Tutorial:
Database - ASP - Search Security Users By Name With Access Database
Dr.
Thomas E. Hicks
Computer Science
Department
Trinity University
IIS 5 Install on Windows XP Pro
IIS 5 Installation on Windows 2000 Pro/Server
It might even help to read a tutorial that describes the need for Database Web Applications.
Database Need For Web Applications
You may use the basic ideas of this tutorial for either the ODBC connection or the MapPath connection..
Database - ASP - ODBC Connections
Database - ASP - MapPath Connections
For purposes of discussion, let us suppose that an Access Database, called Security.mdb, resides at the root of drive C. (See Below!) When a database is installed on the web server, the necessary ODBC drivers are also installed. If the web server does not have the database installed, then the ODBC drivers will have to be downloaded and installed; this process differs from database to database and is beyond the scope of this paper. Microsoft Access and the appropriate ODBC drivers have been installed on the server illustrated below.
The Security Database is opened and the Tables tab is selected; in order to keep our example simplistic, the Security Database has only a single table, called Users. The contents of our very simple Users table can be seen below.
Each record in the Users table contains fields Name, No, Password, and IDNo; these will be needed later.
The datatypes of each field may be seen below.
The Security Database above was is ultra trivial application which had only one database table. Relational databases often have many tables; this is true of Access databases as well. This database may be downloaded.
We are going to place all of the ASP files in folder C:\Inetpub\wwwroot\ASP. We could place the database files anywhere on the drive. For security reasons, it is not a good idea to place them in the wwwroot directory.
For purposes of this tutorial, we shall assume that the Security database files are located in C:\Security. For purposes of this tutorial, we shall assume that the Security database is located in C:\.
The first page shall be called SearchSecurityUserByName.asp. It shall be the responsibility of this page to prompt the user for a SoughtName and transfer processing control to the second page.
The second page shall be called SearchSecurityUserByNameConfirmation.asp. It shall be the responsibility of this page to display all of the Users that match the SoughtName. Control shall pass to a generic Error.asp page in the event that the SoughtName is blank. Control shall also pass to Error.asp if there are no users with SoughtName.
<%@ LANGUAGE = VBScript %> |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of ASP code begin with <% and end with %>.
<% Option Explicit %> |
This line of ASP code forces the programmer to explicitly declare each and every variable.
<% Response.Expires = 0 %> |
This line of ASP reloads the most recent database data each time the page is refreshed.
<!-- #include virtual = "../../Common/adovbs.inc" --> |
Variables, such as AdOpenDynamic and AdLockOptimistic are defined in the adovbs.inc file. I keep a copy of this file in folder C:\Inetpub\WWWRoot\Common.
<% '======================================================================== '======================================================================== '==== SearchSecurityUserByName.asp ==== '======================================================================== '==== ==== '==== Purpose : Prompt the user for the User Name & transfer ==== '==== to page SearchSecurityUserByNameConfirmation.asp ==== '==== for processing. ==== '==== ==== '==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== '======================================================================== '======================================================================== |
The documentation block provides a brief statement of purpose.
<html> <head><title>Dr. Thomas E. Hicks - SearchSecurityUserByName.asp </title></head> |
The HTML places Dr. Thomas E. Hicks - SearchSecurityUserByName.asp in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER><FONT FACE ="Arial" SIZE="4">SearchSecurityUserByName.asp<BR> Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR> <hr> |
The HTML code above creates the following commercial at the top of the page.
SearchSecurityUserByName.asp
Written By
Dr. Thomas E. Hicks
<FORM METHOD = "GET"
ACTION = "SearchSecurityUserByNameConfirmation.asp">
|
This is a standard HTML form which shall provide the user an opportunity to enter information and submit/transfer that information to page SearchSecurityUserByNameConfirmation.asp.
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
|
A table shall be used to organize the prompts, buttons, and input boxes.
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Display Users With Name
<INPUT TYPE = "Text"
VALUE = ""
NAME = "SoughtName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
|
In the first row of the table shall be a prompt ==> Display Users With Name ==> and a 20 character text box in which to enter the information.. Note that the name of the textbox is SoughtName; the get method will transfer this information to the confirmation page.
<TR><TD>
<INPUT TYPE = "SUBMIT"
VALUE = "Display all Users With This Name Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
The second row of the table shall contain a blue submit button whose caption is Display All Users With This Name Now! The remainder of the HTML code above simply ends the table, the form, the body, and the document.
The complete code may be found below. A working model may be found at
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<% Response.Expires = 0 %>
<!-- #include virtual = "../../Common/adovbs.inc" -->
<%
'========================================================================
'========================================================================
'==== SearchSecurityUserByName.asp ====
'========================================================================
'==== ====
'==== Purpose : Prompt the user for the User Name & transfer ====
'==== to page SearchSecurityUserByNameConfirmation.asp ====
'==== for processing. ====
'==== ====
'==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
'========================================================================
'========================================================================
%>
<html>
<head><title>Dr. Thomas E. Hicks - SearchSecurityUserByName.asp</title></head>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER><FONT FACE ="Arial" SIZE="4">SearchSecurityUserByName.asp<BR>
Written By<BR>Dr. Thomas E. Hicks</FONT></CENTER><HR>
<FORM METHOD = "GET"
ACTION = "SearchSecurityUserByNameConfirmation.asp">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
ALIGN = "Center">
<TR><TD ALIGN = "Right"><FONT FACE ="Arial" SIZE="3" COLOR = "#0000FF"><B>
Display Users With Name
<INPUT TYPE = "Text"
VALUE = ""
NAME = "SoughtName"
SIZE = 20
MAXSIZE = 20></B></FONT>
</TD></TR>
<TR><TD>
<INPUT TYPE = "SUBMIT"
VALUE = "Display all Users With This Name Now!"
STYLE = "BACKGROUND=BLUE; COLOR=#FFFFFF ;CURSOR=hand;
FONT-FAMILY ='SYSTEM';FONT-SIZE=10pt">
</TD></TR>
</TABLE></FORM>
</BODY></HTML>
|
You can see the results below:
<%@ LANGUAGE = VBScript %> |
The server will have one default scripting language. This may or may not be VBScript. This line makes sure that the scripting language is VBScript. Blocks of ASP code begin with <% and end with %>.
<% Option Explicit %> |
This line of ASP code forces the programmer to explicitly declare each and every variable.
<% Response.Expires = 0 %> |
This line of ASP reloads the most recent database data each time the page is refreshed.
<!-- #include virtual = "../../Common/adovbs.inc" --> |
Variables, such as AdOpenDynamic and AdLockOptimistic are defined in the adovbs.inc file. I keep a copy of this file in folder C:\Inetpub\WWWRoot\Common.
<% '======================================================================== '======================================================================== '==== SearchSecurityUserByNameConfirmation.asp ==== '======================================================================== '==== ==== '==== Purpose : Transfer to page Error.asp and report error if ==== '==== user does not enter the Sought Name. Transfer ==== '==== to page Error.asp and report error if the ==== '==== search comes up empty. Display all users that ==== '==== match the search query. ==== '==== ==== '==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ==== '======================================================================== '======================================================================== '------------------------------------------------------------------------ ' Declarations '------------------------------------------------------------------------ Dim Conn, UserSQL, UserRecordSet, ConnString, Counter Dim SoughtName |
The documentation block provides a brief statement of purpose. Immediately following the documentation block are declarations for all of the variables used on this page.
'------------------------------------------------------------------------
' Initializations
'------------------------------------------------------------------------
Counter = 1
SoughtName = request("SoughtName")
|
Counter is initialized to 1. It shall be used to number the rows/records in the table.
SoughtName is filled with the value passed from the SoughtName text box of the SearchSecurityUserByName.asp page. This is standard HTML form processing. If the user enters Tom in the SoughtName input box, you can see that it is passed to the confirmation form in the URL address below.
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Name
'------------------------------------------------------------------------
If ( Len(SoughtName) = 0 ) Then
Session("Error") = "You have not entered a Valid Name"
Response.Redirect "Error.asp"
End If
|
If the user fails to enter a SoughtName, then the length will be zero. A successful search requires the SoughtName to be greater than zero. In the event that the user leaves the SoughtName blank, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
'------------------------------------------------------------------------
' Create The Console Object & MapPath Connection To The Server
'------------------------------------------------------------------------
'Create a Connection Object
Set Conn = Server.CreateObject("ADODB.Connection")
ConnString = "DBQ=" & Server.MapPath("../../../Security.mdb")
Conn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & ConnString
|
The block of code above connects this page to the Security database. A connection object is created. Variable ConnString contains part of the connection arguments. The Conn.Open opens the Security database and associates it with the connection object.
'------------------------------------------------------------------------
' Read All Of The User Information
'------------------------------------------------------------------------
UserSQL = " Select * " &_
" From Users " &_
" Where Name = '" & SoughtName & "'"
Set UserRecordSet = Server.CreateObject ("ADODB.RecordSet")
UserRecordSet.Open UserSQL, Conn, AdOpenDynamic, AdLockOptimistic
|
The SQL query is to select all of the information about those users whose Name matches the SoughtName. The UserRecordSet object is created and filled with those matches, if any.
'------------------------------------------------------------------------
' Transfer To Page Error If There Are No Query Matches
'------------------------------------------------------------------------
If ( UserRecordSet.EOF ) Then
Session("Error") = "We Are Unable To Find Any Users With This Name"
Response.Redirect "Error.asp"
End If
|
If the user enters a SoughtName that is not found in the Users table, then the record set will be empty and EOF will be true. In the event that the query is unsuccessful, a session variable, describing the error, is created and the generic Error.asp is loaded to display the error.
<html><head> <title>Dr. Thomas E. Hicks - SearchSecurityUserByNameConfirmation.asp </title> </head> |
The HTML places Dr. Thomas E. Hicks - SearchSecurityUserByNameConfirmation.asp in the browser title bar.
<BODY TEXT = "#000000" BGCOLOR = "#000000" VLINK ="#000000" ALINK ="#000000" BACKGROUND ="Paper.jpg"> |
This HTML code above defines the page background, the default text color, the default background color, and the default link colors.
<CENTER> <font face="Arial" size="4">SearchSecurityUserByNameConfirmation.asp<br> Written By<br> Dr. Thomas E. Hicks</font></p> </CENTER> <hr> |
The HTML code above creates the following commercial at the top of the page.
SearchSecurityUserByNameConfirmation.asp
Written By
Dr. Thomas E. Hicks
<!-- ================================================================ --> <!-- Display Users In The Table --> <!-- ================================================================ --> <font face="System" size="3" color="#FFFFFF"> <TABLE BORDER = "5" CELLPADDING = "4" CELLSPACING = "4" STYLE = "border-collapse: collapse" BORDERCOLOR = "#800000" BGCOLOR = "#FFFFFF" WIDTH = "100%" ID = "UserTable"> |
Although it is not essential, we are going to display the information from the database in a traditional HTML table. The code above establishes the format for this table.
<!-- ================================================================ --> <!-- Title Bar Row --> <!-- ================================================================ --> <TR><TD ALIGN = "Right"> <CENTER> <font color="#000080">#</font></CENTER></TD> <TD ALIGN = "Left"> <font color="#000080">Name</font></TD> <TD ALIGN = "Right"> <CENTER> <font color="#000080">No</font></CENTER></TD> <TD ALIGN = "Left"> <font color="#000080">Phone</font></TD> </TR> |
The HTML code above creates the following Table Title Bar in the first row of the table.
# |
Name | No |
Phone |
<% Do While NOT UserRecordSet.EOF %> |
If the query is successful, the record set will contain information returned from the server. The record set pointer initially points to the first record in the record set. This record set point can be moved through the record set.
We would like to display the information from the current record in a row of our table and then move this record set pointer to the next record. This process shall continue in a Do While loop until the end of file is reached.
The basic form for the ASP Do While
Loop is :
Do While [Condition]
...........
Loop
<!-- ================================================================ -->
<!-- One Row Per Record -->
<!-- ================================================================ -->
<TR>
<TD ALIGN = "Center"> <% = Counter %> </TD>
<TD ALIGN = "Left"> <% =UserRecordSet.Fields("Name") %> </TD>
<TD ALIGN = "Center"> <% =UserRecordSet.Fields("No") %> </TD>
<TD ALIGN = "Left"> <% =UserRecordSet.Fields("Phone") %> </TD>
</TR>
|
All of the code from the block above dumps output into a single row of the HTML table. A Counter is displayed in the first column. The current record's Name is placed in the second column. The current record's No is placed in the third column. The current record's Phone is placed in the fourth column.
<%
Counter = Counter + 1
UserRecordSet.MoveNext
Loop
%>
|
Counter is simply a counter to
number the records; it is incremented each pass through the loop.
The record set pointer is moved to the next record.
Loop transfers control back to the Do While statement and repeats the block of
code within the loop untill the condition is no longer true. This loop
terminates when the record set pointer reaches the end of file.
</TABLE> </BODY></HTML> |
The HTML code above simply ends the table, the body, and the document.
