Email Password Remember me?  Lost your password?

• Download source files - 23.9 Kb

Introduction

This project shows an easy way to create a guestbook built using ASP.NET. Access database is used to store the data. ADO.NET is used to access the data on the server. To format the data, I use the Repeater control that comes with Visual Studio .NET.

Background

The guestbook is split into two pages, one where the user can write in the guestbook and the other shows a log of all the guestbook entries.

Using the code

In order to be able to access data through a website, you'll have to include these two lines of code on every page you want to use data access methods:

<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDB" %>

I'm first going to describe the one where the user writes to the guestbook. The code needed to create the connection to the database looks like this:

sub OnBtnSendClicked (s As Object, e As EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                    & server.mappath("guestbook.mdb") & ";" 
    Dim MySQL as string = "INSERT INTO Guestbook " & _ 
       "(Name, EMail, URL, Comment) VALUES " & _
       "('" & txtName.Text & "','" & txtEMail.Text & "','" _ 
       & txtURL.Text & "','" & txtComment.Text & "')" 
    Dim MyConn as New OleDBConnection (strConn) 
    Dim cmd as New OleDBCommand (MySQL, MyConn) 
    MyConn.Open () 
    cmd.ExecuteNonQuery () 
    MyConn.Close () 
    Response.Redirect ("guestlog.aspx") 
end sub

This function executes when the user selects the "Send" button. It creates a connection with the server and then adds what the user typed in the form to the database, using the INSERT INTO statement. The txtName.Text retrieves the context of the Name field and adds it to the command. The other fields are retrieved exactly the same. You can see the code for the form in the source file, that comes with this article.

After the function has added the new record, the user is redirected to the log page, where he can see all the other entries in the guestbook. Now we are going to look at the page, that displays the entries of the guestbook (database).

This function executes whenever the page is loaded (or refreshed). It creates a connection with the database, and binds the data to the Repeater control. The Repeater control is formatted elsewhere in the file, a great way to separate data and logic.

Sub Page_Load (Source As Object, E as EventArgs)
    Dim strConn as string = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" _ 
                                & server.mappath("guestbook.mdb") & ";"
    Dim MySQL as string = "SELECT Name, EMail, URL, Comment FROM Guestbook"
    Dim MyConn as New OleDBConnection (strConn)
    Dim Cmd as New OleDBCommand (MySQL, MyConn)
    MyConn.Open ()
    rptGuestbook.DataSource = _ 
      Cmd.ExecuteReader(System.Data.CommandBehavior.CloseConnection)
    rptGuestbook.DataBind()
End Sub

You can see the code for the Repeater in the source file, but one interesting thing that I used is to automatically create a link to the website the user provided in the form. That is done using the Hyperlink control that comes with Visual Studio .NET.

Points of Interest

I hope this article has shown you how easy it is to create a simple guestbook in a very short time. Of course, you may like to format the output differently. I didn't spend much time on the design of the interface, but instead concentrated on the logic. I haven't included any error checking, in order to make the code as simple as possible.

If you understand the theory behind this guestbook, you can move on to some more complex things using ASP.NET. I hope you enjoyed this as much as I have! - Good luck!

Update 16.03.2004

This article talks about the "Operation must use an updateable query" problem, that many people are having.

You must Sign In to use this message board.

