TAD's Quick ASP/Database tut



In this (very) short series of articles I will describe how to create a simple web based visitor guestbook and simple messageboard using some HTML/ASP (VBscript) pages and a Database. I will be using the same tools I normally use at work (Coz, that's where I learnt all this crap "while doing a million other things" (tm) ;) - these tools are
Windows 2000 pro,
Monkeyslap Office 2000 (for creating/editing the Access Database)
Dreamweaver MX (although you could even use notepad if you wish).

All the following techniques work (I've used them many times) although they might not be 'the best' way to do things. This comes from working for a very small company where they expect you to do 2-3 jobs AND try to learn all the latest technology without having either the budget nor time to do so :(

What is ASP?

Unlike 'Client-side' scripting languages (such as Javascript, Jscript, VBscript, PerlScript) which are downloaded by a visitor to your website and executed on THEIR machine, 'Server-Side' languages such as ASP (Active Server Pages) ONLY runs ON THE WEB SERVER and their OUTPUT ('Response') is then sent to the visitor/client in the form of plain old HTML. A server is basically a piece of software that waits for requests from other PCs (the clients) and sends back processed data.


The 'Client' (visitor) requests a page (eg. http://www.mysite.com/welcome.html)

The entire welcome.html web page is returned to the client (including any Javascript/VBscript).

The script is executed on the Client's machine (of course, the Client is free to examine/rip/modify any script - bad for security)


The 'Client' (visitor) requests a ASP page (eg. http://www.mysite.com/welcome.asp)

The server runs the welcome.asp page (executing the ASP fragments of code & sending back the plain HTML fragments back to the client).

As you can see NO code is sent back to the client (looking at the source code for a ASP website page in your web browser will ONLY show the returned HTML - the actual ASP code has been processed and removed by the server). From a security point of view this is much better. Another advantage from ASP is that is pages can be more dynamic; you can re-use the same page for many, many different tasks by passing a variable on the URL query string.

ASP can be written in many different scripting languages such as VBscript (the most common), Jscript, Javascript and PerlScript. For this short series I will only use VBscript since most companies want this on your CV when you go for a job interview.

Installing and setup

Firstly you need to install a 'Web server' on your development machine so you can run and test ASP (Active Server Pages). For Windows 2000 you should find IIS 5 somewhere on your CD-ROM. (Sorry if some of this is short on detail but there are plenty of good tutorials and help on the net, including using PWS (Personal Web Server) on Windows 98 machines - besides, I want to focus more on how to code the ASP and design the database).

Insert your dusty old Windows 2000 CD and fire up the Add/Remove programs Icon (Startmenu -> Control Panel -> Add/Remove Programs). Hit the Add/Remove Windows Components and tick the IIS (Internet Information Service) box. Follow the instructions, reboot and then type: http://localhost into your web browser. If all goes well you are now looking at 2 ASP pages containing information about IIS.

If you encounter problems like the web browser hanging or not being able to find a page then it may be due one or more of the following problems:
IIS (or PWS) is not installed correctly on your PC
Your firewall preventing IIS/PWS from starting
Your IIS/PWS is NOT enabled after a reboot
Your Anti-Virus software.

I suggest uninstalling both your firewall and anti-virus program before installing IIS/PWS, make sure the http://localhost works in your browser and then try re-installing your firewall and Anti-virus program. If you're using an old version of ZoneAlarm or Norton AV then you might need to upgrade or apply a patch to get everything running. Again, search the net for more detailed information (trust me, we'll get to coding ASP soon ;)

Make your life easier :)

TIP 1: Once you have your IIS running on your machine go to Start Menu->Control Panel -> Administrator Tools and Click on Personal Web Manager from the Properties Menu enable 'Show System Tray'. This allows you to start/stop or pause the IIS server more quickly.

TIP 2: Create a simple 'web links' page and save it on your Hard-drive somewhere and make this your homepage. Include a link to http://localhost, google, www.aspin.com and all your favourite pr0n (er, coding sites ;) When developing lots of web based ASP sites this links page makes life so much easier because they are only 1 click away.

Where do I save files?

Because we're using one PC as both the IIS Web-sever AND normal client machine - we need to store our websites in the c:\inetpub\wwwroot folder (or in a sub-folder such as 'c:\inetpub\wwwroot\mysite') in order for IIS (or PWS) to find and execute the ASP pages and pass their output to your web browser.

When you type http://localhost/mysite/welcome.asp (or instead of localhost) into your web browser the IIS server will translate this into c:\inetpub\wwwroot\mysite\welcome.asp, execute the ASP code and return the results to your browser.

Your 1st ASP page :)

Okay, I promised some ASP code so here it is. Simply cut n paste it into your HTML source code editor (or NotePad, UltraEdit etc..) create a folder and save it as c:\inetpub\wwwroot\mysite\hello.asp).

<%@ Language=VBScript %>
<% Option Explicit %>
	Response.Write "Hello from ASP :)"

Enter this URL into your web browser http://localhost/mysite/hello.asp and cheer as your first ASP page runs. If you examine the source-code in your browser you will not find any ASP code only the "Hello from ASP :)" message from the Response.Write function.

Most of the time you will be using Response.Write or the shorter <%= .... %> method to insert strings into the HTML page that the client/surfer will see on their monitors.

Your 2nd ASP page :)

Let's code a slightly longer asp page that mixes ASP with plain old HTML code. Most of the time your ASP pages will have ASP VBscript code at the top of the page and standard HTML tags underneath with a few strings inserted (and repeated) like in the following example. Save this as c:\inetpub\wwwroot\mysite\date.asp and view in your browser as http://localhost/mysite/date.asp

<%@ Language=VBScript %>
<% Option Explicit %>
	Dim var1 
	var1 = now
<title>Your 2nd ASP page :)</title>
The time and date is <%=var1%>.

You should have noticed that plain old HTML uses <...> tags where as ASP uses <%...%> to delimit it. You can freely intermix the two. Most of the time when you're creating a website you will design a HTML page and then insert the ASP code fragments around them.

You can even place ASP code INSIDE a HTML tag. A common example of this is dynamic links or images 'SRC=' paths where part of a HTML tag changes depending on some condition.

QueryString & GET forms

Let's code a slightly longer example using 2 ASP pages. The first one is a simple form which 'GET' sends its FORM values to the 2nd page. The GET method of posting (I know, stupid naming or wot!) places variables on the URL string using a '?' question-mark character to denote the start of the QueryString. We can access these passed values on the 2nd page by using the Request.QueryString(...) function.

Page 1 - The input Form (save as "query.htm")
<title>Example of GET posting</title>
<form name="form1" method="get" action="query2.asp">
  Enter a website url
  <input type="text" name="stoopid">
  <input type="submit" name="Submit" value="Submit">
Page 2 - Get the Query value (save as "query2.asp")
<%@ Language=VBScript %>
<% Option Explicit %>
	Dim theURL
	theURL = Request.QueryString("stoopid")
<title>Query String example</title>
You typed <%=theURL%>.
<a href="<%=theURL%>">CLICK HERE</a> </html>

Now if you type http://localhost/query.htm to run the example above you should see how a value was passed from one page's 'stoopid' form-field using the QueryString to the 2nd page where it was displayed and turned into a weblink.

There are some restrictions on using the GET (or "QueryString") method to send data from one ASP page to another. For a start the URL of any webpage is limited to about 256 (or less) characters. And more importantly security; it doesn't really exist when using the GET method of posting because variables and values are THERE on the URL for everyone to see and mess around with.

The advantage of using GET/QueryString is that ANY normal HTML weblink can pass values to an ASP page simply by using (for example) "http://www.microsoft.com?linux=good&windows=bad" ;)

Posts & Forms

A slightly more secure method of passing data is by using the POST method of, er, posting. You can post large amount of form data, both visible (in terms of input form-field boxes, drop-down menus, file selectors) and invisible (in terms of hidden fields - although these are NOT secure because their values can be viewed in the web browser source!!).

I'll leave you with the task of coding a little POST form example. It shouldn't be very difficult, look at the previous GET form example above, change method="GET" into method="POST" and replace Request.QueryString with Request.Form.

Next time we will look at the Session variable and how we can use it to reduce the amount of data posting between pages.

Happy VBscriptin'