department of computer science 1 web/database integration with active server pages 17 may 2000 seree...

Department of Computer Science 1

Web/Database Integration with Active Server Pages

• 17 May 2000• Seree Chinodom• Computer Science Department


Aim of Course

• Provide Introduction to Active Server Pages technology.

• Demonstrate how to produce interactive Web Pages.

• Demonstrate how to develop Web-based interfaces to databases.


Course Structure

• Slides and example code.• “Hands-on” development of applications using

example databases.


ASP can be used to

• Develop interactive Web applications• Process HTML forms• Interface with databases

– Search– Add records– Modify records– Delete records


What is an Active Server Page?

• Text file containing– Scripting language and– standard HTML

• Resides on Web server• Processed by Web server when called by

browser.


An ASP contains...

• 1. Scripting language code– Default is VBScript– can use Jscript, Perl

• 2. HTML• VBScript contained in <% %>• Browser sees only HTML

– Server side scripting– Browser independent


What do we need to run ASP?

• Web server– Microsoft NT running IIS version 3 or later– Windows 95 running PWS– Other platforms?

• ASP is a component of the Web Server• Server configuration

– Directory containing ASPs must have Execute rights.


Why use Active Server Pages?

• Easy to develop applications• No extra software required• Powerful and flexible• Browser independent

• Why Not use ASP?– Runs only on Microsoft platforms– Requires programming skills


Running an Active Server Page

• Make sure file is in an “executable” directory• Enter URL of ASP in browser e.g.

– http://nt2.ec.man.ac.uk/course/example.asp

• Only difference from static Web pages– Active server page has extension .asp


VBScript

• Subset of Visual Basic• Has all the standard constructs

– Decisions, Looping, Arrays,Functions

• Scripting language NOT a programming language– variables need not be declared.

• Online help– Roadmap.– Contains full VBScript reference.


Variables

• Assigned in standard wayX=24

• One data type - variant - handles all.• Therefore the following is valid

X=24

x=“Some words”


Outputting Variable Values

• <% = variable_name%>

<%

…

veg=“potato”

…

%>

The value of veg is <B><%=veg%><B>

The value of veg is potato


Operators

• Arithmetic+ add

- subtract

* multiply

/ divide

^ exponent

• LogicalAND NOT OR

• String ConcatenationMyName = surname & “, ” & forenames


Commenting Code

‘ This is a comment

REM so is this

REMEMBER

always comment your code!


Decisions• If…Then

<% If X<0 Then

%>

<B>Negative Number</B>

<%

End If

%>

• If..Then…Else• If…Then…ElseIf


Do...While Loop

• Allows us to repeat statements

X=10

Do While X > 0

%>

<B><%=X%></B><BR>

<%

X = X - 1

Loop


For…Next Loop

<%

FOR I = 1 TO 5

%>

<B><%=I%></B><BR>

<%

NEXT

%>


Built-in Functions• Functions take argument(s) and return a

valueMyWord="potato"

X=Len(MyWord)

MyWord is argument Len is function

• Functions for– string manipulation– mathematics – date and time– see Language Reference > Functions


User Created Procedures - Sub

• Subs take arguments but do not return values

Sub do_string(MyString)

%>

The original string:<% =MyString %><BR>

The uppercased string:<% =Ucase(MyString)%><BR>

Number of Characters:<% =Len(MyString) %><BR>

<%

End Sub

Call do_string("Now is the winter of our discontent")

do_string "Now is the winter of our discontent”


User Created Procedures - Function

• Functions take arguments and can return values.

Function Convert(Faren) Convert = (Faren - 32) * 5 / 9

End Function

• To use it

Temp = Convert(212)


Arrays - defining

• So far we have dealt with scalar variables.– a scalar variable stores one piece of data

• An array is a variable which contains one or more pieces of data

• Arrays are made up of elements– each element stores one piece of data

• Must Declare arrays– DIM MyArray(20)– MyArray can have up to 21 elements


Arrays - using

• To add elements to an Array

MyArray(0)=3

MyArray(4)=“Hello”

• To reference

<%=MyArray(4)%>


Reading and Writing Files

• Can use VBScript to read from and write to text files.

• Note that the Web server use rname will need to have appropriate file system permissions.

Including Files

• Can use include files in VBScript– Useful for Footers, Headers, Functions



• The code in header.inc will be placed in our ASP when executed.

• Need to include the relative path of the include file.


HTML Forms

• Needed for user interaction.• Can be static Web page or generated by

Active Server Page.• Latter allows more flexibility.


Defining a Form<FORM METHOD=“POST | GET”

ACTION=“path_of_Active_Server_Page”>

Form controls

</FORM>

• Method parameter specifies how the form data is sent to the server. Can use GET or POST.

• Action parameter specifies name and location of the ASP which will process the form data.


Form Controls

• Forms are populated with controls– Text boxes, drop-down menus, radio buttons

• Each control will have a name (as specified in the HTML) and a value (entered by the user)

• The name and value of each control is bundled and sent to the server to be processed by the ASP.

