ASP Programming for the Absolute Beginner
.pdf
196
ASP Programming for the Absolute Beginner
Although it is possible to list each of these items statically within the HTML itself (in other words, to have this specific information contained directly within the HMTL), it is more practical and secure and, generally, better programming to read this information from a database. That way, if you want to update or change it later, all you have to worry about is changing the source of the information. All the Web pages that read or manipulate this information can stay intact.
Listing 9.5 is an example of how this information can be read directly from the database, with each of the items in the drop-down menu dynamically populated, based on that information.
Listing 9.5 |
Form.asp |
|
|
|
Y |
<html> |
|
|
|
|
|
|
|
|
L |
||
<head> |
|
|
|
||
|
|
|
|
|
|
<title>Dynamic Form Elements</title> |
|
|
|
||
</head> |
|
|
M |
|
|
%> |
|
|
|
||
<body> |
|
A |
|
|
|
<% |
|
|
|
|
|
Set Catalog=Server.CreateObject(" DODB.Recordset")F |
|||||
|
|
E |
|
|
|
Catalog.open "SELECT * FROM Catalog WHERE ID > 36 AND ID < 42", "DSN=Music" |
|||||
|
|
T |
|
|
|
<p>Please select one of the titles listed below, and then click the Submit button:</p>
<form method="POST" action=" itleChoice.asp">
<p><select size="1" name="Choice"> <%
DO WHILE not Catalog.EOF %>
<option value="<%=Catalog("ID")%>"><%=Catalog("Title")%></option> <%
Catalog.MoveNext
Loop
Catalog.Close
Set Catalog=Nothing %>
</select><input type="submit" value="Submit" name="B1"></p> </form>
</body>
</html>
When this code executes, the same result shown in Figure 9.3 is displayed in the Web browser: a drop-down menu presenting five options. However, note that in Listing 9.5, the drop-down menu and each of the five selections are dynamically read and defined in the following line:
<option value="<%=Catalog("ID")%>"><%=Catalog("Title")%></option>
Using ADO techniques you learned in Chapter 5, the ID and Title values are read from the Catalog query. Because you also are using a DO...WHILE loop (to loop through each of
Team-Fly®
FIGURE 9.5
Although the HTML sent to the browser appears the same, integrating the page with a database enables you to define and generate these form elements dynamically, as well as other material on your page.
the records returned from the SQL query), the five options are built on-the-fly, thus eliminating the need to hard-code (that is, include within the page itself) these values. If you look at the source code for this page after it loads within your Web browser, you can see that both the ID and Title values for each of the five records have been defined (see Figure 9.5).
Creating Dynamic Hyperlinks and QueryStrings
Aside from dynamically generating form elements via data queried from a database, it is also beneficial to use this on-the-fly HTML creation with hyperlinks and QueryStrings. In this section, I’ll show you how to do just that.
TRICK |
All the techniques described in this chapter are particularly useful when you are |
|
|
|
providing customized responses to user requests on your Web pages. For example, |
|
imagine that you own a small business and develop a Web site to market and sell |
|
your goods or services. Rather than present every user with your entire inventory, |
|
you offer a form where users can search through your catalog, based on specific |
|
criteria. Then you use this information to query your database and return only the |
|
items in which they are interested. This type of customized Web design is central to |
|
presenting the most functional and easiest-to-use Web site and also enables you to |
|
make efficient use of your databases (where most of your information is likely stored). |
Creating dynamic hyperlinks and QueryStrings works very much like the other dynamic content creation so far in this chapter. It’s a matter of integrating the VBScript that generates the dynamic content directly within your standard HTML. Whether this be within the tags for a table, form, or hyperlink, you should take advantage of this powerful technique to make your code simpler to understand and manage.
197
C h a p te r
9
F o r ma t t i n Pr g o c e s s O ed u t p ut
198 |
Take a look at Listing 9.6 for an example of how you can dynamically create hyperlinks |
|
based (again) on a database query. |
ASP Programming for the Absolute Beginner
Listing 9.6 Hyperlink.asp
<html>
<head>
<title>Dynamically created hyperlinks and querystrings</title> </head>
<body>
<%
Set Catalog=Server.CreateObject("ADODB.Recordset")
Catalog.open "SELECT * FROM Catalog WHERE ID=72", "DSN=Music"
LinkName=Catalog("Title")&".html"
%>
<a href="<%=LinkName%>">Click here to view more information about <%=Catalog("Title")%> by <%=Catalog("Artist")%></a>
</body>
</html>
When this code is executed within a Web browser, it looks like Figure 9.6.
In Figure 9.6, within the status bar, note that the URL for this hyperlink is the name of the particular CD (in this case, Songs in the Key of Life) followed by the .html extension. This hyperlink was defined within the following line:
LinkName=Catalog("Title")&".html"
The variable LinkName is defined and given the value of the Title field as returned from the Catalog query, plus the .html extension. Again, this type of dynamic creation of
FIGURE 9.6
You can dynamically
create hyperlinks
just as you can
other database-
driven information.
information is far more efficient and practical and (ultimately) easier to manipulate than static or hard-coded information.
