View Full Version : Using ASP to view database

07-09-2007, 09:37 PM
I have a form and table in ASP, and a SQL server database. How do I send my information from the form to the database to the table? I believe I have to use VBScript, but I'm at a loss. Any help would be great.

07-09-2007, 10:53 PM
The basic idea is that you retrieve the info using either Request.Form (if the form's method is POST) or Request.QueryString (if the form's method is GET) in your ASP code, connect to your database, and execute a query on your database using the input from the form. The first thing you'll need to know is what database you are using, MS SQL Server, Access, etc. This will determine the connection string you use. There is a lot of info to give you on this subject, so it's best that you find tutorials online, attempt to do it yourself, and when you hit a roadblock, you can come on here and get some help.

Here are a couple tutorial to get you started:


07-10-2007, 12:39 AM
Since you are using SQL Server, write a Stored Procedure to handle the input of the data into the database table. This way you only have to set permissions on that procedure. It is much more difficult to do a SQL Interjection attack if the input is handled with a Stored Procedure. Then using the Command object input the data. This is also done as a safety precaution to further prevent SQL Interjection attacks as well as errors.

Here is a simple example for a very simple user survey

'asp code to handle the input of the data
Dim HowHeard
Dim EasyComplete
Dim WhereApply
Dim Comments

HowHeard = Request.Form("howHeard")
If Len(Request.Form("easyComplete")) = 0 Then
EasyComplete = 0
EasyComplete = Request.Form("easyComplete")
End If
WhereApply = Request.Form("whereApply")
Comments = Request.Form("comments")
If Len(Comments) > 1000 Then Comments = Left(Request.Form("comments"),1000)
If Comments = "" Then Comments = "No Comments"
On Error Resume Next
Set oConn = Server.CreateObject("ADODB.Connection")
oConn.Open myDSN
Set cmd = Server.CreateObject("ADODB.Command")
With cmd
Set .ActiveConnection = oConn
.CommandType = adCmdStoredProc
.CommandText = "dbo.sp_AddSurvey"
.Parameters.Append .CreateParameter("@HowHeard",adVarChar,adParamInput,Len(HowHeard),HowHeard)
.Parameters.Append .CreateParameter("@Easy",adBoolean,adParamInput,1, EasyComplete)
.Parameters.Append .CreateParameter("@WhereApply",adVarChar,adParamInput,Len(WhereApply),WhereApply)
.Parameters.Append .CreateParameter("@Comments",adVarChar,adParamInput,Len(Comments),Comments)
End With
Set cmd = Nothing
Set oConn = Nothing
If Err.Number = 0 Then
Response.Write "<br><br>Thank you for applying with the " & Company & ". Your information has been recieved. You may log off now."
Response.Write "Error adding record."
End If

--stored procedure code to handle input of the data

@HowHeard varchar(20),
@Easy bit,
@WhereApply varchar(11),
@Comments varchar(1000)




07-10-2007, 02:32 AM
I suggest taking a look at the database examples on this site.


07-11-2007, 09:27 PM
Do I put all of this code in it's own asp file or what? I have no idea where any of the code goes. I have a DB set up on a SQL Server and a table with columns that need to be filled by the DB...

07-12-2007, 12:31 AM
If you use a stored procedure to insert the data, then that code gets saved in that database on the SQL Server. The rest of the code goes on the ASP page between asp delimiters. (<% &>)