Click here to Skip to main content
14,123,619 members
Click here to Skip to main content
Add your own
alternative version


28 bookmarked
Posted 11 Jul 2004

Easy Guestbook with ASP

, 11 Jul 2004
Rate this:
Please Sign up or sign in to vote.
Easy Guestbook with ASP and MS Access

Sample Image - asp-guestbook.gif

Introduction - An Easy ASP Guestbook with Web-based Administration

Here we start out with a simple "settings" file, named settings.asp. This file will be included on each page, and will contain the basic settings for this guestbook.

Since the password (logincode) is NOT in the database, you can leave the database in the webroot with a mappath statement to make the install easier. However, the best place for the database is outside of your webroot, in which case you would want to change the database_path string to your full path ("C:\inetpub\database\post.mdb" for example)

There is also an important settings to allow html, or not. Many times folks abuse a guestbook by filling it with links, and other junk. It would be a good idea to disallow html, unless you really need it.

The language setting is just a set of variables for text used within the system, for each language there is a different text that is used. Very easy to add a "new" language to the system.


The login is a simple login check page, which checks the login code entered on the form
with the one stored in the settings.asp file.

'title of your guestbook.
pagetitle = "Demo"

'english = en, german = ger, french = fr
lang = "en"

'admin password
logincode = "1234"

'number of entries to show.
show_posts = "25"

'minimum length of post to be allowed.
minimum_length = 4

'set to "no" for no html, set to "yes" to allow html (not recommended!)
allow_html = "no"

'leave as is, unless you want to move your database.
database_path = Server.MapPath("post.mdb")
<%Option Explicit%>
<!--<span class="code-comment"> #INCLUDE FILE="settings.asp" --></span>

if Request.Form("mynumber") = "" then
End If

'set variables from form
FormPwd = Request.Form("mynumber")
FormPwd = replace(FormPwd,"'","''")

'run login or return to login page
if formpwd = logincode then
    Session("LoginID") = formpwd
End if

'final redirect

ASP Guestbook Login

The login uses session variables to store the login information, so to log off we simple abandon the session. The redirect appends the date to avoid seeing a "cached" login page after being logged out. This is not a security issue, but just for convenience.

response.redirect("post.asp?d=" & date)

Now the main code is the post.asp page, this page is the same whether you are logged in as admin or just a guest visiting the page. If you are logeed in you see the same data as a guest, only you have more options available, you can delete posts, or restore deleted posts, or empty the "recycle bin" (where deleted posts are stored until you clear them out).

ASP Guestbook

As you can see from the code below, we check for the loggedin session right from the start,
then we can use this throughout the rest of the script to display data based on your status as admin or guest.

<% option explicit %>
<!--<span class="code-comment"> #INCLUDE FILE="settings.asp" --></span>
LoggedIn = Session("loginID")

Once you are logged in you see more options available.

ASP Guestbook

The file is split up into "parts" depending on what querystring is passed.

The section below checks to see if you are logged in and then check so see if
you have attempted to empty the "deleted" items from the database.

'============Empty Deleted Items from the database============
If LoggedIn <> "" Then
    if request.querystring("del") = 1 then
        Set dConn = Server.CreateObject("ADODB.Connection")

        mySQL = "DELETE FROM tblpost where active = 2;"
        set dconn = nothing
    end if
end if

As you can see from the rest of the main "post" code, different items are displayed or actions performed based on being logged in or not, and if so what querystring value you have passed to the page.

'============set based on delete or undelete============
If LoggedIn <> "" Then
    showdeleted = request.querystring("showdeleted")
    if showdeleted = 1 then
    active = 2
    removetype = 1
    delete_text = undelete_text
    delimage = "undelete.gif"
    active = 1
    removetype = 2
    delete_text = delete_text
    delimage = "delete.gif"
    end if
    active = 1
end if

'============Delete/Undelete Items from the guestbook display============
remove = request.querystring("remove")
if remove = 1 then
    Set dConn = Server.CreateObject("ADODB.Connection")
       & database_path

    removetype = request.querystring("removetype")
    mySQL = "UPDATE tblPost SET Active = " & removetype & " WHERE ID = " & _
            ID & ";"
    response.write "updating"
    set dConn = Nothing
end if
'============End Delete Section============

Set dataRS = Server.CreateObject("ADODB.RecordSet")
dataSQL = "Select TOP " & show_posts & " message, remote_addr, sysdate, " &_
          " systime, id FROM tblPost WHERE active = " & active &_
          " order by sysdate DESC, systime DESC;"
'Response.Write dataSQL

Set dConn = Server.CreateObject("ADODB.Connection")
dConn.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE=" & database_path

dataRS.Open dataSQL, dConn, 1, 3
recordcount = dataRS.recordcount
if recordcount > 0 then
    data = dataRS.GetRows()
    'Data is retrieved so close all connections
    Set dataRS = Nothing

    set dconn = nothing
    'Setup for array usage
    iRecFirst   = LBound(data, 2)
    iRecLast    = UBound(data, 2)
end if

'============IF IS A POST BACK============
message = trim(request.form("message"))
if request.form("ispostback") = 1 AND (len(message) > minimum_length) then
        if allow_html = "no" then
            message = RemoveHTMLtags(message)
            message = PreSubmit2(message)
        end if
    strSQL = "tblPost"
    'Open a recordset
    Set cRS2 = Server.CreateObject("ADODB.recordset")

    Set dConn = Server.CreateObject("ADODB.Connection")

    cRS2.Open strSQL, dConn, 1,3

    cRS2("message") = message
    cRS2("sysdate") = date()
    cRS2("systime") = time()
    cRS2("remote_addr") = request.ServerVariables("remote_addr")
    cRS2("Active") = 1

    Set cRS2 = Nothing

    Set dConn = Nothing
end if

'============End POSTBACK Section============
<P style="FONT-WEIGHT: bold"><%=pagetitle%>

<table border=2 bordercolor="silver" CELLSPACING=0 CELLPADDING=4>
<form action="post.asp" method="post" name="form1" id="form1">
    <tr class='smalltext'>
        <td><textarea cols="50" rows="4" name="message" 
             style="font-family: Arial, Helvetica, sans-serif;" 
             class="cssborder" title="<%=add_text%>"></textarea></td>
        <td nowrap><input type="submit" value="<%=add_text%>" 
          style="height: 50px;" class="cssborder"></td>
<input type="hidden" name="ispostback" value="1">

if recordcount > 0 then
<table border="2" cellspacing="0" cellpadding="4" 
        bordercolor="silver" width="500">
        <th><%= message_text %></th>
    If LoggedIn <> "" then
        <th><%= delete_text %></th>
    <% end if %>    
    ' Loop through the records (second dimension of the array)
    For I = iRecFirst To iRecLast
        Response.Write "<tr class='smalltext'>" & _
        "<td colspan='top'>" & data(0, I) & " 
[" & data(3,I) & "| " & data(2, I) & " | " & data(1, I) & "]</td>"
        if LoggedIn <> "" then
          response.write "<td nowrap valign='top' align='center'>"
          response.write "<A href='post.asp?id=" & data(4, I)
          response.write "&remove=1&removetype=" & removetype 
          response.write "'><IMG title='" & delete_text
          response.write "' src='"%20&%20delimage%20&%20"'"
          response.write " border=0></A></td>"
        end if
    Next ' I
end if

If LoggedIn <> "" Then
    response.write logoutlink
    response.write loginlink
end if

'close db just in case
on error resume next
    Set dConn = Nothing
on error goto 0

That is basically it, this is a very simple little guestbook, that should be easy to add to an site that supports ASP and MS Access database connections (No ODBC is necesary).



This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


About the Author

United States United States
Live in Michigan, USA

You may also be interested in...

Comments and Discussions

Questionhow use the code? Pin
41025094-Jul-11 19:28
member41025094-Jul-11 19:28 
Questionadding fields? Pin
heatherbee17-Dec-10 23:24
memberheatherbee17-Dec-10 23:24 
QuestionASP Guestbook Pin
tooop5-May-10 12:21
membertooop5-May-10 12:21 
GeneralNeed small help from u! Pin
sonia.sardana20-Sep-09 2:57
membersonia.sardana20-Sep-09 2:57 
QuestionProblems with this code Pin
Kerry9-Dec-07 9:43
memberKerry9-Dec-07 9:43 
Questioninput type=&quot;hidden&quot; name=&quot;ispostback&quot; value=&quot;1&quot;&gt; [modified] Pin
khasiguy26-Jun-06 10:44
memberkhasiguy26-Jun-06 10:44 
GeneralProblems with the display of code in the article Pin
NASAmab15-Jul-04 5:49
sussNASAmab15-Jul-04 5:49 
GeneralRe: Problems with the display of code in the article Pin
aa2max15-Jul-04 7:44
memberaa2max15-Jul-04 7:44 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web05 | 2.8.190518.1 | Last Updated 12 Jul 2004
Article Copyright 2004 by aa2max
Everything else Copyright © CodeProject, 1999-2019
Layout: fixed | fluid