...

View Full Version : Using ASP to view database



SanChez
07-09-2007, 09:37 PM
I have a form and table in ASP, and a SQL server database. How do I send my information from the form to the database to the table? I believe I have to use VBScript, but I'm at a loss. Any help would be great.

TheShaner
07-09-2007, 10:53 PM
The basic idea is that you retrieve the info using either Request.Form (if the form's method is POST) or Request.QueryString (if the form's method is GET) in your ASP code, connect to your database, and execute a query on your database using the input from the form. The first thing you'll need to know is what database you are using, MS SQL Server, Access, etc. This will determine the connection string you use. There is a lot of info to give you on this subject, so it's best that you find tutorials online, attempt to do it yourself, and when you hit a roadblock, you can come on here and get some help.

Here are a couple tutorial to get you started:
http://www.scit.wlv.ac.uk/~jphb/sst/asp/asp3.html
http://www.tutorial-web.com/asp/database/asp.asp

-Shane

miranda
07-10-2007, 12:39 AM
Since you are using SQL Server, write a Stored Procedure to handle the input of the data into the database table. This way you only have to set permissions on that procedure. It is much more difficult to do a SQL Interjection attack if the input is handled with a Stored Procedure. Then using the Command object input the data. This is also done as a safety precaution to further prevent SQL Interjection attacks as well as errors.

Here is a simple example for a very simple user survey


'asp code to handle the input of the data
Dim HowHeard
Dim EasyComplete
Dim WhereApply
Dim Comments

HowHeard = Request.Form("howHeard")
If Len(Request.Form("easyComplete")) = 0 Then
EasyComplete = 0
Else
EasyComplete = Request.Form("easyComplete")
End If
WhereApply = Request.Form("whereApply")
Comments = Request.Form("comments")
If Len(Comments) > 1000 Then Comments = Left(Request.Form("comments"),1000)
If Comments = "" Then Comments = "No Comments"
On Error Resume Next
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Open myDSN
Set cmd = Server.CreateObject("ADODB.Command")
With cmd
Set .ActiveConnection = oConn
.CommandType = adCmdStoredProc
.CommandText = "dbo.sp_AddSurvey"
.Parameters.Append .CreateParameter("@HowHeard",adVarChar,adParamInput,Len(HowHeard),HowHeard)
.Parameters.Append .CreateParameter("@Easy",adBoolean,adParamInput,1, EasyComplete)
.Parameters.Append .CreateParameter("@WhereApply",adVarChar,adParamInput,Len(WhereApply),WhereApply)
.Parameters.Append .CreateParameter("@Comments",adVarChar,adParamInput,Len(Comments),Comments)
.Execute
End With
Set cmd = Nothing
oConn.Close
Set oConn = Nothing
If Err.Number = 0 Then
Response.Write "<br><br>Thank you for applying with the " & Company & ". Your information has been recieved. You may log off now."
Else
Response.Write "Error adding record."
End If





--stored procedure code to handle input of the data
CREATE PROCEDURE sp_AddSurvey

@HowHeard varchar(20),
@Easy bit,
@WhereApply varchar(11),
@Comments varchar(1000)

AS

INSERT INTO
Survey
VALUES
(
@HowHeard,
@Easy,
@WhereApply,
@Comments,
GETDATE()
)


GO

nbcrockett
07-10-2007, 02:32 AM
I suggest taking a look at the database examples on this site.

http://www.asp101.com/samples/

SanChez
07-11-2007, 09:27 PM
Do I put all of this code in it's own asp file or what? I have no idea where any of the code goes. I have a DB set up on a SQL Server and a table with columns that need to be filled by the DB...

miranda
07-12-2007, 12:31 AM
If you use a stored procedure to insert the data, then that code gets saved in that database on the SQL Server. The rest of the code goes on the ASP page between asp delimiters. (<% &>)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum