22 – Web applications: Writing data to Databases using ASP.Net

22 – Web applications:Writing data to Databasesusing ASP.Net

Questions: HTML in VB • Are these correct (assume variables and fields exist)? f = f + r("Description") h = h + r("<br />Name") a = "<p>" + a"</p>" html = html + <img src=face.gif /> h = "<table>" + h + "</table>"     

Questions: Databases 3 • How many primary keys? • How many foreign keys? 2

Session Aims & Objectives • Aims • To introduce the fundamental ideas involved in using server-side code to write data to databases • Objectives,by end of this week’s sessions, you should be able to: • create an ASP web page that allows the user to store data in database

Advice • Don’t • put anything on desktop • Especially database

Example: Person v1 (Specification) • User requirement: • Display people's details from database online • need 2 pages: jones sally smith jones dixon person's details list of people

Example: PeopleList.aspx v1 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & r("Surname") & "<br />" Loop cn.Close parData.InnerHtml = s End Sub </script> <html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body> </html>

Example: PeopleList.aspx v2 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String cmd = New OdbcCommand("SELECT * FROM Person;", cn) cn.Open() r = cmd.ExecuteReader() s = "" Do While r.Read() s = s & "<a href='Person.aspx?id=" & r("ID") & "'>" s = s & r("Surname") & "</a><br />" Loop cn.Close parData.InnerHtml = s End Sub </script> <html> <head><title></title></head> <body> <p id="parData" runat="server"></p> </body> </html> now links

Example: Person.aspx v2 <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Sub Page_Load() Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim sql As String Dim cn As New OdbcConnection(cs) Dim cmd As OdbcCommand Dim r As OdbcDataReader Dim s As String sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() s = "" If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub </script> <html> <head><title></title></head> <body> <a href="PeopleList2.aspx">Back to People List</a><br /> <form runat="server"> Surname: <input id="txtSurname" runat="server" /><br /> <input id="btnSave" type="submit" value="Save" runat="server" /> </form> </body> </html> reads querystring (from previous page) displays data for selected record only

Example: Person v2 (Specification) • User requirement: • Display person’s details from database online • Change surname and save to database

Changing Data • SQL • INSERT: inserts a new record INSERT INTO Person (Surname, Age) VALUES ('Smith', 21); • UPDATE: makes changes to specified record UPDATE Person Set Surname = 'Smith', Age = 21 WHERE id = 14; • DELETE: deletes specified record DELETE FROM Person WHERE id = 14

WARNING!! • All changes permanent (no undo) • WHERE clause is CRITICAL DELETE FROM Person; Will delete ALL records in table

Example: Person.aspx v3 (error) <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Sub Page_Load() Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub </script> Save buttonexecutes SQL UPDATE PROBLEM: Page_Loadre-reads old surname first

Example: Person.aspx v3b <%@ Page Language="VB" %> <%@ Import Namespace="System.Data.ODBC" %> <script runat="server"> Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Sub Page_LoadComplete(s As Object, e As EventArgs) Dim sql As String Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) cn.Open() r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand Dim sql As String sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cn.Open() cmd.ExecuteNonQuery() cn.Close End Sub </script> Save buttonexecutes SQL UPDATE Fix: Use Page_LoadComplete

Example: Person.aspx v3c Dim cs As String = "Driver={Microsoft Access Driver (*.mdb, *.accdb)};" + _ "Dbq=" + Server.MapPath("People.accdb") + ";" Dim cn As New OdbcConnection(cs) Dim sql As String Sub Page_Load() cn.Open() End Sub Sub btnSave_Click(s As Object, e As EventArgs) Handles btnSave.ServerClick Dim cmd As OdbcCommand sql = "UPDATE [Person] " + _ " SET [Surname] = '" + txtSurname.Value + "'" + _ " WHERE id = " & Request.QueryString("id") & ";" cmd = New OdbcCommand(sql, cn) cmd.ExecuteNonQuery() End Sub Sub Page_LoadComplete(s As Object, e As EventArgs) Dim cmd As OdbcCommand Dim r As OdbcDataReader sql = "SELECT * FROM Person WHERE id=" & Request.QueryString("id") cmd = New OdbcCommand(sql, cn) r = cmd.ExecuteReader() If r.Read() Then txtSurname.Value = r("Surname") End If cn.Close() End Sub • Page_Load: first • Click events • Page_LoadComplete: last

Database Permissions • Generally • Read: works by default • Write: requires permissions • Asp.Net pages run as user: • Visual Studio • Logged in user • IIS • ASP.Net Account • NETWORKSERVICE • IIS APPPOOL\DefaultAppPool

Database Permissions 1 • Windows Explorer • Tools • Folder Options • View Tab • Need to turn'simple file sharing' off(as this disables the security tab in file properties)

Database Permissions 2 • In order for ASP to write to a database • Need to give write access to Internet Guest Account for database file (People.mdb) • Right-click on file in Windows Explorer(the following screens are for Windows XP)

Database Permissions 3 • Click Security tab • Click Add button

Database Permissions 4 • Click Advanced button

Database Permissions 5 • Select Internet Guest Account IUSR_ … ClickFind buttonClickuserClickOK button

Database Permissions 6 • Select InternetGuest Account • Ensure writeaccess is on • Repeat forASPNET account

Tutorial Exercise: Person • Task 1: Get the Person (v1) example from the lecture working. • Task 2: Modify your code, so that forename is displayed as well as surname (use a table). • Task 3: Get the Person (v2 and v3) example from the lecture working. • Task 3: Modify your code, so that a line of text is displayed confirming that data has been saved. • Task 4: Modify your code, so that an add button is included, which allows a new record to be added. • Task 5: Modify your code, so that a delete button is included, which allows the current record to be deleted.

22 – Web applications: Writing data to Databases using ASP.Net

22 – Web applications: Writing data to Databases using ASP.Net

Presentation Transcript

Introduction to Data Management and Relational Databases

Scientific Databases Lecture: Hubble Space Telescope Science Databases

Zen and the Art of Macro Writing: Creating Global Programs That Can Be Accessed From Anywhere

Keyword Search on Structured and Semi-Structured Data

NoSQL and Big Data Processing Hbase , Hive and Pig, etc.

Data Mining

Advanced Topics in Data Mining: Association Rules

Data Management: Databases and Organizations Richard Watson

Data Management: Databases and Organizations Richard Watson

SQL Unit 19: Data Management: Databases and Organizations Richard Watson

Data Management: Databases and Organizations Richard Watson

Database Modeling and Introduction to SQL

SQL Unit 19: Data Management: Databases and Organizations Richard Watson

Chapter 22: Distributed Databases

Techniques for Indexing and Browsing Image/Video Databases

Distributed Databases

XML and Databases

HAPTER 4

Chapter 18: Distributed Databases

PART 2

DATA STRUCTURE

Chapter 3 Meta Data and Electronic Data Interchange