Per page 102550

FirstPrevNext

Error Code seangheng 21:40 19 Jul '09   Why don't you explain easier to understand Sign In·View Thread·PermaLink 2.00/5 ASP.NET login page kholiwe 23:28 4 Apr '07   Hi all I am trying to create a login page using ASP.NET and c# 2003 code behind. I am using Access database but i keep on getting this error when trying to connect to my database: Can someone please help me eliminate this error. [Server Error in '/BookFlight' Application. -------------------------------------------------------------------------------- The Microsoft Jet database engine cannot open the file 'C:\Inetpub\wwwroot\FlightBooking.mdb'. It is already opened exclusively by another user, or you need permission to view its data. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.OleDb.OleDbException: The Microsoft Jet database engine cannot open the file 'C:\Inetpub\wwwroot\FlightBooking.mdb'. It is already opened exclusively by another user, or you need permission to view its data. Source Error: Line 159: Line 160: if(oleDbConnection1.State == ConnectionState.Closed) Line 161: oleDbConnection1.Open(); Line 162: Line 163: //while (dataReader.Read()) Source File: c:\inetpub\wwwroot\bookflight\login.aspx.cs Line: 161 Stack Trace: [OleDbException (0x80004005): The Microsoft Jet database engine cannot open the file 'C:\Inetpub\wwwroot\FlightBooking.mdb'. It is already opened exclusively by another user, or you need permission to view its data.] System.Data.OleDb.OleDbConnection.ProcessResults(Int32 hr) System.Data.OleDb.OleDbConnection.InitializeProvider() System.Data.OleDb.OleDbConnection.Open() BookFlight.WebForm1.CustomValidator1_ServerValidate(Object source, ServerValidateEventArgs args) in c:\inetpub\wwwroot\bookflight\login.aspx.cs:161 System.Web.UI.WebControls.CustomValidator.OnServerValidate(String value) System.Web.UI.WebControls.CustomValidator.EvaluateIsValid() System.Web.UI.WebControls.BaseValidator.Validate() System.Web.UI.Page.Validate() System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) System.Web.UI.Page.ProcessRequestMain() -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:1.1.4322.2032; ASP.NET Version:1.1.4322.2032 ] Sign In·View Thread·PermaLink Re: ASP.NET login page hafizakahbk 16:46 24 Jul '07   Protected Sub btnlogin_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Login.Click Dim stafid As String stafid = CStr(StaffNo.Text) Dim dt As New Data.DataTable() Dim connstr As String = "Provider=Microsoft.Jet.OLEDB.4.0;" & "Data Source=your dbase dir" Dim sqlstr As String = "SELECT * from Staff" Dim dataAdapter As New Data.OleDb.OleDbDataAdapter(sqlstr, connstr) dataAdapter.Fill(dt) dataAdapter.Dispose() For i As Integer = 0 To (dt.Rows.Count - 1) If CStr(dt.Rows(i)("staff_no")) = stafid Then FileUpload1.Visible() = True btnUpload.Visible() = True Session("logged") = True Login.Visible() = False StaffNo.Visible() = False label1.Visible() = False Else MsgBox("fail to log you in!", 0, "Login fail!!") End If Next End Sub if error occur it might be this.. Dim dt As New Data.DataTable() change to Dim dt As New DataTable(), Dim dataAdapter As New Data.OleDb.OleDbDataAdapter(sqlstr, connstr) change to Dim dataAdapter As New OleDb.OleDbDataAdapter(sqlstr, connstr). im using vb2.0,but still the same although using c#.jana Sign In·View Thread·PermaLink 1.67/5 Help asifahaniff 6:38 20 Aug '06   Syntax error in INSERT INTO statement. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.OleDb.OleDbException: Syntax error in INSERT INTO statement. Source Error: Line 33: Dim cmd as New OleDBCommand (MySQL, MyConn) Line 34: MyConn.Open () Line 35: cmd.ExecuteNonQuery () Line 36: MyConn.Close () Line 37: Source File: D:\HCCRootWeb\AsifaTest\allahpleasework.aspx Line: 35 Stack Trace: [OleDbException (0x80040e14): Syntax error in INSERT INTO statement.] System.Data.OleDb.OleDbCommand.ExecuteCommandTextErrorHandling(Int32 hr) +41 System.Data.OleDb.OleDbCommand.ExecuteCommandTextForSingleResult(tagDBPARAMS dbParams, Object& executeResult) +174 System.Data.OleDb.OleDbCommand.ExecuteCommandText(Object& executeResult) +92 System.Data.OleDb.OleDbCommand.ExecuteCommand(CommandBehavior behavior, Object& executeResult) +65 System.Data.OleDb.OleDbCommand.ExecuteReaderInternal(CommandBehavior behavior, String method) +112 System.Data.OleDb.OleDbCommand.ExecuteNonQuery() +66 ASP.allahpleasework_aspx.OnBtnSendClicked(Object s, EventArgs e) in D:\HCCRootWeb\AsifaTest\allahpleasework.aspx:35 System.Web.UI.WebControls.Button.OnClick(EventArgs e) +108 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +57 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +18 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +33 System.Web.UI.Page.ProcessRequestMain() +1292 I keep getting this error on the line cmd.ExecuteNonQuery () Please if any one has any idea what is it regarding that will e a great help. Thank you Sign In·View Thread·PermaLink Blank Log view page fredtbx 5:08 19 Jan '06   I'm able to use the entry page but the log view page just has the title with no records displayed and no errors. Any ideas why? Sign In·View Thread·PermaLink Re: Blank Log view page Gabriel82 12:23 19 Apr '07   Hello Well Usually the IIS run the index.htm at first and that’s the page where you can write in guestbook which is “guestbook.aspx” and list all guestbook which is “guestlog.aspx” so type after the link index.htm ex: http://localhost/guestbook/index.htm or in Default Content page in IIS change the priorities so that index.htm will read first. I hope I could help Gabriel Sign In·View Thread·PermaLink Next Page shlvy 7:50 12 Aug '04   Hi How can i limit the numbers of the messages in the page, i mean after 10 messages will bw shown in the bottom of the page - next page or 1,2,3-> something like that. Thank's. Sign In·View Thread·PermaLink Security Jeffrey Sax 20:01 17 Mar '04   Nicely done! I would like to point out a security issue in your code as it stands: SQL code injection. In a nutshell: because you are building your SQL statement by hand (not using a stored procedure), and you are pasting the contents of the form controls straight into your SQL statement, you are leaving an opening for a malicious guest to run arbitrary SQL code on your database. A short discussion can be found on CP here[^]. MSDN also did a Webcast[^] on the subject. Jeffrey Everything should be as simple as possible, but not simpler.     -- Albert Einstein http://www.extremeoptimization.com/ Sign In·View Thread·PermaLink Re: Security Tony Truong 13:40 18 Mar '04   Using stored procedures won't completely stop SQL code injection.. What's to stop a user from entering sql statements inside the "message" input textbox. The sp is passed some parameters which it uses to build a SQL insert statement to insert a new row in the guestbook... Why can't a user close off the insert statement and than embedd an update or delete statement into the sp .. As long as the sp string is properly formated, than the sql statement(s) will be excuted... Only proper user input parsing and filtering will solve the security risks you mention. Sign In·View Thread·PermaLink Re: Security Jeffrey Sax 18:18 18 Mar '04   Tony Truong wrote: Using stored procedures won't completely stop SQL code injection. This is true. If the stored procedure itself builds a query string that uses the input parameters, it's still not safe. Tony Truong wrote: Only proper user input parsing and filtering will solve the security risks you mention. This is not true. Tony Truong wrote: What's to stop a user from entering sql statements inside the "message" input textbox. A few things. ADO.NET has provisions for this. If you use an SqlCommand object and its Parameters collection to build either the SQL statement or the stored procedure call, then you are safe. If you want more details, there is an article on MSDN[^] that deals with security in ASP.NET applications. It includes a section on SQL injection attacks. Jeffrey Everything should be as simple as possible, but not simpler.     -- Albert Einstein http://www.extremeoptimization.com/ Sign In·View Thread·PermaLink 5.00/5 Re: Security Tony Truong 9:28 22 Mar '04   My original response was meant to be platform/language independent... What I meant is that the act of implementing a stored procedure does not prevent sql code injection... Moreso, your code must filter user input for the security reasons mentioned. Here, ADO.NET's SQLParameter class does the filtering for you... In essense, you can use the SQLParameter class in commandtext instead of stored procedures and get the same secutiry measures (assuming the SqlCommand class allows you to the use SQLParameter with commandtext.. if not you can implement a varation of the SqlCommand class) Sign In·View Thread·PermaLink Re: Security Anonymous 23:03 27 May '05   use OleDbParameter Sign In·View Thread·PermaLink RunTimeError sashy 6:39 28 Feb '04   Hi this must be a very stupid question...I´m a beginner...but I get this message when I press submit: ---------------------------------------------------------- RunTineError etc.... Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". <!-- Web.Config Configuration File --> ----------------------------------------------- Now what am I supposed to do? please help me! Sign In·View Thread·PermaLink 2.00/5 Re: RunTimeError ArniG 11:47 4 Mar '04   Place the following in a file and name it web.config, and place in the folder where you have you're web. <?xml version="1.0" encoding="utf-8" ?