Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 6 of 6
  1. #1
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Using ASP to view database

    I have a form and table in ASP, and a SQL server database. How do I send my information from the form to the database to the table? I believe I have to use VBScript, but I'm at a loss. Any help would be great.

  • #2
    Senior Coder TheShaner's Avatar
    Join Date
    Sep 2005
    Location
    Orlando, FL
    Posts
    1,126
    Thanks
    2
    Thanked 40 Times in 40 Posts
    The basic idea is that you retrieve the info using either Request.Form (if the form's method is POST) or Request.QueryString (if the form's method is GET) in your ASP code, connect to your database, and execute a query on your database using the input from the form. The first thing you'll need to know is what database you are using, MS SQL Server, Access, etc. This will determine the connection string you use. There is a lot of info to give you on this subject, so it's best that you find tutorials online, attempt to do it yourself, and when you hit a roadblock, you can come on here and get some help.

    Here are a couple tutorial to get you started:
    http://www.scit.wlv.ac.uk/~jphb/sst/asp/asp3.html
    http://www.tutorial-web.com/asp/database/asp.asp

    -Shane

  • #3
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Since you are using SQL Server, write a Stored Procedure to handle the input of the data into the database table. This way you only have to set permissions on that procedure. It is much more difficult to do a SQL Interjection attack if the input is handled with a Stored Procedure. Then using the Command object input the data. This is also done as a safety precaution to further prevent SQL Interjection attacks as well as errors.

    Here is a simple example for a very simple user survey
    Code:
    'asp code to handle the input of the data
    Dim HowHeard
    Dim EasyComplete
    Dim WhereApply
    Dim Comments
    	
    HowHeard = Request.Form("howHeard")
    If Len(Request.Form("easyComplete")) = 0 Then
    	EasyComplete = 0
    Else
    	EasyComplete = Request.Form("easyComplete")
    End If
    WhereApply = Request.Form("whereApply")
    Comments = Request.Form("comments")
    If Len(Comments) > 1000 Then Comments = Left(Request.Form("comments"),1000)
    If Comments = "" Then Comments = "No Comments"
    On Error Resume Next
    Set oConn = Server.CreateObject("ADODB.Connection")
    oConn.Open myDSN
    Set cmd = Server.CreateObject("ADODB.Command")
    With cmd
    	Set .ActiveConnection = oConn
    	.CommandType = adCmdStoredProc
    	.CommandText = "dbo.sp_AddSurvey"
    	.Parameters.Append .CreateParameter("@HowHeard",adVarChar,adParamInput,Len(HowHeard),HowHeard)
    	.Parameters.Append .CreateParameter("@Easy",adBoolean,adParamInput,1, EasyComplete)
    	.Parameters.Append .CreateParameter("@WhereApply",adVarChar,adParamInput,Len(WhereApply),WhereApply)
    	.Parameters.Append .CreateParameter("@Comments",adVarChar,adParamInput,Len(Comments),Comments)
    	.Execute
    End With 
    Set cmd = Nothing
    oConn.Close
    Set oConn = Nothing
    If Err.Number = 0 Then
    	Response.Write "<br><br>Thank you for applying with the " & Company & ".  Your information has been recieved. You may log off now." 
    Else
    	Response.Write "Error adding record."
    End If

    Code:
    --stored procedure code to handle input of the data
    CREATE PROCEDURE sp_AddSurvey
    
    @HowHeard varchar(20),
    @Easy bit,
    @WhereApply varchar(11),
    @Comments varchar(1000)
    
    AS
    
    INSERT INTO 
    	Survey
    VALUES
    	(
    		@HowHeard,
    		@Easy,
    		@WhereApply,
    		@Comments,
    		GETDATE()
    	)
    
    
    GO

  • #4
    New Coder
    Join Date
    Jul 2007
    Location
    North Carolina, US
    Posts
    32
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I suggest taking a look at the database examples on this site.

    http://www.asp101.com/samples/

  • #5
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Do I put all of this code in it's own asp file or what? I have no idea where any of the code goes. I have a DB set up on a SQL Server and a table with columns that need to be filled by the DB...

  • #6
    Senior Coder
    Join Date
    Dec 2002
    Location
    Arlington, Texas USA
    Posts
    1,062
    Thanks
    4
    Thanked 8 Times in 8 Posts
    If you use a stored procedure to insert the data, then that code gets saved in that database on the SQL Server. The rest of the code goes on the ASP page between asp delimiters. (<% &>)


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •