locked
How to add an access database RRS feed

  • Question

  • User-610226815 posted

    Hi,

    I want to add an access database, and make connection with it and add, delete, select rows and etc.

     How I need todo this?

     

    Thanks in advance

     

     

    Friday, April 10, 2009 1:24 PM

Answers

  • User854688209 posted

    Hi Stijn,

    It's really good to know you are aware of SQL injection and i wud suggest to follow any of the link from the below two links to access MS Access using ASP.NET

    http://aspalliance.com/429

    http://www.aspfree.com/c/a/Microsoft-Access/Connecting-to-a-Microsoft-Access-database-with-ASPNET/

     

    Refer below link to avoid SQL Injection in MS Access:

    http://www.insomniasec.com/publications/Access-Through-Access.pdf

    http://www.xuexi123.net/chm/MS%20Access%20SQL%20Injection%20Cheat%20Sheet.htm

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 12, 2009 6:56 AM
  • User-1199946673 posted

    I was aware of SQL injection but don't know how to prevent it.

    It's often very hard to do SQL injections with Access because of syntax limitations, but why even think about it if there is a very simple and effective way to avoid them?

    So for the last time:

    Parameter Queries in ASP.NET with MS Access

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 12, 2009 8:29 AM

All replies

  • User1839833660 posted

     Try  this code then

    <body>
        <form id="form1" runat="server">
        <div>
            <asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataSourceID="AccessDataSource1" OnRowDataBound="GridView1_RowDataBound">
                <Columns>
                    <asp:BoundField DataField="Name" HeaderText="Name" SortExpression="Name" />
                    <asp:TemplateField HeaderText="Update" SortExpression="Update">
                    <ItemTemplate>
                    <asp:Label ID="lblUpdate" runat="server" BackColor="#cc9999" Text='<%#Eval("Update") %>'>
                    </asp:Label>
                    </ItemTemplate>
                    </asp:TemplateField>
                   
                </Columns>
           
           
            </asp:GridView>
            <asp:AccessDataSource ID="AccessDataSource1" runat="server" DataFile="~/App_Data/LabelTest.mdb"
                SelectCommand="SELECT [Name], [Update] FROM [Test]"></asp:AccessDataSource>
            <br />
            <br />
            <asp:Label ID="Label1" runat="server" Text="Label"></asp:Label>&nbsp;</div>
        </form>
    </body>

     

    protected void GridView1_RowDataBound(object sender, GridViewRowEventArgs e)
        {
            if (e.Row.RowType == DataControlRowType.DataRow)
            {
                Label lblTest = (Label)e.Row.FindControl("lblUpdate");
                DateTime dtDate = DateTime.Parse(lblTest.Text);
                Label1.Text = dtDate.ToString();
            }
        }

     

    Friday, April 10, 2009 2:05 PM
  • User-610226815 posted

    This I need todo when I click the submit button that the stuff the people filled it get stored in the database?

    Friday, April 10, 2009 2:32 PM
  • User854688209 posted

     Refer below links:

    http://www.codeproject.com/KB/applications/myaspnetguestbook.aspx

    http://aspalliance.com/429

    http://www.aspfree.com/c/a/Microsoft-Access/Connecting-to-a-Microsoft-Access-database-with-ASPNET/

     

    Friday, April 10, 2009 2:34 PM
  • User-1395461066 posted

     I explain in blog step by step

    check it 

    http://rezakawser.blogspot.com/2008/09/database-connection-ms-access-with.html

     

    Friday, April 10, 2009 3:03 PM
  • User-1199946673 posted

    I would recommend to start here

    Chapter 3 is dealing with Data Sources

    This is really not a good example, at one moment they start using ODBC, which is not recommended!

    Friday, April 10, 2009 9:31 PM
  • User-1199946673 posted

    Maybe you should read this!

    Friday, April 10, 2009 9:32 PM
  • User854688209 posted

    I would recommend to start here

    Chapter 3 is dealing with Data Sources

    This is really not a good example, at one moment they start using ODBC, which is not recommended!

     

     

     hans_v

    I hope you had gone through the other two links which i have provided, which is of codeproject and codesnippet before visiting the aspfree site. I had given all three links so that Stijn1 can choose as per his requirement. I know it is not recommended that's why i have provided it as a last link.

    If you didn't visited codeproject and codesnippet site and directly check aspfree site, i would request you to vist all the posted site.

    It would have been fair enough if you would have written the recommended site from the above three and not recommended site among the above three posted site by me.

     

    Friday, April 10, 2009 11:42 PM
  • User-1199946673 posted

     hans_v

    I hope you had gone through the other two links which i have provided, which is of codeproject and codesnippet before visiting the aspfree site. I had given all three links so that Stijn1 can choose as per his requirement. I know it is not recommended that's why i have provided it as a last link.

    If you didn't visited codeproject and codesnippet site and directly check aspfree site, i would request you to vist all the posted site.

    It would have been fair enough if you would have written the recommended site from the above three and not recommended site among the above three posted site by me.

    Yes I did! The reason I picked this one out is because it is using ODBC. How could a starter make a good decision if he/she isn't aware of good  practices? The other 2 links are just some small examples, and the first one isn't good practice also, since it is concatenating SQL strings, without any warning about the risks (SQL injection!). The input isn't validated whatsover! This is dicussed already many times, the better approach can be found here. And for more good examples on how to use access in an ASP.NET environment, read the other articles on the site of MikesDotNetting

    Saturday, April 11, 2009 8:50 AM
  • User854688209 posted

     





     I explain in blog step by step

    check it

    http://rezakawser.blogspot.com/2008/09/database-connection-ms-access-with.html

     



    Maybe you should read this!



     

    Look at the below code from your blog

    string strSave = "insert into Info_TBL Values(";
    strSave = strSave + "'" + txtName.Text + "'";
    strSave = strSave + ",'" + txtEmail.Text + "'";
    strSave = strSave + ",'" + txtPhone.Text + "'";
    strSave = strSave + ",'" + txtAdd.Text + "'";
    strSave = strSave + ",'" + txtJob.Text + "'";
    strSave = strSave + ",'" + txtComments.Text + "')";

    string strUpdate = "update Info_TBL set Email = '" + txtEmail.Text + "',Phone ='" + txtPhone.Text + " ',Address ='" + txtAdd.Text + "',Job ='" + txtJob.Text + "'where Name ='" + txtName.Text + "'";

    The above code doesn't have risk of SQL injection and it doesn't require any validation as it is in your blog and top of it string concatenation using string instead of StringBuilder.

     

     

     

     hans_v

    I hope you had gone through the other two links which i have provided, which is of codeproject and codesnippet before visiting the aspfree site. I had given all three links so that Stijn1 can choose as per his requirement. I know it is not recommended that's why i have provided it as a last link.

    If you didn't visited codeproject and codesnippet site and directly check aspfree site, i would request you to vist all the posted site.

    It would have been fair enough if you would have written the recommended site from the above three and not recommended site among the above three posted site by me.

    Yes I did! The reason I picked this one out is because it is using ODBC. How could a starter make a good decision if he/she isn't aware of good  practices? The other 2 links are just some small examples, and the first one isn't good practice also, since it is concatenating SQL strings, without any warning about the risks (SQL injection!). The input isn't validated whatsover! This is dicussed already many times, the better approach can be found here. And for more good examples on how to use access in an ASP.NET environment, read the other articles on the site of MikesDotNetting

     

    As you mentioned the first one is small example,for beginner small example always help to start with. And your lines "This is dicussed already many times, the better approach can be found here." here contains the url of codesnippet which i have posted. I would have appreciate if you have post something else rather than picking the url from my post.


    Saturday, April 11, 2009 1:15 PM
  • User-1199946673 posted

    I obviously had your link in my clipboard,This is the link I was refering to. And about the SQL injection issue, you're probably right that in this examples it's very hard to do any SQL injections, because the examples are an update and an insert query, and most of the times when using a subquery in update/insert queries you'll end up with a "Operation must use an updateable query" error, but according to the MSDN Access Subquery Techniques you can use subqueries as part of a SELECT, SELECT INTO, INSERT INTO, DELETE, or UPDATE statement.

    In general, this is good practice, If people start learning this in update and insert queries without telling them about the risks, I'm pretty sure that they would use the same approach with queries that are most likely be vulnarable to SQL injections.

    But we're going off topic now. I oly believe that people should be warnt about the risks of some examples. Furthermore, using parameters is not only safe, I think it will make the code more readable also, and you don't have to worry about single and double quotes, how to deal with dates etc....

    Saturday, April 11, 2009 4:39 PM
  • User-610226815 posted

    There is alot of argumenting.

    Can I ask which link I need to take, I was aware of SQL injection but don't know how to prevent it.

    I appreciate all the help :)

    Sunday, April 12, 2009 5:42 AM
  • User854688209 posted

    Hi Stijn,

    It's really good to know you are aware of SQL injection and i wud suggest to follow any of the link from the below two links to access MS Access using ASP.NET

    http://aspalliance.com/429

    http://www.aspfree.com/c/a/Microsoft-Access/Connecting-to-a-Microsoft-Access-database-with-ASPNET/

     

    Refer below link to avoid SQL Injection in MS Access:

    http://www.insomniasec.com/publications/Access-Through-Access.pdf

    http://www.xuexi123.net/chm/MS%20Access%20SQL%20Injection%20Cheat%20Sheet.htm

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 12, 2009 6:56 AM
  • User-1199946673 posted

    I was aware of SQL injection but don't know how to prevent it.

    It's often very hard to do SQL injections with Access because of syntax limitations, but why even think about it if there is a very simple and effective way to avoid them?

    So for the last time:

    Parameter Queries in ASP.NET with MS Access

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Sunday, April 12, 2009 8:29 AM