> <configuration>         <system.web>          <compilation             defaultLanguage="c#"             debug="true"       />                   <customErrors           mode="RemoteOnly"       />       <!--   APPLICATION-LEVEL TRACE LOGGING                Application-level tracing enables trace log output for every page within an application.                Set trace enabled="true" to enable application trace logging.   If pageOutput="true", the                trace information will be displayed at the bottom of each page.   Otherwise, you can view the                application trace log by browsing the "trace.axd" page from your web application                root.       -->       <trace             enabled="true"             requestLimit="10"             pageOutput="false"             traceMode="SortByTime"      localOnly="true"       />       <!--   SESSION STATE SETTINGS                By default ASP.NET uses cookies to identify which requests belong to a particular session.                If cookies are not available, a session can be tracked by adding a session identifier to the URL.                To disable cookies, set sessionState cookieless="true".       -->       <sessionState                   mode="InProc"                   stateConnectionString="tcpip=127.0.0.1:42424"                   sqlConnectionString="data source=127.0.0.1;user id=sa;password="                   cookieless="false"                   timeout="20"       />       <!--   GLOBALIZATION                This section sets the globalization settings of the application.       -->       <globalization                   requestEncoding="utf-8"                   responseEncoding="utf-8"    /> </system.web> </configuration> Sign In·View Thread·PermaLink Adding a search option to this dal206 17:22 13 Apr '03   Could anyone give me some insite on how to add a search option to this, and then display those results. This is probably asking a lot from a message board, but is there any examples that could be found? Thanks Sign In·View Thread·PermaLink 1.00/5 Got errors xiaosong 17:52 17 Feb '03   I've done loaded the guestbook files and run them on our server. However I got the following errors. Looks very likely it is our server permision problem. Any idea or hint about this problem and how to solve it? Thank you very much for your help. ********** Below is the error message ************* Operation must use an updateable query. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.OleDb.OleDbException: Operation must use an updateable query. Source Error: Line 13: Dim cmd as New OleDBCommand (MySQL, MyConn) Line 14: MyConn.Open () Line 15: cmd.ExecuteNonQuery () Line 16: MyConn.Close () Line 17: Source File: c:\inetpub\wwwroot\xli\AccessGuest\guestbook.aspx Line: 15 Stack Trace: [OleDbException (0x80004005): Operation must use an updateable query.] Sign In·View Thread·PermaLink 1.67/5 Re: Got errors Tiger Woods 22:57 18 Feb '03   Like you say, it must be your server permission. I haven't had this propblem on my server. Sign In·View Thread·PermaLink Re: Got errors xiaosong 12:11 19 Feb '03   It is our server permission problem. The problem has been solved. Your codes work perfectly now. Thank you very much. Sign In·View Thread·PermaLink Re: Got errors Anonymous 9:01 14 Jun '03   Hi People, I have the same problem, how exactly did you fix the permissions problem? Sign In·View Thread·PermaLink 3.00/5 Re: Got errors Anonymous 9:16 14 Jun '03   Forget it just found it... thanks anyway... infact the answer was rather obvious which is not without a sense of irony Sign In·View Thread·PermaLink 3.00/5 Re: Got errors Michelle_ho 4:41 8 Mar '04   I am sorry that I don't know how to set the permission. Can any one teach me? Sign In·View Thread·PermaLink Re: Got errors ArniG 3:41 16 Mar '04   Take a look at this article Sign In·View Thread·PermaLink 5.00/5 Other similar articles Uwe Keim 2:06 18 Jan '03   Please notice these onces, too: - www.codeproject.com/aspnet/aspnet_guestbook.asp[^] (by myself) - www.codeproject.com/aspnet/guestbooklk.asp[^] (by Laurent Kempé). -- - Free Windows-based Web Content Management System: http://www.zeta-software.de/enu/producer/freeware/download.html - Scanned MSDN Mag ad with YOUR name: www.magerquark.de/misc/CodeProject.html - See me: www.magerquark.de Sign In·View Thread·PermaLink 1.00/5 wrong category? Steve McLenithan 10:48 17 Jan '03   This is VB.net, not C#;P ******************** * $TeVe McLeNiThAn ******************** Sign In·View Thread·PermaLink 1.00/5 Re: wrong category? + ... Steve McLenithan 10:51 17 Jan '03   Good job though ******************** * $TeVe McLeNiThAn ******************** Sign In·View Thread·PermaLink

Last Visit: 2:47 22 Nov '09     Last Update: 2:47 22 Nov '09 12 Next »