The complete code may be found below. A working model may be found at
<%@ LANGUAGE = VBScript %>
<% Option Explicit %>
<% Response.Expires = 0 %>
<!-- #include virtual = "../../Common/adovbs.inc" -->
<%
'========================================================================
'========================================================================
'==== SearchSecurityUserByNameConfirmation.asp ====
'========================================================================
'==== ====
'==== Purpose : Transfer to page Error.asp and report error if ====
'==== user does not enter the Sought Name. Transfer ====
'==== to page Error.asp and report error if the ====
'==== search comes up empty. Display all users that ====
'==== match the search query. ====
'==== ====
'==== Written By : Dr. Thomas E. Hicks Date: 6/1/2003 ====
'========================================================================
'========================================================================
'------------------------------------------------------------------------
' Declarations
'------------------------------------------------------------------------
Dim Conn, UserSQL, UserRecordSet, ConnString, Counter
Dim SoughtName
'------------------------------------------------------------------------
' Declarations
'------------------------------------------------------------------------
Counter = 1
SoughtName = request("SoughtName")
'------------------------------------------------------------------------
' Transfer To Page Error If User Does Not Enter A Name
'------------------------------------------------------------------------
If ( Len(SoughtName) = 0 ) Then
Session("Error") = "You have not entered a Valid Name"
Response.Redirect "Error.asp"
End If
'------------------------------------------------------------------------
' Create The Console Object & MapPath Connection To The Server
'------------------------------------------------------------------------
'Create a Connection Object
Set Conn = Server.CreateObject("ADODB.Connection")
ConnString = "DBQ=" & Server.MapPath("../../../Security.mdb")
Conn.Open "DRIVER={Microsoft Access Driver (*.mdb)}; " & ConnString
'------------------------------------------------------------------------
' Read All Of The User Information
'------------------------------------------------------------------------
UserSQL = " Select * " &_
" From Users " &_
" Where Name = '" & SoughtName & "'"
Set UserRecordSet = Server.CreateObject ("ADODB.RecordSet")
UserRecordSet.Open UserSQL, Conn, AdOpenDynamic, AdLockOptimistic
'------------------------------------------------------------------------
' Transfer To Page Error If There Are No Query Matches
'------------------------------------------------------------------------
If ( UserRecordSet.EOF ) Then
Session("Error") = "We Are Unable To Find Any Users With This Name"
Response.Redirect "Error.asp"
End If
%>
<html><head>
<title>Dr. Thomas E. Hicks - SearchSecurityUserByNameConfirmation.asp </title>
</head>
<BODY TEXT = "#000000"
BGCOLOR = "#000000"
VLINK ="#000000"
ALINK ="#000000"
BACKGROUND ="Paper.jpg">
<CENTER>
<font face="Arial" size="4">SearchSecurityUserByNameConfirmation.asp<br>
Written By<br>
Dr. Thomas E. Hicks</font></p>
</CENTER>
<hr>
<!-- ================================================================ -->
<!-- Display Users In The Table -->
<!-- ================================================================ -->
<font face="System" size="3" color="#FFFFFF">
<TABLE BORDER = "5"
CELLPADDING = "4"
CELLSPACING = "4"
STYLE = "border-collapse: collapse"
BORDERCOLOR = "#800000"
BGCOLOR = "#FFFFFF"
WIDTH = "100%"
ID = "UserTable">
<!-- ================================================================ -->
<!-- Title Bar Row -->
<!-- ================================================================ -->
<TR><TD ALIGN = "Right">
<CENTER> <font color="#000080">#</font></CENTER></TD>
<TD ALIGN = "Left"> <font color="#000080">Name</font></TD>
<TD ALIGN = "Right">
<CENTER> <font color="#000080">No</font></CENTER></TD>
<TD ALIGN = "Left"> <font color="#000080">Password</font></TD>
<TD ALIGN = "Left"> <font color="#000080">ID #</font></TD>
</TR>
<%
Do While NOT UserRecordSet.EOF
%>
<!-- ================================================================ -->
<!-- One Row Per Record -->
<!-- ================================================================ -->
<TR>
<TD ALIGN = "Center"> <% = Counter %> </TD>
<TD ALIGN = "Left"> <% = UserRecordSet.Fields("Name") %> </TD>
<TD ALIGN = "Center"> <% = UserRecordSet.Fields("No") %> </TD>
<TD ALIGN = "Left"> <% = UserRecordSet.Fields("Password") %> </TD>
<TD ALIGN = "Left"> <% = UserRecordSet.Fields("IDNo") %> </TD>
</TR>
<%
Counter = Counter + 1
UserRecordSet.MoveNext
Loop
%>
</TR>
</TABLE>
</BODY></HTML>
|
You can see the results below:
The complete code may be found below.
<%@ LANGUAGE = VBScript %> <% Option Explicit %> <% Response.Expires = 0 %> <!-- #include virtual = "../Common/adovbs.inc" --> <%
'=========================================================================
'=========================================================================
'==== ====
'==== Written By : Dr. Thomas E. Hicks ====
'=========================================================================
'=========================================================================
%>
<HTML><BODY BACKGROUND = "Paper.jpg">
<HR>
<CENTER><p align="center"><b><font size=+0 color="#660033">
<% = Session("Error") %><br></font></b>
<FORM METHODb=b"POST">
<INPUT TYPE = "BUTTON"
VALUE = " Take Me Back To Correct The Problem "
OnClick = "history.go( -1 ); return true;">
</FORM>
<HR></CENTER></BODY></HTML>
|