Click here to Skip to main content
Click here to Skip to main content

ASP.NET Guestbook using MS Access

, 16 Mar 2004
Rate this:
Please Sign up or sign in to vote.
Shows an easy way of building a guestbook using ADO.NET and Access

Sample Image - myaspnetguestbook.jpg


This project shows an easy way to create a guestbook built using ASP.NET. Access database is used to store the data. ADO.NET is used to access the data on the server. To format the data, I use the Repeater control that comes with Visual Studio .NET.


The guestbook is split into two pages, one where the user can write in the guestbook and the other shows a log of all the guestbook entries.

Using the code

In order to be able to access data through a website, you'll have to include these two lines of code on every page you want to use data access methods:

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDB" %>

I'm first going to describe the one where the user writes to the guestbook. The code needed to create the connection to the database looks like this:

sub OnBtnSendClicked (s As Object, e As EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                    & server.mappath("guestbook.mdb") & ";" 
    Dim MySQL as string = "INSERT INTO Guestbook " & _ 
       "(Name, EMail, URL, Comment) VALUES " & _
       "('" & txtName.Text & "','" & txtEMail.Text & "','" _ 
       & txtURL.Text & "','" & txtComment.Text & "')" 
    Dim MyConn as New OleDBConnection (strConn) 
    Dim cmd as New OleDBCommand (MySQL, MyConn) 
    MyConn.Open () 
    cmd.ExecuteNonQuery () 
    MyConn.Close () 
    Response.Redirect ("guestlog.aspx") 
end sub

This function executes when the user selects the "Send" button. It creates a connection with the server and then adds what the user typed in the form to the database, using the INSERT INTO statement. The txtName.Text retrieves the context of the Name field and adds it to the command. The other fields are retrieved exactly the same. You can see the code for the form in the source file, that comes with this article.

After the function has added the new record, the user is redirected to the log page, where he can see all the other entries in the guestbook. Now we are going to look at the page, that displays the entries of the guestbook (database).

This function executes whenever the page is loaded (or refreshed). It creates a connection with the database, and binds the data to the Repeater control. The Repeater control is formatted elsewhere in the file, a great way to separate data and logic.

Sub Page_Load (Source As Object, E as EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                & server.mappath("guestbook.mdb") & ";"
    Dim MySQL as string = "SELECT Name, EMail, URL, Comment FROM Guestbook"
    Dim MyConn as New OleDBConnection (strConn)
    Dim Cmd as New OleDBCommand (MySQL, MyConn)
    MyConn.Open ()
    rptGuestbook.DataSource = _ 
End Sub

You can see the code for the Repeater in the source file, but one interesting thing that I used is to automatically create a link to the website the user provided in the form. That is done using the Hyperlink control that comes with Visual Studio .NET.

Points of Interest

I hope this article has shown you how easy it is to create a simple guestbook in a very short time. Of course, you may like to format the output differently. I didn't spend much time on the design of the interface, but instead concentrated on the logic. I haven't included any error checking, in order to make the code as simple as possible.

If you understand the theory behind this guestbook, you can move on to some more complex things using ASP.NET. I hope you enjoyed this as much as I have! - Good luck!

Update 16.03.2004

This article talks about the "Operation must use an updateable query" problem, that many people are having.


This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

Comments and Discussions

GeneralError Code Pinmemberseangheng19-Jul-09 21:40 
GeneralASP.NET login page Pinmemberkholiwe4-Apr-07 23:28 
GeneralRe: ASP.NET login page Pinmemberhafizakahbk24-Jul-07 16:46 
QuestionHelp Pinmemberasifahaniff20-Aug-06 6:38 
GeneralBlank Log view page Pinmemberfredtbx19-Jan-06 5:08 
GeneralRe: Blank Log view page PinmemberGabriel8219-Apr-07 12:23 
GeneralNext Page Pinmembershlvy12-Aug-04 7:50 
GeneralSecurity PinmemberJeffrey Sax17-Mar-04 20:01 
Nicely done!
I would like to point out a security issue in your code as it stands: SQL code injection.
In a nutshell: because you are building your SQL statement by hand (not using a stored procedure), and you are pasting the contents of the form controls straight into your SQL statement, you are leaving an opening for a malicious guest to run arbitrary SQL code on your database.
A short discussion can be found on CP here[^]. MSDN also did a Webcast[^] on the subject.

Everything should be as simple as possible, but not simpler.
    -- Albert Einstein
GeneralRe: Security PinmemberTony Truong18-Mar-04 13:40 
GeneralRe: Security PinmemberJeffrey Sax18-Mar-04 18:18 
GeneralRe: Security PinmemberTony Truong22-Mar-04 9:28 
GeneralRe: Security PinsussAnonymous27-May-05 23:03 
GeneralRunTimeError Pinmembersashy28-Feb-04 6:39 
GeneralRe: RunTimeError PinmemberArniG4-Mar-04 11:47 
GeneralAdding a search option to this Pinmemberdal20613-Apr-03 17:22 
GeneralGot errors Pinmemberxiaosong17-Feb-03 17:52 
GeneralRe: Got errors PinmemberTiger Woods18-Feb-03 22:57 
GeneralRe: Got errors Pinmemberxiaosong19-Feb-03 12:11 
GeneralRe: Got errors PinsussAnonymous14-Jun-03 9:01 
GeneralRe: Got errors PinsussAnonymous14-Jun-03 9:16 
GeneralRe: Got errors PinsussMichelle_ho8-Mar-04 4:41 
GeneralRe: Got errors PinmemberArniG16-Mar-04 3:41 
GeneralOther similar articles PinsitebuilderUwe Keim18-Jan-03 2:06 
Questionwrong category? PinmemberSteve McLenithan17-Jan-03 10:48 
AnswerRe: wrong category? + ... PinmemberSteve McLenithan17-Jan-03 10:51 
GeneralRe: wrong category? + ... PinmemberTiger Woods17-Jan-03 11:07 
GeneralRe: wrong category? + ... PinmemberTiger Woods17-Jan-03 11:15 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web04 | 2.8.150326.1 | Last Updated 17 Mar 2004
Article Copyright 2003 by Dilbert2004
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid