LISTING 5.10 Display Links with Product IDs 1 <% 2 Set Con = Server.CreateObject( “ADODB.Connection” ) 3 Con.Open “accessDSN” 4 5 sqlString = “SELECT product_id, product_name FROM Products” 6 SET RS = Con.Execute( sqlString ) 7 WHILE NOT RS.EOF 8 %> 9 <a href=”updateProduct.asp?pid=<%=RS( “product_id” )%>”> 10 <%=RS( “product_name” )%> 11 </a> 12 <% 13 RS.MoveNext 14 WEND 15 %> This script displays the names of each product in the database as a hypertext link. Each link has a query string variable named pid that passes the product ID to the updateProduct.asp page. The query string variable is added to the hyperlinks in line 9. After the script in Listing 5.10 has been added to the manageproducts.asp page, the page displays all the existing products in the Products table (see Figure 5.7). To see the final version of the manageproducts.asp page, open the manageproducts.asp page from the CD that accompanies this book. 108 Day 5 INPUT ANALYSIS FIGURE 5.7 Final version of manageproducts.asp. 07 0672318989 ch05 3/29/00 4:02 PM Page 108 Building Your Product Catalog 109 5 Creating the updateProduct Form The updateProduct.asp page enables you to update the information for a particular product. When you click on the name of a particular product on the manageproduct.asp page, you are brought to this page (see Figure 5.8). F IGURE 5.8 The updateProduct.asp page. The updateProduct.asp page is similar to the addProduct.asp. It has an HTML form containing fields that correspond to the columns in the Products table. Unlike the addProduct.asp page, however, the form fields are automatically filled with the existing product information. The updateProduct.asp page is contained in Listing 5.11. (It’s also included on the CD that accompanies this book.) LISTING 5.11 The updateProduct.asp Page 1 <% 2 ‘ Get the Product ID 3 productID = Request( “pid” ) 4 5 ‘ Open the Database Connection 6 Set Con = Server.CreateObject( “ADODB.Connection” ) 7 Con.Open “accessDSN” 8 9 ‘ Open the Recordset INPUT continues 07 0672318989 ch05 3/29/00 4:02 PM Page 109 10 Set RS = Server.CreateObject( “ADODB.Recordset” ) 11 RS.ActiveConnection = Con 12 RS.CursorType = 3 13 RS.Open “SELECT * FROM Products WHERE product_id=” & productID 14 IF NOT RS.EOF THEN 15 productName = RS( “product_name” ) 16 productPrice = RS( “product_price” ) 17 productPicture = RS( “product_picture” ) 18 productCategory = RS( “product_category” ) 19 productBriefDesc = RS( “product_briefDesc” ) 20 productFullDesc = RS( “product_fullDesc” ) 21 productStatus = RS( “product_status” ) 22 END IF 23 ‘ Close the Recordset 24 RS.Close 25 26 FUNCTION SELECTED( firstVal, secondVal ) 27 IF cSTR( firstVal ) = cSTR( secondVAL ) THEN 28 SELECTED = “ SELECTED “ 29 END IF 30 END FUNCTION 31 32 %> 33 <html> 34 <head><title>Update Product </title></head> 35 <body bgcolor=”gray”> 36 37 <form method=”post” action=”manageproducts.asp”> 38 39 <center> 40 <table width=”600” border=1 bgcolor=”lightyellow” 41 cellpadding=”4” cellspacing=”0”> 42 <tr> 43 <td colspan=”2” bgcolor=”yellow”> 44 <font face=”Arial” size=”3”><b> 45 Update Product 46 </b></font> 47 </td> 48 </tr> 49 <tr> 50 <td> 51 <b> Product Name:</b> 52 </td> 53 <td> 54 <input name=”productName” 55 size=”50” maxlength=”50” 56 value=”<%=Server.HTMLEncode( productName )%>”> 57 </td> 58 </tr> 110 Day 5 LISTING 5.11 continued 07 0672318989 ch05 3/29/00 4:02 PM Page 110 Building Your Product Catalog 111 5 59 <tr> 60 <td> 61 <b>Product Price:</b> 62 </td> 63 <td> 64 <input name=”productPrice” size=”10” 65 value=”<%=productPrice%>”> 66 </td> 67 </tr> 68 <tr> 69 <td> 70 <b>Product Picture:</b> 71 </td> 72 <td> 73 <input name=”productPicture” 74 size=”50” maxlength=”50” 75 value=”<%=Server.HTMLEncode( productPicture )%>”> 76 </td> 77 </tr> 78 <tr> 79 <td> 80 <b>Product Category:</b> 81 </td> 82 <td> 83 <input name=”productCategory” 84 size=”50” maxlength=”50” 85 value=”<%=Server.HTMLEncode( productCategory )%>”> 86 </td> 87 </tr> 88 <tr> 89 <td> 90 <b>Product Brief Desc:</b> 91 </td> 92 <td> 93 <textarea name=”productBriefDesc” 94 cols=”50” rows=”2” 95 wrap=”virtual”><%=Server.HTMLEncode( productBriefDesc )%> 96 </textarea> 97 </td> 98 </tr> 99 <tr> 100 <td> 101 <b>Product Full Desc:</b> 102 </td> 103 <td> 104 <textarea name=”productFullDesc” 105 cols=”50” rows=”10” 106 wrap=”virtual”><%=Server.HTMLEncode( productFullDesc )%> 107 </textarea> 108 </td> continues 07 0672318989 ch05 3/29/00 4:02 PM Page 111 109 </tr> 110 <tr> 111 <td> 112 <b>Product Status:</b> 113 </td> 114 <td> 115 <select name=”productStatus”> 116 <option value=”0” <%=SELECTED( “0”, productStatus )%>>INACTIVE 117 <option value=”1” <%=SELECTED( “1”, productStatus )%>>ACTIVE 118 </select> 119 </td> 120 </tr> 121 <tr> 122 <td colspan=2 align=”right”> 123 <input type=”submit” value=”Update Product”> 124 </td> 125 </tr> 126 </table> 127 </center> 128 129 <input name=”productID” type=”hidden” value=”<%=productID%>”> 130 <input name=”updateProduct” type=”hidden” value=”1”> 131 </form> 132 133 </body> 134 </html> The product ID is grabbed from the query string variable in line 3. The script uses the product ID to show the information for the correct product in the form. In lines 6 and 7, a connection to the storeDB database is opened. In lines 10–24, the product information is retrieved from the Products table and assigned to local variables. The majority of Listing 5.11, lines 37–131, is used to display the HTML form. Each of the text form fields is given a default value by using the VALUE attribute of the <INPUT> tag. A Problem with HTML Forms and Quotation Marks In Listing 5.11, the text input fields are given default values by using the VALUE attribute of the <INPUT> tag. Each product variable is displayed as the value of this attribute. You should notice that each variable is HTML encoded with the HTMLEncode method of the Server object before being displayed. Why is this necessary? HTML uses quotation marks ( “) to mark the beginning and end of a string. If one of the product variables itself includes a quotation mark, it will not be properly displayed. For 112 Day 5 LISTING 5.11 continued ANALYSIS 07 0672318989 ch05 3/29/00 4:02 PM Page 112 Building Your Product Catalog 113 5 example, if the brief description of a product were Our customers are saying, “This is a great gift!”, the quotation marks that surround “This is a great gift!” would prematurely mark the end of the string. The HTMLEncode method of the Server object automatically replaces each quotation mark with the special HTML code &quot;. The special &quot; character correctly displays a quotation mark within an HTML document. Updating a Database Record The final step in creating our updateProduct.asp form is to modify the manageproducts.asp page so that it will update the information for a product in the database. When the updateProduct.asp page is submitted, the information is sent to the manageproducts.asp page. We need to add an additional section to this page to change the product information. Listing 5.12 contains the final version of the manageproducts.asp page. (The manageproducts.asp is also included on the CD that accompanies this book.) LISTING 5.12 Final Version of the manageproducts.asp Page <% 1 FUNCTION fixQuotes( theString ) 2 fixQuotes = REPLACE( theString, “‘“, “‘’” ) 3 END FUNCTION 4 5 ‘ Get the Form Variables 6 addProduct = TRIM( Request( “addProduct” ) ) 7 updateProduct = TRIM( Request( “updateProduct” ) ) 8 9 productID = TRIM( Request( “productID” ) ) 10 productName = TRIM( Request( “productName” ) ) 11 productPrice = TRIM( Request( “productPrice” ) ) 12 productPicture = TRIM( Request( “productPicture” ) ) 13 productCategory = TRIM( Request( “productCategory” ) ) 14 productBriefDesc = TRIM( Request( “productBriefDesc” ) ) 15 productFullDesc = TRIM( Request( “productFullDesc” ) ) 16 productStatus = TRIM( Request( “productStatus” ) ) 17 18 ‘ Assign Default Values 19 IF productName = “” THEN 20 productName = “?????” 21 END IF 22 IF productPrice = “” THEN INPUT continues 07 0672318989 ch05 3/29/00 4:02 PM Page 113 23 productPrice = 0 24 END IF 25 IF productPicture = “” THEN 26 productPicture = “?????” 27 END IF 28 IF productCategory = “” THEN 29 productCategory = “?????” 30 END IF 31 IF productBriefDesc = “” THEN 32 productBriefDesc = “?????” 33 END IF 34 IF productFullDesc = “” THEN 35 productFullDesc = “?????” 36 END IF 37 38 ‘ Open the Database Connection 39 Set Con = Server.CreateObject( “ADODB.Connection” ) 40 Con.Open “accessDSN” 41 %> 42 <html> 43 <head><title>Manage Products</title></head> 44 <body bgcolor=”gray”> 45 <% 46 ‘ Add New Product 47 IF addProduct <> “” THEN 48 49 sqlString = “INSERT INTO Products “ &_ 50 “( product_name, product_price, product_picture, “ &_ 51 “product_category, product_briefdesc, product_fulldesc, “ &_ 52 “product_status ) VALUES ( “ &_ 53 “ ‘“ & productName & “‘, “ &_ 54 cCUR( productPrice ) & “, “ &_ 55 “ ‘“ & productPicture & “‘, “ &_ 56 “ ‘“ & productCategory & “‘, “ &_ 57 “ ‘“ & productBriefDesc & “‘, “ &_ 58 “ ‘“ & productFullDesc & “‘, “ &_ 59 productStatus & “ )” 60 61 Con.Execute sqlString 62 63 %> 64 <center> 65 <table width=”600” cellpadding=”4” 66 cellspacing=”0” bgcolor=”lightyellow”> 67 <tr> 68 <td> 69 <%=productName%> was added to the database 70 </td> 71 </tr> 114 Day 5 LISTING 5.12 continued 07 0672318989 ch05 3/29/00 4:02 PM Page 114 Building Your Product Catalog 115 5 72 </table> 73 </center> 74 <p> 75 <% 76 END IF 77 78 ‘ Update Product 79 IF updateProduct <> “” THEN 80 81 sqlString = “UPDATE Products SET “ &_ 82 “product_name=’ “ & fixQuotes( productName ) & “‘,” &_ 83 “product_price=” & productPrice & “,” &_ 84 “product_picture=’” & fixQuotes( productPicture ) & “‘,” &_ 85 “product_category=’” & fixQuotes( productCategory ) & “‘,” &_ 86 “product_briefdesc=’” & fixQuotes( productBriefDesc ) & “‘,” &_ 87 “product_fulldesc=’” & fixQuotes( productFullDesc ) & “‘,” &_ 88 “product_status=” & productStatus & “ WHERE “ &_ 89 “product_id=” & productID 90 91 Con.Execute sqlString 92 93 %> 94 <center> 95 <table width=”600” cellpadding=”4” 96 cellspacing=”0” bgcolor=”lightyellow”> 97 <tr> 98 <td> 99 <%=productName%> was updated in the database 100 </td> 101 </tr> 102 </table> 103 </center> 104 <p> 105 <% 106 END IF 107 %> 108 109 <center> 110 <table width=”600” border=1 bgcolor=”lightyellow” 111 cellpadding=”4” cellspacing=”0”> 112 <tr> 113 <td colspan=”2” bgcolor=”yellow”> 114 <font face=”Arial” size=”3”><b> 115 Manage Products 116 </b></font> 117 </td> 118 </tr> 119 <tr> 120 <td align=”center”> 121 continues 07 0672318989 ch05 3/29/00 4:02 PM Page 115 122 <table border=”1” size=”400” cellpadding=”3” 123 cellspacing=0 bgcolor=”white”> 124 <% 125 sqlString = “SELECT product_id, product_name FROM Products “ &_ 126 “ORDER BY product_name” 127 SET RS = Con.Execute( sqlString ) 128 WHILE NOT RS.EOF 129 %> 130 <tr> 131 <td> 132 <a href=”updateproduct.asp?pid=<%=RS( “product_id”)%>”> 133 <%=RS( “product_name” )%></a> 134 </td> 135 </tr> 136 <% 137 RS.MoveNext 138 WEND 139 %> 140 </table> 141 </td> 142 </tr> 143 <tr> 144 <td> 145 <a href=”addProduct.asp”>Add Product</a> 146 </td> 147 </tr> 148 </table> 149 </center> 150 151 </body> 152 </html> Lines 78—107 contain the section of code that updates a product’s information in the database. The SQL UPDATE string is built in lines 81—89. Notice that the fixQuotes() function is used when building the SQL string to replace single quotes with double quotes. Next, the SQL string is executed in line 91. 116 Day 5 LISTING 5.12 continued ANALYSIS Notice that when you update product information, you need to use both the HTMLEncode() method, to fix potential problems with double quotes in HTML strings, and the fixQuotes() function, to handle potential problems with single quotes in the SQL UPDATE string. Using the HTMLEncode() method and the fixQuotes() function in sequence doesn’t create a problem. When the HTML form is submitted, the special &quot; character is automatically translated back into a normal quotation mark (“). Note 07 0672318989 ch05 3/29/00 4:02 PM Page 116 Building Your Product Catalog 117 5 After the product has been updated, a message appears confirming the product update. This message is displayed in lines 94–104. When a product is updated, the page in Figure 5.9 is displayed. F IGURE 5.9 Results of updating a product. Summary In this chapter, you were introduced to the methods of working with a Microsoft Access database in your ASP scripts. First, you learned how to create a new Microsoft Access database and open a connection to it using the ADO Connection object and a System DSN. Next, you learned how to add products to your online store with Active Server Pages by using the SQL INSERT INTO statement to add new rows to a database table. Finally, you created Active Server Pages that enable you to update existing product infor- mation by using the SQL UPDATE statement. In the course of this chapter, you also learned how to handle problems presented by both single and double quotation marks. Q&A Q When attempting to connect to a Microsoft Access Database within an ASP page, I receive the error “Data source name not found and no default driver specified.” What could cause this error? A You’ll receive this error when your DSN isn’t configured correctly. First, open the ODBC Data Sources applet from your computer’s Control Panel to check whether 07 0672318989 ch05 3/29/00 4:02 PM Page 117 [...]... sqlString 6 ‘ Get Current Category cat = RS( “product_category” ) %> Johnson’s Candies and Gifts continues 132 Day 6 LISTING 6.6 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 continued . value=”<%=productID%>”> 130 <input name=”updateProduct” type=”hidden” value=”1”> 131 </form> 132 133 </body> 134 </html> The product ID is grabbed from the query string variable in line 3. . wrong with the following SQL INSERT INTO statement? INSERT INTO Products ( product_name ) VALUES ( Holiday Gift Basket ) 3. Why do single quotation marks cause problems when inserting or updating. building the SQL string to replace single quotes with double quotes. Next, the SQL string is executed in line 91. 116 Day 5 LISTING 5.12 continued ANALYSIS Notice that when you update product information,