1

IntroducingDatabase Access

from Web Applications

by Sally Kyvernitis

2

Outline What are business applications? What makes web software different from client-

server software? How Visual Studio makes it easy for programmers –

reduces the complexity introduced by html and http. Programmers can pretend they are writing a client server application.

Review DB terminology, review SQL select statements

ADO .NET Data Providers, ADO classes

3

Outline (Continued) Read data from a database, display in label of webform. Use Parameterized SQL select statement (prevent SQL

injection attack). Use Like in SQL select statement (gives nice functionality). Move data read code to a Class. Use String Builder instead of string – more efficient for

appending. Build a html table to display data (not just text with

newlines). Format date and currency data for display. Create reusable methods to prevent null value exceptions

4

What are Business Applications?

Software that: Writes to and reads from databases. Generates and presents information extracted

from a database. Usually restricts access based on user logon

and authorization levels.

5

What makes Web Software different from Client-Server Software?

Uses HTML - a markup language that is primarily intended to describe layout, pictures, text, & links (not functionality or behavior).

HTML has no commands for accessing a database.

Initial web sites only displayed information and pictures. They did not provide much functionality other than that.

6

What’s makes Web Software different from Client-Server Software?

Web browsers and web servers use HTTP, a “stateless” (or “connectionless”) protocol in which: the client (browser) asks a web server for a page (the URL

in the browser’s address bar is the request),

the server gives the requested page (containing HTML markup)

back to the client and then forgets about the whole exchange.

Web applications are installed on a web server. Client PCs only need to have a browser installed in order to able to run any/all web applications.

Most web applications can be run from any computer that has internet access.

7

What’s makes Web Software different from Client-Server Software?

Client Server software can remember all user input (on the client PC) without difficulty, i.e., Client Server software is inherently “stateful”.

Client Server software is installed on the client PC (like MSWord or other applications that are installed on a PC).

In a Client Server application, the client PC usually must be inside (the “firewall”) of the company in order to be able to access company databases.

8

How can Business Applications be delivered through Web Software?

Even though HTTP is connectionless, web server software has been enhanced to keep session information about it’s users, e.g., the user’s login information, what users have done this session.

Even though HTML1 has no commands for accessing a database, web server software can read user’s input, access a database, and then (dynamically) create HTML that responds to the user’s input with data from the database.

The next slide shows which code runs where in a typical web application.

1: HTML is the web page markup language that is interpreted by browsers.

9

Typical Web Application System Architecture

Application Server:

Client PC:Browser runs HTML code

created by ASP .NET

Database Server:DBMS (database mgtsystem) is only way toaccess data, enforcesintegrity rules (e.g., PK

FK constraints).

SQL

database

Reads,Udpates

Results(e.g., data)

HTMLValues of postedForm elements

Presentation Layer(ASP .NET Web Forms):

Get user input, display results.

Business Objects(ASP .NET Classes):

Validate input, calculate results.Prepare/invoke SQL code.

Business Objects

10

Typical Web Application System Architecture

On the previous slide, the rightmost (purple) box represents the database server (e.g., a computer where oracle or sql server software is installed and where the database is stored). Only this computer accesses the database (e.g., reads and writes).

The (blue) box in the lower left represents an application server (and web server). This computer generally has web server software (e.g., IIS) and application server software (e.g., dot NET) installed. This computer accepts requests from browsers, accesses the database server (if necessary), then creates dynamic HTML in response to the browser’s request.

The database and application servers are located “inside the firewall” of a company where security is tight and computers can “trust” each other.

The client PC (yellow box, top left) only requests pages over the internet, receives HTML, and possibly posts values (e.g., user input) back to the web server.

11

Web App Software Architecture

Your web application code can get messy if HTML layout commands are heavily interspersed with database values.

This is why you want to keep your layout code (how

things look) separated from your business logic (the data being displayed).

Dot Net provides many features to help programmers separate layout code from business logic.

12

When does a web server senda page to a browser?

A web application server sends a page to a browser when the user requests a page (e.g., by typing a

URL into the browser) or when the user performs some action like clicking

on a button. The “new page” may look almost exactly like the old page, but perhaps it has an extra message somewhere on that page.

13

Web Controls versus Windows Controls

Examples of web controls are buttons, textboxes, and radio buttons.