You can do similar things with QueryStrings as well. Consider the simple form in Listing 9.7, which asks users to enter their last name so that their records can be obtained from a database.
TRAP
Be cautious when assigning values to QueryStrings because some browsers can’t handle the spaces that are often present in many values. For example, if you had the following QueryString URL:
http://www.someplace.com/Name=Susan Jones
the space between Susan and Jones might cause problems when some browsers attempt to read this value.
You also should be cautious in transferring potentially sensitive information via a QueryString. Consider the following example:
http://www.someplace.com/Name=Jones?Password=hjdk12
This is an exaggerated example, but you can see how this method of passing information can, in some cases, be an insecure method.
Listing 9.7 Working with QueryStrings
<html>
<head>
<title>Dynamic Querystring Creation</title> </head>
<body>
<form method="POST" action="InfoRetrieve.asp">
<p>Please enter your last name so that we can retrieve your information from our database:<input type="text" name="Name" size="20"></p>
<p><input type="submit" value="Submit" name="B2"></p> </form>
</body>
</html>
This code, when executed, looks like Figure 9.7.
Imagine that on the InfoRetrieve.asp page (the page to which this form points—check the action attribute of the form element in Listing 9.7), the information entered by the user is used to search the database. From that search, the following information is returned:
•The individual’s first name (Robert)
•The individual’s age (41)
•The individual’s employer (ABC Company)
Now imagine that you want to pass on these three pieces of information to another page. Say, for example, that this page is named InfoRetrieve2.asp. On this page, additional information from the individual’s file will be pulled, based on these three pieces
199
C h a p te r
9
F o r ma t t i n Pr g o c e s s O ed u t p ut
200
ASP Programming for the Absolute Beginner
FIGURE 9.7
A simple form
prompting the user
to enter his or her
last name.
of information . You can add these three pieces of information to the URL of the page used to call the InfoRetrieve2.asp page, by dynamically assigning the QueryString values, as shown in Listing 9.8.
HINT |
For this example, I’m pretending that a SQL query has been made to a fictional |
|
|
|
database that stores the information being placed into the QueryString. For illus- |
|
tration purposes, I have not written this query. In a typical page, though, this ac- |
|
tion would occur. |
Listing 9.8 QueryString.asp
<html>
<head>
<title>Dynamic Querystring Creation</title> </head>
<body>
<%
FirstName="Robert"
LastName="Garfield"
Age="41"
Employer="ABC"
%>
Thank you for the information. Based on what you have provided, we can continue to retrieve the rest of your file.
<hr>
<form method="post" action="InfoRetrieve2.asp?FirstName=<%=FirstName%> &LastName=<%=LastName%>&Age=<%=Age%>&Employer=<%=Employer%>">
<input type="submit" value="Click here to continue to retrieve your file">
</form>
</body>
</html>
When the source code for this page is viewed within a Web browser, it looks like Figure 9.8.
As you can see in Figure 9.8, the first name, last name, age, and company values are tacked on to the URL of the form-processing page. Once there, these values can be retrieved from the QueryString and used for whatever data manipulation purposes are necessary in that page.
TRICK |
Remember from previous discussions that you can retrieve QueryString values us- |
|
|
|
ing the Request.Querystring method. For example, if the URL had a value of |
|
somepage.asp?FirstName=John&LastName=Gosney, you could retrieve the values John and |
|
Gosney by using the following code: |
|
FirstName=Request.Querystring("FirstName") |
|
LastName=Request.Querystring("LastName") |
TRAP |
You should avoid relying too heavily on the use of the QueryString because you can |
|
|
|
potentially expose sensitive information to visitors of your Web site. For example, |
|
consider the following URL and QueryString: |
|
somepage.asp?Salary=38000&Probation=Yes |
|
Depending on the sensitivity of the information (in this case, salary level and whether |
|
the individual has been on probation), you might not want to make it readily visible. |
|
This is the major drawback of QueryStrings because they are not a particularly good |
|
method of keeping private information, well, private! Therefore, use with caution. |
201
C h a p te r
9
F o r ma t t i n Pr g o c e s s O ed u t p ut
FIGURE 9.8
You can dynamically assign QueryString values so that information can be easily passed from one page to another.
202
ASP Programming for the Absolute Beginner
Another Look—ASP MadLibs
Now that you are aware of ways to generate and manipulate information dynamically within your ASP pages, you will review the game you created in Chapter 3, “Working with ASP Objects”—ASP MadLibs. You will see how it can be updated and revised to take advantage of techniques presented in this chapter.
As you recall, the game consists of two pages: MadLibHome.asp and MadLibProcess.asp. Figures 9.9 and 9.10, respectively, illustrate these two pages.
FIGURE 9.9
The opening page of the ASP MadLibs game asking you to provide the required words.
FIGURE 9.10
The MadLib is
completed, based
on the information
you provided.
So that you can review the code, Listing 9.9 presents the MadLibHome.asp page.
Listing 9.9 MadLibHome.asp
<html>
<head>
<title>Welcome to ASP MadLibs!</title> </head>
<body>
<p><font face="Century Gothic" size="5"><i>It's Time to Play...</i></font></p> <p align="center"><font face="Comic Sans MS" color="#FF0000" size="6">ASP MadLibs!</font></p>
<hr>
<p align="left"><font face="Century Gothic">Please enter the requested type of word for each space below:</font></p>
<form method="POST" action="MadLibProcess.asp"> <p>
<table border="1" width="100%" height="139"> <tr>
<td width="25%" align="center" height="23"><input type="text" name="Word1" size="15" value="(A Name)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word2" size="15" value="(Adjective)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word3" size="15" value="(Noun)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word4" size="15" value="(Adjective)"></td>
</tr>
<tr>
<td width="25%" align="center" height="23"><input type="text" name="Word5" size="15" value="(Verb-Past)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word6" size="15" value="(Noun)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word7" size="15" value="(Adjective)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word8" size="15" value="(Verb)"></td>
</tr>
<tr>
<td width="25%" align="center" height="23"><input type="text" name="Word9" size="15" value="(Body Part)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word10" size="15" value="(Adjective)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word11" size="15" value="(Clothing Piece)"></td>
203
C h a p te r
9
F o r ma t t i n Pr g o c e s s O ed u t p ut
204
ASP Programming for the Absolute Beginner
<td width="25%" align="center" height="23"><input type="text" name="Word12" size="15" value="(Noun)"></td>
</tr>
<tr>
<td width="25%" align="center" height="23"><input type="text" name="Word13" size="15" value="(Noun)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word14" size="15" value="(Verb-Past)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word15" size="15" value="(Adjective)"></td>
<td width="25%" align="center" height="23"><input type="text" name="Word16" size="15" value="(Adjective)"></td>
</tr>
<tr>
<td width="25%" align="center" height="17"><input type="text" name="Word17" size="15" value="(Clothing Piece)"></td>
<td width="25%" align="center" height="17"><input type="text" name="Word18" size="15" value="(Body Part)"></td>
<td width="25%" align="center" height="17"><input type="text" name="Word19" size="15" value="(Place)"></td>
<td width="25%" align="center" height="17"><input type="text" name="Word20" size="15" value="(Body Part)"></td>
</tr>
</table>
<hr>
<p align="center"><input type="submit" value="Create My ASP MadLib Now!" name="B1"></p>
</form>
</body>
</html>
Also, Listing 9.10 presents the MadLibProcess.asp page code.
Listing 9.10 MadLibProcess.asp
<html>
<head>
<title>Here's Your ASP MadLib!</title> </head>
<body>
<p><font face="Century Gothic" size="5"><i>Thank you! And now, here is
your </i></font></p>
<p align="center"><font face="Comic Sans MS" color="#FF0000" size="6">ASP MadLib!</font></p>
<hr>
<p align="left"><font face="Comic Sans MS" size="3">Dear <font color="#FF0000"><%=Request.Form("Word1")%> ,</font></p>
<p align="left"><font face="Comic Sans MS" size="3">I am having the most interesting vacation. I've seen so many strange things.
Upon my arrival at the airport, a <font color="#FF0000"> <%=Request.Form("Word2")%></font>
man and I
mixed up our luggage. At the hotel, I opened his suitcase to find three <font color="#FF0000"><%=Request.Form("Word3")%>s</font>
and a <font color="#FF0000"><%=Request.Form("Word4")%></font> toothbrush. I nearly
<font color="#FF0000"><%=Request.Form("Word5")%></font> out of there when I discovered a
<font color="#FF0000"><%=Request.Form("Word6")%></font> wrapped in tissue paper. I took the
<font color="#FF0000"><%=Request.Form("Word7")%></font> man's luggage down to the hotel clerk. The clerk began to
<font color="#FF0000"><%=Request.Form("Word8")%></font> when I told him about the mix-up. He pointed his
<font color="#FF0000"><%=Request.Form("Word9")%></font> at a <font color="#FF0000"><%=Request.Form("Word10")%></font>
man standing in the
lobby, wearing my <font color="#FF0000"><%=Request.Form("Word11")%></font> on his head!</font></p>
<p align="left"><font face="Comic Sans MS" size="3">After straightening out the luggage mix-up, I decided to do some sight-seeing. I hardly had made it out of the hotel when I immediately noticed the sky darkening, and it began to rain <font color="#FF0000"><%=Request.Form("Word12")%>s</font>.
I ran for cover into the closest <font color="#FF0000"> <%=Request.Form("Word13")%></font>
I could
find, but I <font color="#FF0000"><%=Request.Form("Word14")%></font> into an <font color="#FF0000"><%=Request.Form("Word15")%></font>
group of school children. They began laughing and pointing at me. </font></p>
<p align="left"><font face="Comic Sans MS" size="3">I checked my reflection in a storefront window, only to discover I had the <font color="#FF0000"> <%=Request.Form("Word16")%></font>
man's <font color="#FF0000"><%=Request.Form("Word17")%></font> hanging from my <font color="#FF0000"><%=Request.Form("Word18")%></font>! Wow! I've only been
205
C h a p te r
9
F o r ma t t i n Pr g o c e s s O ed u t p ut