SQL Server Database Access With IIS

8/4/2019 SQL Server Database Access With IIS

1/7

Feature - Tim Huckaby, Randy Bergeron

April 2001

SQL Server Database Access w ith IISUse ASP and ADO t o access your dat abase

Most Web applications built for the Internet or corporate intranets and extranets require a database for data storageand retrieval. Microsoft SQL Server is a fantastic database server for Web-based applications. However, IISadministrators might need an introduction to data access as it relates to pages that IIS serves.

Let's look at how to configure a Data Source Name (DSN) and use it with ActiveX Data Objects (ADO) to access adatabase from an Active Server Pages (ASP) file. To execute the tools, tips, code, and tricks that we show you, youneed access to SQL Server 2000 or SQL Server 7.0 and to an IIS 5.0 or IIS 4.0 Web server. (We used SQL Server 2000 andIIS 5.0.)

Using ADO to Access SQL Server Data Dynamically ADO is a powerful and easy-to-use object model that software developers can use to access data. ADO is the preferreddata access interface for using IIS and ASP to develop Web-based applications.You can use ADO to access many sources of data, not just SQL Server. Microsoft provides ADO as an interface layer toOLE DB and designed ADO to be sufficiently generic to accommodate any OLE DB providerSQL Server, MicrosoftExchange Server, Active Directory (AD), or another platform entirely. Data providers are components that representthese diverse data sources (e.g., SQL Server databases, indexed sequential files, spreadsheets, document stores, mailfiles). Providers use a common abstraction called a rowset to expose data uniformly. ADO is powerful and flexiblebecause it can connect to any of these data providers and still expose the same programming model, regardless of thespecific features of any given provider.

Creating a DSNDevelopers most commonly use ADO with a DSN in ASP files. A DSN is the logical name that ODBC uses to refer to therequired database information. IIS uses a DSN to connect to an ODBC data source, such as the PUBS SQL Serverdatabase. You must create a DSN on your IIS Web server machine that the ASP file we provide (GetTitles.asp) can useto access data from the PUBS database on your SQL Server machine (which will most likely be on a different machine).

To create a DSN that connects to your SQL Server PUBS database, in Windows NT, access the Control Panel ODBC DataSources applet; in Windows 2000, access the Control Panel Administrative Tools applet, then double-click Data Sources(odbc). You're going to create a system DSN, including the services (e.g., IIS) running as a part of the OS, that will beavailable to all users on the machine.

On the ODBC Data Source Administrator dialog box, click the System DSN tab, which Figure 1 shows, then click Add.To create a new data source, you must first identify the type of data to which you want to connect. In this case, it'sSQL Server, so scroll to the bottom of the driver list and select that option, as Figure 2 shows. Click Finish to proceedwith the New Data Source to SQL Server Wizard.

Now, name your DSN pubs. (Naming your DSN after the SQL Server database it's attaching to alleviates confusion on IISmachines that have numerous DSNs with connectivity to numerous SQL Server machines.) Next, add a description of thedata source. We chose the name System DSN for the PUBS database, as Figure 3 shows. Finally, chose the name of theSQL Server that you're attaching to. (You might have to type its name.) Click Next.

Now, you choose the authentication credentials for the system DSN that you're creating. The default choice, WithWindows NT authentication using the network login ID, uses the credentials of the currently authenticated user. Forthis example, let's select the With SQL Server authentication using a login ID and password entered by the user option,then type a valid SQL Server login ID and password that have sufficient privileges to read from the PUBS database, as


2/7

Figure 4, page 11, shows. For this example, we used the all-powerful sa account for the system DSN to authenticatewith.

Click Next. Select pubs from the Change the default database to drop-down list, as Figure 5 shows. (Notice that youalready have connectivity to the SQL Server database because the wizard has listed all the databases on the SQL Serveryou've attached to.) Leave the rest of the default choices, then click Next twice. A summary page like the one Figure 6shows will appear. Click Test Data Source to test connectivity to the SQL Server database.

Using Your System DSN with ASPYou've successfully created a system DSN that you can use in ASP files. Now, download GetTitles.asp and its .inc file,adovbs.inc, from the Code Library on the IIS Administrator Web site. Create a folder called IISAdministrator under\inetpub\wwwroot, and place GetTitles.asp and adovbs.inc in the folder. Because ASP dynamically generatesGetTitles.asp, IIS needs to process it and render it to the connecting browser.

You can use ADO with the VBScript language inside HTML with ASP scripting. For VBScript code to work in an HTML pageor in ASP scripting, you must insert the code within a pair of HTML tags or under a scripting section. A scripting sectionbegins with the notation. Place the VBScript code between these tags.

VBScript can't load ADO constants from the ADO type library; therefore, unless you include the ADO constantsdeclaration file in VBScript code, you must specify the literal values of ADO constants. Adovbs.inc, which Listing 1shows, contains all the ADO constant definitions. To use ADO objects in VBScript, you must first include adovbs.inc in

your script, then use the CreateObject method to create ADO objects. (Adovbs.inc resides in the \programfiles\common files\system\ado folder on your server, but you can also download it from the Code Library on the IISAdministrator Web site.)

After you've included adovbs.vbs, you can use ADO to retrieve records from the SQL Server database and persist theminto a recordset. In GetTitles.asp in Listing 2, you first instantiate an ADO connection object, which callout A in Listing2 shows, then open the connection with the DSN that you created earlier. By default, the IUSR account doesn't havepermission to access the SQL Server database. Therefore, you have to pass in the User ID (UID) and password in theopen string. If you want to use only the DSN with no UID and password in the open string, you need to grant eachaccount access in SQL Server to the PUBS database.

Now, look closely at the SQLQuery string, which callout B in Listing 2 shows, that we built in five statements. Whenyou've defined the SELECT statement, retrieving a record set from SQL Server to use in GetTitles.asp is as simple asusing the Execute method on the ADO Connection object.

Next, you must build an HTML table and display the field headers, then begin the iteration of the record set. The dowhile not loop at callout C in Listing 2 loops through the record set until no more records exist, then places the Title,Author's First Name, Author's Last Name, and Price records into the HTML table. Also, notice at callout D in Listing 2the syntax and method by which you display the data in the HTML table. RSTitleList("title") is the Title field in therecord set. To place this value in the table, you use the notation to place the value of the variable intothe HTML table. Therefore, placing between the tags places the title in the cellof the HTML table. Figure 7 shows the output from GetTitles.asp.

Just the Tip of the IcebergThis article has demonstrated how to use ADO with a DSN to use SQL Server data in your ASP files. Keep in mind thatwe discussed and used only a small part of the feature-rich functionality of ADO. In future articles, we'll show you how

IIS can leverage ADO to access other data sources, such as Exchange Server and AD. In addition, we'll show you how touse ADO without a DSN and explain why sometimes that option is better.

Tip:Click Client Configuration, and make sure that your DSN is using TCP/IP as the network library. TCP/IP provides areliable and fast access to SQL Server.

Note:Using an administrator account in the open string is bad practice because someone could read the source codeand gain access to the SQL Server machine. Instead, use an account that can only access the necessary tables andstored procedures in the specific database (in this case, PUBS).


3/7

Figure 1

Figure 2


4/7

Figure 3

Figure 4


5/7

Figure 5

Figure 6


6/7

Figure 7

Listing 1

Listing 1: Excerpt from adovbs.inc

'---- CursorTypeEnum Values ----

Const adOpenForwardOnly = 0

Const adOpenKeyset = 1

Const adOpenDynamic = 2Const adOpenStatic = 3

'---- CursorOptionEnum Values ----

Const adHoldRecords = &H00000100

Const adMovePrevious = &H00000200

Const adAddNew = &H01000400

Const adDelete = &H01000800

Const adUpdate = &H01008000

Const adBookmark = &H00002000

Const adApproxPosition = &H00004000

Const adUpdateBatch = &H00010000


7/7

Const adResync = &H00020000

Const adNotify = &H00040000

Const adFind = &H00080000

Const adSeek = &H00400000

Const adIndex = &H00800000

'---- LockTypeEnum Values ----

Const adLockReadOnly = 1

Const adLockPessimistic = 2

Const adLockOptimistic = 3

Const adLockBatchOptimistic = 4

'---- ExecuteOptionEnum Values ----

Const adAsyncExecute = &H00000010

Const adAsyncFetch = &H00000020

Const adAsyncFetchNonBlocking = &H00000040

Const adExecuteNoRecords = &H00000080

Const adExecuteStream = &H00000400

'---- ConnectOptionEnum Values ----

Const adAsyncConnect = &H00000010

'---- ObjectStateEnum Values ----Const adStateClosed = &H00000000

Const adStateOpen = &H00000001

Const adStateConnecting = &H00000002

Const adStateExecuting = &H00000004

Const adStateFetching = &H00000008

'---- CursorLocationEnum Values ----

Const adUseServer = 2

Const adUseClient = 3

'---- DataTypeEnum Values ----

Const adEmpty = 0

Const adTinyInt = 16

Const adSmallInt = 2

Const adInteger = 3

Const adBigInt = 20

Const adUnsignedTinyInt = 17

Const adUnsignedSmallInt = 18

Const adUnsignedInt = 19

Const adUnsignedBigInt = 21

Const adSingle = 4

Const adDouble = 5

Documents

SQL Server Database Access With IIS