CHAPTER 10 ■ DEALING WITH CUSTOMER ORDERS 399 9. Switch OrdersAdmin.aspx to Source View and disable the view state for the OrderDetailsAdmin.ascx instance. Change its name from OrderDetailsAdmin1 to orderDetailsAdmin: </asp:GridView> <br /> <uc1:OrderDetailsAdmin EnableViewState="false" id="orderDetailsAdmin" runat="server"> </uc1:OrderDetailsAdmin> </span> </asp:Content> How It Works: OrderDetailsAdmin.ascx Whew, you’ve written a lot of code for this control. The code itself isn’t complicated, but you had to deal with a lot of user interface elements. The two important details to understand are as follows: • You used the session to persist data about the selected order. This is read in the OrderDetailsAdmin control to obtain the ID of the selected order. • You used Page_PreRender instead of Page_Load, because it executed after the session gets the chance to be updated in the parent form. Because we talked about each method while writing the code, it should be pretty clear how the page works. Run it now and play with the buttons to make sure everything works as it should. Summary We covered a lot of ground in this chapter. You implemented a system by which you can both take orders and manually administer them. You accomplished this in two separate stages. You added a Proceed to Checkout button onto the shopping cart control to allow the visitor to order the products in the shopping cart. You implemented a simple orders administration page, where the site administrator could view and handle pending orders. In addition, we looked at the use of validation controls and also, importantly, set the scene for entirely automating the order system. Because order data is now stored in the database, you can create various statistics and run calculations based on the items sold. In the next chapter, you’ll learn how to implement a “Visitors who bought this also bought . . .” feature, which wouldn’t have been possible without the order data stored in the database. Darie-Watson_4681C10.fm Page 399 Tuesday, September 20, 2005 4:52 AM Darie-Watson_4681C10.fm Page 400 Tuesday, September 20, 2005 4:52 AM 401 ■ ■ ■ CHAPTER 11 Making Product Recommendations One of the most important advantages of an Internet store compared to a brick-and-mortar location is the capability to customize the web site for each visitor based on his or her prefer- ences or based on data gathered from other visitors with similar preferences. If your web site knows how to suggest additional products to your visitor in a clever way, he or she might end up buying more than initially planned. In this chapter, you’ll implement a simple but efficient product recommendations system in your BalloonShop web store. You can implement a product recommendations system in several ways, depending on your kind of store. Here are a few popular ones: • Up-Selling: The strategy of offering consumers the opportunity to purchase an “upgrade” or a little extra based on their requested purchases. Perhaps the most famous example of up-selling—“Would you like to super-size that?”—is mentioned to customers when they order a value meal at McDonald’s. This seemingly innocent request greatly increases the profit margin. • Cross-Selling: The practice of offering customers complementary products. Continuing with the McDonald’s analogy, when customers order hamburgers, they’ll always hear the phrase “Would you like fries with that?” because everyone knows that fries go with burgers. Because the consumers are ordering burgers, it’s likely that they also like french fries—the mere mention of fries is likely to generate a new sale. • Featured products on the home page: BalloonShop permits the site administrator to choose the products featured on the main page and on the department pages. In this chapter, you’ll implement a dynamic recommendations system with both up-selling and cross-selling strategies. This system has the advantage of not needing manual maintenance. Because at this point BalloonShop retains what products were sold, you can now implement a “customers who bought this product also bought . . .” feature. Darie-Watson_4681C11.fm Page 401 Monday, September 19, 2005 10:02 AM 402 CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS Increasing Sales with Dynamic Recommendations In BalloonShop, you’ll implement the dynamic recommendations system in the visitor’s shopping cart and in the product details page. After adding the new bits to your shop, the product details page will contain the product recommendations list at the bottom of the page, as shown in Figure 11-1. Figure 11-1. The product details page with the dynamic recommendations system implemented The shopping cart page gets a similar addition, as shown in Figure 11-2. Darie-Watson_4681C11.fm Page 402 Monday, September 19, 2005 10:02 AM CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS 403 Figure 11-2. The product details page with the dynamic recommendations system implemented Implementing the Data Tier Before writing any code, you first need to understand the logic you’ll implement for making product recommendations. We’ll focus here on the logic of recommending products that were ordered together with another specific product. Afterward, the recommendations for the shop- ping cart page will function in a similar way, but will take more products into consideration. So you need to find out what other products were bought by customers who also bought the product for which you’re calculating the recommendations (in other words, determine “customers who bought this product also bought . . .” information). Let’s develop the SQL logic to achieve the list of product recommendations step by step. Darie-Watson_4681C11.fm Page 403 Monday, September 19, 2005 10:02 AM 404 CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS ■Tip Because SQL is very powerful, you can actually implement the exact same functionality in several ways. We’ll cover here one of the options, but when implementing the actual stored procedures, you’ll be shown other options as well. To find what other products were ordered together with a specific product, you need to join two instances of the OrderDetail table on their OrderID fields. Feel free to review the “Joining Data Tables” section in Chapter 4 for a quick refresher about table joins. Joining multiple instances of a single table is just like joining different data tables that contain the same data. You join two instances of OrderDetail—called od1 and od2—on their OrderID fields, while filtering the ProductID value in od1 for the ID of the product you’re looking for. This way, in the od2 side of the relationship you’ll get all the products that were ordered in the orders that contain the product you’re looking for. The SQL code that gets all the products that were ordered together with the product iden- tified by a ProductID of 4 is SELECT od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = 4 This code returns a long list of products, which includes the product with the ProductID of 4, such as this one: ProductID 1 4 7 10 14 18 22 26 30 1 4 7 10 14 18 4 14 18 22 26 30 Darie-Watson_4681C11.fm Page 404 Monday, September 19, 2005 10:02 AM CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS 405 Starting from this list of results, you need to get the products that are most frequently bought along with this product. The first problem with this list of products is that it includes the product with the ProductID of 4. To eliminate it from the list (because, of course, you can’t put it in the recommendations list), you simply add one more rule to the WHERE clause: SELECT od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = 4 and od2.ProductID != 4 Not surprisingly, you get a list of products that is similar to the previous one, except it doesn’t contain the product with a ProductID of 4 anymore: ProductID 1 7 10 14 18 22 26 30 1 7 10 14 18 14 18 22 26 30 Now the list of returned products is shorter, but it contains multiple entries for the products that were ordered more than once in the orders that contain the product identifier 4. To get the most relevant recommendations, you need to see which products appear more frequently in this list. You do this by grouping the results of the previous query by ProductID and sorting in descending order by how many times each product appears in the list (this number is given by the Rank calculated column in the following code snippet): SELECT od2.ProductID, COUNT(od2.ProductID) AS Rank FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = 4 AND od2.ProductID != 4 GROUP BY od2.ProductID ORDER BY Rank DESC This query now returns a list such as the following: Darie-Watson_4681C11.fm Page 405 Monday, September 19, 2005 10:02 AM 8213592a117456a340854d18cee57603 406 CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS ProductID rank 14 3 18 3 22 2 26 2 30 2 1 2 7 2 10 2 If you don’t need the rank to be returned, you can rewrite this query by using the COUNT aggregate function directly in the ORDER BY clause. You can also use the TOP keyword to specify how many records you’re interested in. If you want the top five products of the list, this query does the trick: SELECT TOP 5 od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = 4 AND od2.ProductID != 4 GROUP BY od2.ProductID ORDER BY COUNT(od2.ProductID) DESC The results of this query are ProductID 18 14 22 10 7 Because this list of numbers doesn’t make much sense to a human eye, you’ll also want to know the name and the description of the recommended products. The following query does exactly this by querying the Product table for the IDs returned by the previous query (the description isn’t requested because of space reasons): SELECT ProductID, Name FROM Product WHERE ProductID IN ( SELECT TOP 5 od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = 4 AND od2.ProductID != 4 GROUP BY od2.ProductID ORDER BY COUNT(od2.ProductID) DESC ) Darie-Watson_4681C11.fm Page 406 Monday, September 19, 2005 10:02 AM CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS 407 Based on the data from the previous fictional results, this query returns something like this: ProductID Name 18 Love Cascade Hearts 14 Love Rose 22 I'm Younger Than You 10 I Can't Get Enough of You 7 Smiley Kiss Red Balloon Alternatively, you might want to calculate the product recommendations only using data from the orders that happened in the last n days. For this, you need an additional join with the orders table, which contains the date_created field. The following query calculates product recommendations based on orders placed in the past 30 days: SELECT ProductID, Name FROM Product WHERE ProductID IN ( SELECT TOP 5 od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID JOIN Orders ON od1.OrderID = Orders.OrderID WHERE od1.ProductID = 4 AND od2.ProductID != 4 AND DATEDIFF(dd, Orders.DateCreated,GETDATE()) < 30 GROUP BY od2.ProductID ORDER BY COUNT(od2.ProductID) DESC ) We won’t use this trick in BalloonShop, but it’s worth keeping in mind as a possibility. Adding Product Recommendations Make sure you understand the data tier logic explained earlier, as you’ll implement it in the GetProductRecommendations stored procedure. The only significant difference from the queries shown earlier is that you’ll also ask for the product description, which will be truncated at a specified number of characters. The GetProductRecommendations stored procedure is called when displaying Product.aspx to show what products were ordered together with the selected product. Add this stored procedure to the BalloonShop database: CREATE PROCEDURE GetProductRecommendations (@ProductID INT, @DescriptionLength INT) AS SELECT ProductID, Name, SUBSTRING(Description, 1, @DescriptionLength) + ' ' AS Description FROM Product Darie-Watson_4681C11.fm Page 407 Monday, September 19, 2005 10:02 AM 408 CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS WHERE ProductID IN ( SELECT TOP 5 od2.ProductID FROM OrderDetail od1 JOIN OrderDetail od2 ON od1.OrderID = od2.OrderID WHERE od1.ProductID = @ProductID AND od2.ProductID != @ProductID GROUP BY od2.ProductID ORDER BY COUNT(od2.ProductID) DESC ) An Alternate Solution Using SubQueries Because SQL is so versatile, GetProductRecommendations can be written in a variety of ways. In our case, one popular alternative to using table joins is using subqueries. Here’s a version of GetProductRecommendations that uses subqueries instead of joins. The commented code is self- explanatory: CREATE PROCEDURE GetProductRecommendations2 (@ProductID INT, @DescriptionLength INT) AS Returns the product recommendations SELECT ProductID, Name, SUBSTRING(Description, 1, @DescriptionLength) + ' ' AS Description FROM Product WHERE ProductID IN ( Returns the products that were ordered together with @ProductID SELECT TOP 5 ProductID FROM OrderDetail WHERE OrderID IN ( Returns the orders that contain @ProductID SELECT DISTINCT OrderID FROM OrderDetail WHERE ProductID = @ProductID ) Must not include products that already exist in the visitor's cart AND ProductID <> @ProductID Group the ProductID so we can calculate the rank GROUP BY ProductID Order descending by rank ORDER BY COUNT(ProductID) DESC ) Darie-Watson_4681C11.fm Page 408 Monday, September 19, 2005 10:02 AM [...]