• Data is sent in a Query Stringsurname=smith&forenames=David+John&gender=1

• e.g. Form.html


Text Box Control

• HTML for a text box:

<INPUT TYPE="TEXT | PASSWORD”

NAME="name_of_control”

[VALUE="default_text"]

[SIZE="width_in_characters"]

MAXLENGTH="width_in_characters"] >

<INPUT TYPE="TEXT" NAME="surname” MAXLENGTH="30">


Radio Button

• HTML for a radio button<INPUT TYPE=“RADIO”

NAME=“name_of_control”

VALUE=“value” [CHECKED]>

• Usually grouped<INPUT TYPE="RADIO" NAME="pay_by" VALUE="VISA">

Visa<BR>

<INPUT TYPE="RADIO" NAME="pay_by" VALUE="ACCESS"> Access<BR>

• Query string will bepay_by=VISA or pay_by=ACCESS


Hidden Controls

• HTML for a Hidden control

<INPUT TYPE=“HIDDEN” NAME=“name_of_control” VALUE="value">

• Does not appear on form.• Value can’t be changed by user.• Useful for passing values in a chain of ASPs.


Sending Form Data

• Submit Button

<INPUT TYPE="SUBMIT"

[NAME="name_of_control"]

[VALUE="button_text"]>

• On clicking the submit button data is sent to server

• Option name parameter allows use of multiple submit buttons.


Processing the Form Data

• The VBScript Request Object– allows access to

• Query String data• Server Variables

• Query String DataRequest("control_name")

<% =Request("surname") %>– returns value of the surname control– e.g. Personal.html


Server Variables

• Can also be accessed via Request objectRequest.Server_Variable(“variable_name”)

• Can return some useful information– Client IP address– Browser type– e.g. form.html

• See documentation for full list (browser dependent)– Object Reference > Request Object


HTML Form Examples

• Processing form data– Example age.html calls age.asp

• Self Calling ASP– newage.asp– useful for validation– compact


The Session Object

• Web stateless– one-off transaction– but applications need to keep user-entered data

• Can use Hidden fields or more usefully Session Object

• Session Object - Server stores session variable values.


Structured Query Language (SQL)

• Used by ASP to query database• Standard database querying language• Four main SQL commands

– SELECT– INSERT– UPDATE– DELETE


SQL - SELECTSELECT surname,email FROM students

• Returns surname and email of all students

SELECT surname FROM students WHERE degree_code=‘6500’

• Returns surname of all students who have a degree code of 6500

SELECT * FROM students WHERE degree_code='6500' OR surname='Faye’

• Returns all details of students who have a degree code of 6500 or surname of Faye.


SQL - SELECT 2

SELECT * FROM students WHERE forename LIKE ‘sa*’

• Returns all details of students who have a forename starting sa

• using LIKE ‘*sa*’ would return students having the characters sa anywhere within their forename.


SQL - INSERT

• Used to add records to a table

INSERT INTO students (reg_number,surname,forename,degree_code)

VALUES (979924,'Blair','Tony','6500')

• Text data needs to be enclosed in single quotes.


SQL - UPDATE

• The UPDATE statement allows us to modify existing records in a table.

UPDATE students SET forename="Peter" WHERE reg_number=981234

• changes the forename of the specified student.


SQL - DELETE• Allows us to delete records from a table

DELETE FROM students WHERE degree_code='2550’

• Deletes all students who have a degree code of 2550.

• Generating SQL– SQL can get complex– Use MS-Access Query tool to generate SQL and

paste this into your VBScript.


ODBC• Object Database Connectivity• ASP does not talk directly to the database but via

ODBC.• Standard interface between applications and

databases. • ODBC driver required for each database package.• Need to register database within ODBC with a Data

Source Name (DSN)• ASP uses the DSN to reference the database.• Type of database and its location is invisible to ASP.


Connecting to a database

• Create ODBC entry for database• In VBScript

– Create instance of database component.– Open a connection to the database.– Create an instance of the Recordset.– Execute the SQL statement and store the result.

• Example– simpledb.asp


Accessing a RecordsetDo While Not RSlist.EOF

%>

<%=RSlist("Title")%>, <%=RSlist("Artist")%><BR>

<%

RSlist.Movenext

Loop

%>• The EOF (end of file) property of the recordset is True when the

last record has been passed.• We reference a field in the recordset by

– recordset_name(“field_name”)

• The Movenext method moves the pointer to the next record in the recordset.

• The Recordcount property returns the number of records.


Using Forms to Query Databases

• Using a text box with a WHERE clause– artist.html calls artist.asp

• Using Radio buttons with a WHERE clause– format.html calls format.asp

• Populating Controls– subject.asp calls list.asp

• Drill-down– newsubject.asp calls newlist.asp calls

bookdetails.asp


Adding Records

• Adding Records– addcds.html calls addcds.asp

• Error Handling– Need to provide helpful error messages– erroradd.html and erroradd.asp

• Validating Data– preventing errors occurring– checkadd.html and checkadd.asp– quote.html and quote.asp


Deleting and Updating Records

• Deleting Records– Use SQL DELETE command– deletecd.asp calls deleteme.asp

• Updating Records– Use SQL UPDATE command– listmod.asp calls changeme.asp calls update.asp


Summary

• What we’ve covered– Creating and running ASPs– Using HTML forms with ASPs– Interfacing with databases - searching and

modifying

• What we’ve not covered– security– efficiency

department of computer science 1 web/database integration with active server pages 17 may 2000 seree...

Documents