ADO.Net Use ADO.Net to Populate an ASP.net Website

Forum Moderators: open

Message Too Old, No Replies

ADO.Net Use ADO.Net to Populate an ASP.net Website

Example: <tr><td> request (ROW="SuperBowl" Column="TEAM1INFO") </td></tr>

lukioki

3:53 pm on Sep 1, 2005 (gmt 0)

I'm developing a large website that deals with various national sporting events. I us classic ASP now. I'm migrating to ASP.NET. Because many of my pages are similar and require regular updates on dates, pricing, and info I want them to pull data from an ACCESS database. I do not want to pull a Data Table. I want to request individual row-cell content and use that data to Fill a asp template. For example, <tr><td> request (ROW="SuperBowl" Column="TEAM1INFO") </td></tr>.

Thank you

TheNige

8:30 pm on Sep 1, 2005 (gmt 0)

Do some research on ASP.Net Repeaters, DataLists, etc.

lukioki

9:29 pm on Sep 1, 2005 (gmt 0)

Thank you TheNige-

Ok I was able to get the following example code to access the first record where "firstname=Joe" but if I input the second record where "firstname=Bob", the page fails to compile. How do I access any single record?

The Access table assigned to odbc_object looks like:
id Ś firstname Ś lastname
---------------------------
1 Ś Joe Ś Mills
2 Ś Bob Ś Johnston

<%
Dim rs
Set rs = Server.CreateObject ("ADODB.Recordset")
rs.Open "table1", "DSN=odbc_object"

If rs("firstname")="Joe" then
Response.Write "ID: " & rs("id") & "<br>"
Response.Write "First Name: " & rs("firstname") & "<br>"
Response.Write "Last Name: " & rs("lastname") & "<br>"
End If

rs.Close
Set rs = Nothing
%>

TheNige

8:16 pm on Sep 2, 2005 (gmt 0)

You should really look into the ADO.Net objects instead of using the ADODB.Recordset. Go to www.Asp.Net and look at the quick start tutorials.

You should also look at some SQL tutorials. If you only need one record from your database you would use a select statement like: "SELECT * FROM Table WHERE Name='Bob'"

This would then return just that row for you to work with. If you want your code to work as you posted using ADODB and no SQL query, you'd need to at least put the IF statement in some kind of loop and go through all of the records until you found firstname='Bob'

TheNige

8:25 pm on Sep 2, 2005 (gmt 0)

Oh yeah, and welcome to WebMasterWorld!

lukioki

8:59 pm on Sep 2, 2005 (gmt 0)

That was a helpful thread! The following Recordset.Open statement worked:

rs.Open "SELECT * FROM 05schedule WHERE team1=49ers", "DSN=football"

Thank you! There is something else though. Rather than WHERE team1=49ers I want to pass a variable to the statement like WHERE team1=Request("TEAMNAME"). This doesn't work though and declaring a variable first such as teamname=Request(TEAMNAME) to set team1 equal to doesn't work either. Any suggestions?

Ill look into ADO.Net, since Im familiar with classic ASP I thought this an easier route for starters. Thank you for the welcome!

TheNige

1:03 am on Sep 3, 2005 (gmt 0)

simply use concantenation:

rs.Open "SELECT * FROM 05schedule WHERE team1='" & Request("TeamName") & "'", "DSN=football"

Xoc

11:59 am on Sep 5, 2005 (gmt 0)

You must always be careful about using concatination to form SQL when the data comes from a web page. It can lead to SQL insertion attacks. What if the team name submitted to the web page was hacked to become

49ers' or 1=1 or team1='49ers

The query would return all the teams, not just the 49ers.

Now, in this case it may not be critical, but you should always be thinking about it. Parameterized queries avoids this problem.

lukioki

2:31 pm on Sep 6, 2005 (gmt 0)

The concatenation attack isn't a security issue for this particular project so I'll try it. Thank you for the heads up!