Click here to Skip to main content
11,496,146 members (7,673 online)
Click here to Skip to main content

ASP.NET Guestbook using MS Access

, 16 Mar 2004 567K 5.7K 52
Shows an easy way of building a guestbook using ADO.NET and Access
The site is currently in read-only mode for maintenance. Posting of new items will be available again shortly.

Sample Image - myaspnetguestbook.jpg

Introduction

This project shows an easy way to create a guestbook built using ASP.NET. Access database is used to store the data. ADO.NET is used to access the data on the server. To format the data, I use the Repeater control that comes with Visual Studio .NET.

Background

The guestbook is split into two pages, one where the user can write in the guestbook and the other shows a log of all the guestbook entries.

Using the code

In order to be able to access data through a website, you'll have to include these two lines of code on every page you want to use data access methods:

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDB" %>

I'm first going to describe the one where the user writes to the guestbook. The code needed to create the connection to the database looks like this:

sub OnBtnSendClicked (s As Object, e As EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                    & server.mappath("guestbook.mdb") & ";" 
    Dim MySQL as string = "INSERT INTO Guestbook " & _ 
       "(Name, EMail, URL, Comment) VALUES " & _
       "('" & txtName.Text & "','" & txtEMail.Text & "','" _ 
       & txtURL.Text & "','" & txtComment.Text & "')" 
    Dim MyConn as New OleDBConnection (strConn) 
    Dim cmd as New OleDBCommand (MySQL, MyConn) 
    MyConn.Open () 
    cmd.ExecuteNonQuery () 
    MyConn.Close () 
    Response.Redirect ("guestlog.aspx") 
end sub

This function executes when the user selects the "Send" button. It creates a connection with the server and then adds what the user typed in the form to the database, using the INSERT INTO statement. The txtName.Text retrieves the context of the Name field and adds it to the command. The other fields are retrieved exactly the same. You can see the code for the form in the source file, that comes with this article.

After the function has added the new record, the user is redirected to the log page, where he can see all the other entries in the guestbook. Now we are going to look at the page, that displays the entries of the guestbook (database).

This function executes whenever the page is loaded (or refreshed). It creates a connection with the database, and binds the data to the Repeater control. The Repeater control is formatted elsewhere in the file, a great way to separate data and logic.

Sub Page_Load (Source As Object, E as EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                & server.mappath("guestbook.mdb") & ";"
    Dim MySQL as string = "SELECT Name, EMail, URL, Comment FROM Guestbook"
    Dim MyConn as New OleDBConnection (strConn)
    Dim Cmd as New OleDBCommand (MySQL, MyConn)
    MyConn.Open ()
    rptGuestbook.DataSource = _ 
      Cmd.ExecuteReader(System.Data.CommandBehavior.CloseConnection)
    rptGuestbook.DataBind()
End Sub

You can see the code for the Repeater in the source file, but one interesting thing that I used is to automatically create a link to the website the user provided in the form. That is done using the Hyperlink control that comes with Visual Studio .NET.

Points of Interest

I hope this article has shown you how easy it is to create a simple guestbook in a very short time. Of course, you may like to format the output differently. I didn't spend much time on the design of the interface, but instead concentrated on the logic. I haven't included any error checking, in order to make the code as simple as possible.

If you understand the theory behind this guestbook, you can move on to some more complex things using ASP.NET. I hope you enjoyed this as much as I have! - Good luck!

Update 16.03.2004

This article talks about the "Operation must use an updateable query" problem, that many people are having.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here

Share

About the Author


Comments and Discussions

 
GeneralError Code Pin
seangheng19-Jul-09 21:40
memberseangheng19-Jul-09 21:40 
GeneralASP.NET login page Pin
kholiwe4-Apr-07 23:28
memberkholiwe4-Apr-07 23:28 
GeneralRe: ASP.NET login page Pin
hafizakahbk24-Jul-07 16:46
memberhafizakahbk24-Jul-07 16:46 
QuestionHelp Pin
asifahaniff20-Aug-06 6:38
memberasifahaniff20-Aug-06 6:38 
GeneralBlank Log view page Pin
fredtbx19-Jan-06 5:08
memberfredtbx19-Jan-06 5:08 
GeneralRe: Blank Log view page Pin
Gabriel8219-Apr-07 12:23
memberGabriel8219-Apr-07 12:23 
GeneralNext Page Pin
shlvy12-Aug-04 7:50
membershlvy12-Aug-04 7:50 
GeneralSecurity Pin
Jeffrey Sax17-Mar-04 20:01
memberJeffrey Sax17-Mar-04 20:01 
GeneralRe: Security Pin
Tony Truong18-Mar-04 13:40
memberTony Truong18-Mar-04 13:40 
GeneralRe: Security Pin
Jeffrey Sax18-Mar-04 18:18
memberJeffrey Sax18-Mar-04 18:18 
Tony Truong wrote:
Using stored procedures won't completely stop SQL code injection.

This is true. If the stored procedure itself builds a query string that uses the input parameters, it's still not safe.

Tony Truong wrote:
Only proper user input parsing and filtering will solve the security risks you mention.

This is not true.

Tony Truong wrote:
What's to stop a user from entering sql statements inside the "message" input textbox.

A few things. ADO.NET has provisions for this. If you use an SqlCommand object and its Parameters collection to build either the SQL statement or the stored procedure call, then you are safe.

If you want more details, there is an article on MSDN[^] that deals with security in ASP.NET applications. It includes a section on SQL injection attacks.

Jeffrey

Everything should be as simple as possible, but not simpler.
    -- Albert Einstein

http://www.extremeoptimization.com/
GeneralRe: Security Pin
Tony Truong22-Mar-04 9:28
memberTony Truong22-Mar-04 9:28 
GeneralRe: Security Pin
Anonymous27-May-05 23:03
sussAnonymous27-May-05 23:03 
GeneralRunTimeError Pin
sashy28-Feb-04 6:39
membersashy28-Feb-04 6:39 
GeneralRe: RunTimeError Pin
ArniG4-Mar-04 11:47
memberArniG4-Mar-04 11:47 
GeneralAdding a search option to this Pin
dal20613-Apr-03 17:22
memberdal20613-Apr-03 17:22 
GeneralGot errors Pin
xiaosong17-Feb-03 17:52
memberxiaosong17-Feb-03 17:52 
GeneralRe: Got errors Pin
Tiger Woods18-Feb-03 22:57
memberTiger Woods18-Feb-03 22:57 
GeneralRe: Got errors Pin
xiaosong19-Feb-03 12:11
memberxiaosong19-Feb-03 12:11 
GeneralRe: Got errors Pin
Anonymous14-Jun-03 9:01
sussAnonymous14-Jun-03 9:01 
GeneralRe: Got errors Pin
Anonymous14-Jun-03 9:16
sussAnonymous14-Jun-03 9:16 
GeneralRe: Got errors Pin
Michelle_ho8-Mar-04 4:41
sussMichelle_ho8-Mar-04 4:41 
GeneralRe: Got errors Pin
ArniG16-Mar-04 3:41
memberArniG16-Mar-04 3:41 
GeneralOther similar articles Pin
Uwe Keim18-Jan-03 2:06
sitebuilderUwe Keim18-Jan-03 2:06 
Questionwrong category? Pin
Steve McLenithan17-Jan-03 10:48
memberSteve McLenithan17-Jan-03 10:48 
AnswerRe: wrong category? + ... Pin
Steve McLenithan17-Jan-03 10:51
memberSteve McLenithan17-Jan-03 10:51 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.150520.1 | Last Updated 17 Mar 2004
Article Copyright 2003 by Dilbert2004
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid