Tutorial:
Database - ASP - Add Security Users With Access Database
Dr.
Thomas E. Hicks
Computer Science
Department
Trinity University
IIS 5 Install on Windows XP Pro
IIS 5 Installation on Windows 2000 Pro/Server
It might even help to read a tutorial that describes the need for Database Web Applications.
Database Need For Web Applications
You may use the basic ideas of this tutorial for either the ODBC connection or the MapPath connection..
Database - ASP - ODBC Connections
Database - ASP - MapPath Connections
For purposes of discussion, let us suppose that an Access Database, called Security.mdb, resides at the root of drive C. (See Below!) When a database is installed on the web server, the necessary ODBC drivers are also installed. If the web server does not have the database installed, then the ODBC drivers will have to be downloaded and installed; this process differs from database to database and is beyond the scope of this paper. Microsoft Access and the appropriate ODBC drivers have been installed on the server illustrated below.
The Security Database is opened and the Tables tab is selected; in order to keep our example simplistic, the Security Database has only a single table, called Users. The contents of our very simple Users table can be seen below.
Each record in the Users table contains fields Name, No, Password, and IDNo; these will be needed later.
The datatypes of each field may be seen below.
The Security Database above was is ultra trivial application which had only one database table. Relational databases often have many tables; this is true of Access databases as well. This database may be downloaded.
We are going to place all of the ASP files in folder C:\Inetpub\wwwroot\ASP. We could place the database files anywhere on the drive. For security reasons, it is not a good idea to place them in the wwwroot directory.
For purposes of this tutorial, we shall assume that the Security database files are located in C:\Security. For purposes of this tutorial, we shall assume that the Security database is located in C:\.
The first page shall be called AddSecurityUser.asp. It shall be the responsibility of this page to prompt the user for a SoughtName, SoughtNo, and SoughtPassword and then transfer processing control to the second page.
The second page shall be called AddSecurityUserConfirmation.asp. It shall be the responsibility of this page to add the user to the database table if the information is complete. Control shall pass to a generic Error.asp page in the event that the NewName is blank. Control shall pass to a generic Error.asp page in the event that the NewNo is blank. Control shall pass to a generic Error.asp page in the event that the NewPassword is blank. Control shall pass to a generic Error.asp page in the event that the NewPassword is not numeric.
The autonumber field, IDNo shall be automatically completed by the database.
<%@ LANGUAGE = VBScript %> |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of ASP code begin with <% and end with %>.
<% Option Explicit %> |
This line of ASP code forces the programmer to explicitly declare each and every variable.
<% Response.Expires = 0 %> |
This line of ASP reloads the most recent database data each time the page is refreshed.
<!-- #include virtual = "../../Common/adovbs.inc" --> |
Variables, such as AdOpenDynamic and AdLockOptimistic are defined in the adovbs.inc file. I keep a copy of this file in folder C:\Inetpub\WWWRoot\Common.
<% '======================================================================== '======================================================================== '==== AddSecurityUser.asp ==== '======================================================================== '==== ==== '==== Purpose : Prompt the user for the User Name, No, and ==== '==== Password. Transfer info to page ==== '==== AddSecurityUserConfirmation.asp for processing. ==== '==== ==== '==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== '======================================================================== '======================================================================== %> |
The documentation block provides a brief statement of purpose.
<html> <head><title>Dr. Thomas E. Hicks - AddSecurityUser.asp </title></head> |
The HTML places Dr. Thomas E. Hicks - AddSecurityUser.asp in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">AddSecurityUser.asp<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> <hr> |
The HTML code above creates the following commercial at the top of the page.
AddSecurityUser.asp
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "POST"
ACTION = "AddSecurityUserConfirmation.asp">
|
This is a standard HTML form which shall provide the user an opportunity to enter information and submit/transfer that information to page AddSecurityUserConfirmation.asp.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Enter Name ==> and a 20 character text box in which to enter the information. Note that the name of the textbox is NewName; the post method will transfer this information to the confirmation page.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewNo"
SIZE = 10
MAXSIZE = 10></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Enter No ==> and a 10 character text box in which to enter the information. Note that the name of the textbox is NewNo; the post method will transfer this information to the confirmation page.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewPassword"
SIZE = 15
MAXSIZE = 15></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Enter Password ==> and a 15 character text box in which to enter the information. Note that the name of the textbox is NewPassword; the post method will transfer this information to the confirmation page.
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Add User To Database!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</CENTER></TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
The second row of the table shall contain a blue submit button whose caption is Display All Users With This Name Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<% Response.Expires = 0 %>
<!-- #include virtual = "../../Common/adovbs.inc" -->
<%
'========================================================================
'========================================================================
'==== AddSecurityUser.asp ====
'========================================================================
'==== ====
'==== Purpose : Prompt the user for the User Name, No, and ====
'==== Password. Transfer info to page ====
'==== AddSecurityUserConfirmation.asp for processing. ====
'==== ====
'==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
'========================================================================
'========================================================================
%>
<html>
<head><title>Dr. Thomas E. Hicks - AddSecurityUser.asp</title></head>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">AddSecurityUser.asp<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "POST"
ACTION = "AddSecurityUserConfirmation.asp">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Name
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter No
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewNo"
SIZE = 10
MAXSIZE = 10></B></FONT>
</TD></TR>
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Enter Password
<INPUT TYPE = "Text"
VALUE = ""
NAME = "NewPassword"
SIZE = 15
MAXSIZE = 15></B></FONT>
</TD></TR>
<TR><TD><CENTER>
<INPUT TYPE = "SUBMIT"
VALUE = "Add User To Database!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</CENTER></TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<%@ LANGUAGE = VBScript %> |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of ASP code begin with <% and end with %>.
<% Option Explicit %> |
This line of ASP code forces the programmer to explicitly declare each and every variable.
<% Response.Expires = 0 %> |
This line of ASP reloads the most recent database data each time the page is refreshed.
<!-- #include virtual = "../../Common/adovbs.inc" --> |
Variables, such as AdOpenDynamic and AdLockOptimistic are defined in the adovbs.inc file. I keep a copy of this file in folder C:\Inetpub\WWWRoot\Common.
<% '======================================================================== '======================================================================== '==== AddSecurityUserConfirmation.asp ==== '======================================================================== '==== ==== '==== Purpose : Transfer to page Error.asp and report error if ==== '==== user does not enter the Name. Transfer to page ==== '==== Error.asp and report error if user does not enter ==== '==== the No. Transfer to page Error.asp and report ==== '==== error if user does not enter the Password. ==== '==== Transfer to page Error.asp and report error if ==== '==== the No is not numeric. Add the new user to the ==== '==== database. ==== '==== ==== '==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== '======================================================================== '======================================================================== '------------------------------------------------------------------------ ' Declarations '------------------------------------------------------------------------ Dim Conn, UserSQL, UserRecordSet, ConnString Dim NewName, NewNo, NewPassword |
The documentation block provides a brief statement of purpose. Immediately following the documentation block are declarations for all of the variables used on this page.
'------------------------------------------------------------------------
' Initializations
'------------------------------------------------------------------------
NewName = Request("NewName")
NewNo = Request("NewNo")
NewPassword = Request("NewPassword")
|
Counter is initialized to 1. It shall be used to number the rows/records in the table.
NewName, NewNo, and NewPassword shall be passed to the confirmation page. You will not see them in the URL with the Post option.
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Name
'------------------------------------------------------------------------
If ( Len(NewName) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field Name"
Response.Redirect "Error.asp"
End If
|
If the user fails to enter a NewName, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewName blank, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A No
'------------------------------------------------------------------------
If ( Len(NewNo) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field No"
Response.Redirect "Error.asp"
End If
|
If the user fails to enter a NewNo, then the length will be zero. A successful add requires the NewNobe greater than zero. In the event that the user leaves the NewNo blank, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Password
'------------------------------------------------------------------------
If ( Len(NewPassword) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field Password"
Response.Redirect "Error.asp"
End If
|
If the user fails to enter a NewPassword, then the length will be zero. A successful add requires the NewNameto be greater than zero. In the event that the user leaves the NewPassword blank, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Numeric Value
'------------------------------------------------------------------------
If ( NOT IsNumeric(NewNo) ) Then
Session("Error") = "You Have Not Entered a Numerical Value For No"
Response.Redirect "Error.asp"
End If
|
If the user must enter a numerical value for NewNo. In the event that the user a non-numerical value, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
'------------------------------------------------------------------------
' Create The Console Object & MapPath Connection To The Server
'------------------------------------------------------------------------
'Create a Connection Object
Set Conn = Server.CreateObject("ADODB.Connection")
ConnString = "DBQ=" & Server.MapPath("../../../Security.mdb")
Conn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & ConnString
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnString contains part of the connection arguments. The Conn.Open opens the Security database and associates it with the connection object.
'------------------------------------------------------------------------
' Add The Record To The Database
'------------------------------------------------------------------------
UserSQL = " INSERT INTO Users (Name, No, Password) " &_
" VALUES (" &_
"'" & NewName & "', " &_
NewNo & ", " &_
"'" & NewPassword & "' " &_
Set UserRecordSet = Server.CreateObject ("ADODB.RecordSet")
UserRecordSet.Open UserSQL, Conn, AdOpenDynamic, AdLockOptimistic
|
The SQL query is to add the new record to the Users database table. The standard SQL statement which we are trying to emulate with the variables is
INSERT INTO Users (Name, No, Password)
VALUES ('Sherry', 3, 'Teacher')
<html><head> <title>Dr. Thomas E. Hicks - AddSecurityUserConfirmation.asp </title> </head> |
The HTML places Dr. Thomas E. Hicks - AddSecurityUserConfirmation.asp in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER> <font face="Arial" size="4">AddSecurityUserConfirmation.asp<br> Written By<br> Dr. Thomas E. Hicks</font></p> </CENTER> <hr> |
The HTML code above creates the following commercial at the top of the page.
AddSecurityUserConfirmation.asp
Written By
Dr. Thomas E. Hicks
<hr> <p><font color="#FF0000" face="Arial"> <% = NewName %> has been added to the database! </font></p> |
Although it is not essential, we are going to display the name of the user added to the database.
</BODY></HTML> |
The HTML code above simply ends the body and the document.
The complete code may be found below. A working model may be found at
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<% Response.Expires = 0 %>
<!-- #include virtual = "../../Common/adovbs.inc" -->
<%
'========================================================================
'========================================================================
'==== AddSecurityUserConfirmation.asp ====
'========================================================================
'==== ====
'==== Purpose : Transfer to page Error.asp and report error if ====
'==== user does not enter the Name. Transfer to page ====
'==== Error.asp and report error if user does not enter ====
'==== the No. Transfer to page Error.asp and report ====
'==== error if user does not enter the Password. ====
'==== Transfer to page Error.asp and report error if ====
'==== the No is not numeric. Add the new user to the ====
'==== database. ====
'==== ====
'==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
'========================================================================
'========================================================================
'------------------------------------------------------------------------
' Declarations
'------------------------------------------------------------------------
Dim Conn, UserSQL, UserRecordSet, ConnString
Dim NewName, NewNo, NewPassword
'------------------------------------------------------------------------
' Initializations
'------------------------------------------------------------------------
Counter = 1
NewName = Request("NewName")
NewNo = Request("NewNo")
NewPassword = Request("NewPassword")
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Name
'------------------------------------------------------------------------
If ( Len(NewName) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field Name"
Response.Redirect "Error.asp"
End If
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A No
'------------------------------------------------------------------------
If ( Len(NewNo) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field No"
Response.Redirect "Error.asp"
End If
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Password
'------------------------------------------------------------------------
If ( Len(NewPassword) = 0 ) Then
Session("Error") = "You Have Not Entered Data In Field Password"
Response.Redirect "Error.asp"
End If
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Numeric Value
'------------------------------------------------------------------------
If ( NOT IsNumeric(NewNo) ) Then
Session("Error") = "You Have Not Entered a Numerical Value For No"
Response.Redirect "Error.asp"
End If
'------------------------------------------------------------------------
' Create The Console Object & MapPath Connection To The Server
'------------------------------------------------------------------------
'Create a Connection Object
Set Conn = Server.CreateObject("ADODB.Connection")
ConnString = "DBQ=" & Server.MapPath("../../../Security.mdb")
Conn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & ConnString
'------------------------------------------------------------------------
' Add The Record To The Database
'------------------------------------------------------------------------
UserSQL = " INSERT INTO Users (Name, No, Password) " &_
" VALUES (" &_
"'" & NewName & "', " &_
NewNo & ", " &_
"'" & NewPassword & "' " &_
")"
Set UserRecordSet = Server.CreateObject ("ADODB.RecordSet")
UserRecordSet.Open UserSQL, Conn, AdOpenDynamic, AdLockOptimistic
%>
<html><head>
<title>Dr. Thomas E. Hicks - AddSecurityUserConfirmation.asp </title>
</head>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER>
<font face="Arial" size="4">AddSecurityUserConfirmation.asp<br>
Written By<br>
Dr. Thomas E. Hicks</font></p>
</CENTER>
<hr>
<p><font color="#FF0000" face="Arial">
<% = NewName %> has been added to the database! </font></p>
</BODY></HTML>
|
You can see the results below:
The complete code may be found below.
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<% Response.Expires = 0 %>
<!-- #include virtual = "../Common/adovbs.inc" --> <%
'=========================================================================
'=========================================================================
'==== ====
'==== Written By : Dr. Thomas E. Hicks ====
'=========================================================================
'=========================================================================
%>
<HTML><BODY BACKGROUND = "Paper.jpg">
<HR>
<CENTER><p align="center"><b><font size=+0 color="#660033">
<% = Session("Error") %><br></font></b>
<FORM METHODb=b"POST">
<INPUT TYPE = "BUTTON"
VALUE = " Take Me Back To Correct The Problem "
OnClick = "history.go( -1 ); return true;">
</FORM>
<HR></CENTER></BODY></HTML>
|