In design mode, web programmers “put code under” web form buttons, very much like windows programmers put code under buttons in a client server application. However, web programmers avoid putting code anywhere other than button click events (for performance reasons, to avoid a slow round trip with the web server).

Also called ASP .NET server controls because they actually reside on the server (even though they look like the reside in the client’s browser). And they only run on the server “in between” pages.

14

What is ADO .NET?ADO.NET stands for ActiveX Data Objects. It consists of two

primary parts: Data Provider -- classes that provide access to a data source.

Each type of database (e.g., sql server, oracle) has its own set of providers, but they all provide similar functionality including: Connection object: connection to the database. Command object: such as select, insert, update, delete. DataReader object: holds result sets from select statements. DataAdapter object: A bridge used to transfer data between

a data source and a DataSet object (see below). DataSet – classes that represent a simple in-memory

relational database (e.g., tables, relationships, constraints). In these tutorials, we just use the Connection, Command, and

DataReader objects.

15

ADO .NET Data Providers.NET

SQL Serverdatabase

Your .NETApplication Code

Oracledatabase

DataSource

SQL Server.NET

provider

ODBC.NET

provider

Ole DB.NET

provider

Oracle.NET

provider

Ole DBprovider

ODBCdriver

16

ADO .NET Data Providers A data provider is a set of ADO .NET classes that let you

access (read from, write to) a specific database. ADO .NET version 1.1 comes with these providers: ODBC (Open DataBase Connectivity): accesses any data

source using db specific ODBC driver. OLE DB (Object Linking & Embedding-DataBase):

accesses any data source w/OLE DB driver, includes SQL Server earlier than v 7.0. This access method is a little more efficient than ODBC.

SQL Server: accesses SQL Svr DBs v 7.0 or later. This is the most efficient for SQL server databases.

Oracle: accesses Oracle DB (v 8i or later). This is the most efficient for oracle databases.

17

Selecting a Data Provider 1st choice is a data provider that is optimized for

your database. So, if your database is SQL server 7.0 or later, use SQL server data provider classes. If it’s Oracle 8i or later, use Oracle provider classes.

Otherwise, you must OLE DB or ODBC. For simplicity, we’ll use OLE DB with an

MSAccess database in this class (OLE DB is a little faster than ODBC).

18

Classes in the Ole Db Data Provider

OleDbConnection – manages a connection to a datasource (a particular database).

OleDbCommand – a specific SQL command to be executed.

OleDbDataReader – provides fast, read-only, forward-only access to query.

OleDbDataAdapter – connects to a datasource, runs an SQL command, and populates a DataSet (which can be modified then updated back to DB).

19

Using ADO

Connection

Command

DataReader(holds data

selected from DB)

Command.ExecuteReader()

Connection.Open()

String toID the DB

String with validSQL statement

inside

A string (identifying the database you wish to use) is input to the Connection constructor.

A string (a SQL database command) and an open connection are inputs to the Command constructor.

The Command.ExecuteReader method returns a DataReader object that holds the result set of the SQL select statement (that was passed to the Command object).

20

The “using” Statement To avoid writing really long class names like this: System.Data.OleDb.OleDbDataReader reader;

add a “using” statethis to the top of the class where you are coding:

using System.Data.OleDb;

The “using” statement (like the java import statement) enables you to write shorter class names like this: OleDbDataReader reader;

21

Sample Code – Database Read(without using Classes)

private void btnGetData_Click(object sender, System.EventArgs e) { this.lblDisplayData.Text = ""; // clear value if there is any string strCon = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\a\\payroll.mdb"; OleDbConnection con = new OleDbConnection(strCon); OleDbDataReader reader; try { string sql = "SELECT FirstName, LastName FROM emp"; OleDbCommand cmd = new OleDbCommand(sql, con); con.Open(); reader = cmd.ExecuteReader(); while (reader.Read()) { this.lblDisplayData.Text += reader.GetValue(0).ToString() + " "; this.lblDisplayData.Text += reader.GetValue(1).ToString() + "<br>"; } reader.Close(); con.Close(); } catch (Exception ex) { this.lblDisplayData.Text=ex.Message; con.Close(); }}

Must add this to the top of the webformor else this code won’t work:

using System.Data.OleDb;