... several changes to enable this, but the starting point is to include a new role, in addition to Administrators, which we’ll call (surprisingly enough) Customers Customers will then log in using the same login page as administrators, but because they are in a different role, the similarity ends there They will not, for example, have access to the administration tools that administrators can use They... encrypting a string into an encrypted string are as follows: 1 Convert the source string into a byte array 2 Initialize an encryption algorithm class 3 Use the encryption algorithm class to generate an encryptor object, supporting the ICryptoTransform interface This requires key and IV values 4 Use the encryptor object to initialize a cryptographic stream (CryptoStream object) This stream also needs to. .. StringEncryptor.Encrypt(stringToEncrypt); if (stringToDecrypt == "") { stringToDecrypt = encryptedString; } string decryptedString = StringEncryptor.Decrypt(stringToDecrypt); StringBuilder sb = new StringBuilder(); sb.Append("Encrypted data: "); sb.Append(encryptedString); sb.Append("Decrypted data: "); sb.Append(decryptedString); result.Text = sb.ToString(); } } 5 Browse to BalloonShop/SecurityLibTester2.aspx,... among other things, edit products in the catalog You did this using forms authentication, and you created a login page, Login.aspx, to allow users in an Administrators role to log in The current login status, that is, whether a user is logged in, is shown using a user control you created, Login.ascx In this chapter, you’ll take things a little further by extending the system for use with customers You... maintain for Internet sites, and is usually avoided in such cases Alternatively, you could implement your own custom system, which gives you the most flexibility at the cost of increased development time One important thing you’d have to do in a custom system, as mentioned in Chapter 9, is to secure user passwords It isn’t a good idea to store user passwords in your database in plain text, because this information... here, leaving the SecureCard class untouched • StringEncryptorException.cs: Contains the StringEncryptorException exception, thrown by StringEncryptor if an error occurs We’ll look at the code for hashing first, followed by encryption 8213592a1 174 56a340854d18cee 576 03 419 Darie-Watson_4681C12.fm Page 420 Monday, September 12, 2005 6:50 AM 420 CHAPTER 12 ■ ADDING CUSTOMER ACCOUNTS Hashing Hashing, as has... be obtained that represents an object In practice, this means doing the following: 1 Serialize the object being hashed into a byte array 2 Hash the byte array, obtaining a new hashed byte array 3 Convert the hashed byte array into the format required for storage For passwords this is simple because converting a string (which is an array of characters) into a byte array is no problem Converting the... byte array into a string for database storage and quick comparison is also simple The actual method used to convert the source byte array into a hashed byte array can vary The System.Security.Cryptography namespace in NET contains several algorithms for hashing and allows you to provide your own if necessary, although we won’t go into details of this here The two main hashing algorithms found in the NET... September 19, 2005 10:02 AM CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS Adding Shopping Cart Recommendations The logic for showing shopping cart recommendations is very similar to what you did earlier, except now you need to take into account all products that exist in the shopping cart, instead of a single product Add the following procedure to your BalloonShop database: CREATE PROCEDURE GetShoppingCartRecommendations... StringEncryptor Class 1 Add a new class to the SecurityLib directory called StringEncryptorException with code as follows: using System; using System.Collections.Generic; using System.Text; namespace SecurityLib { public class StringEncryptorException : Exception { public StringEncryptorException(string message) : base(message) { } } } 2 Add another new class to the SecurityLib directory called StringEncryptor . September 20 , 20 05 4: 52 AM Darie-Watson_4681C 10. fm Page 400 Tuesday, September 20 , 20 05 4: 52 AM 401 ■ ■ ■ CHAPTER 11 Making Product Recommendations One of the most important advantages of an Internet. Page 415 Monday, September 19, 20 05 10: 02 AM Darie-Watson_4681C11.fm Page 416 Monday, September 19, 20 05 10: 02 AM 4 17 ■ ■ ■ CHAPTER 12 Adding Customer Accounts So far in this book, you’ve built a. 4 12 Monday, September 19, 20 05 10: 02 AM 821 3592a1 174 56a3 408 54d18cee 57 603 CHAPTER 11 ■ MAKING PRODUCT RECOMMENDATIONS 413 3. Write this code in the Source View window of the control, representing