") a = "<p>" + a "</p>" html = html + <img src=face.gif /> h = " <table> " + h + "</table>".
E N D
22 – Web applications:Writing data to Databasesusing ASP.Net
Questions: HTML in VB • Are these correct (assume variables and fields exist)? f = f + r("Description") h = h + r("<br />Name") a = "<p>" + a"</p>" html = html + <img src=face.gif /> h = "<table>" + h + "</table>"
Questions: Databases 3 • How many primary keys? • How many foreign keys? 2
Session Aims & Objectives • Aims • To introduce the fundamental ideas involved in using server-side code to write data to databases • Objectives,by end of this week’s sessions, you should be able to: • create an ASP web page that allows the user to store data in database
Advice • Don’t • put anything on desktop • Especially database
Example: Person v1 (Specification) • User requirement: • Display people's details from database online • need 2 pages: jones sally smith jones dixon person's details list of people
Example: PeopleList.aspx v1 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & r("Surname") & "<br />" Loop cn.Close parData.InnerHtml = s End Sub </script> <html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body> </html>
Example: PeopleList.aspx v2 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & "<a href='Person.aspx?id=" & r("ID") & "'>" s = s & r("Surname") & "</a><br />" Loop cn.Close parData.InnerHtml = s End Sub </script> <html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body> </html> now links
Example: Person.aspx v2 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim sql As String Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() s = "" If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub </script> <html> <head><title></title></head> <body> <a href="PeopleList2.aspx">Back to People List</a><br /> <form runat="server"> Surname: <input id="txtSurname" runat="server" /><br /> <input id="btnSave" type="submit" value="Save" runat="server" /> </form> </body> </html> reads querystring (from previous page) displays data for selected record only
Example: Person v2 (Specification) • User requirement: • Display person’s details from database online • Change surname and save to database
Changing Data • SQL • INSERT: inserts a new record INSERT INTO Person (Surname, Age) VALUES ('Smith', 21); • UPDATE: makes changes to specified record UPDATE Person Set Surname = 'Smith', Age = 21 WHERE id = 14; • DELETE: deletes specified record DELETE FROM Person WHERE id = 14
WARNING!! • All changes permanent (no undo) • WHERE clause is CRITICAL DELETE FROM Person; Will delete ALL records in table
Example: Person.aspx v3 (error) <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Sub Page_Load() Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub </script> Save buttonexecutes SQL UPDATE PROBLEM: Page_Loadre-reads old surname first
Example: Person.aspx v3b <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Sub Page_LoadComplete(s As Object, e As EventArgs) Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub </script> Save buttonexecutes SQL UPDATE Fix: Use Page_LoadComplete
Example: Person.aspx v3c Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim sql As String Sub Page_Load() cn.Open() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cmd.ExecuteNonQuery() End Sub Sub Page_LoadComplete(s As Object, e As EventArgs) Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub • Page_Load: first • Click events • Page_LoadComplete: last
Database Permissions • Generally • Read: works by default • Write: requires permissions • Asp.Net pages run as user: • Visual Studio • Logged in user • IIS • ASP.Net Account • NETWORKSERVICE • IIS APPPOOL\DefaultAppPool
Database Permissions 1 • Windows Explorer • Tools • Folder Options • View Tab • Need to turn'simple file sharing' off(as this disables the security tab in file properties)
Database Permissions 2 • In order for ASP to write to a database • Need to give write access to Internet Guest Account for database file (People.mdb) • Right-click on file in Windows Explorer(the following screens are for Windows XP)
Database Permissions 3 • Click Security tab • Click Add button
Database Permissions 4 • Click Advanced button
Database Permissions 5 • Select Internet Guest Account IUSR_ … ClickFind buttonClickuserClickOK button
Database Permissions 6 • Select InternetGuest Account • Ensure writeaccess is on • Repeat forASPNET account
Tutorial Exercise: Person • Task 1: Get the Person (v1) example from the lecture working. • Task 2: Modify your code, so that forename is displayed as well as surname (use a table). • Task 3: Get the Person (v2 and v3) example from the lecture working. • Task 3: Modify your code, so that a line of text is displayed confirming that data has been saved. • Task 4: Modify your code, so that an add button is included, which allows a new record to be added. • Task 5: Modify your code, so that a delete button is included, which allows the current record to be deleted.