Using an Updategram in a Sample ASP Application (SQLXML 4.0)
This Active Server Pages (ASP) application allows you to update customer information in the Person.Contact table in the AdventureWorks sample database in Microsoft SQL Server 2005. The application does the following:
- Asks the user to enter a contact ID.
- Uses this customer ID value to execute a template to retrieve contact information from the Person.Contact table.
- Displays this information by using an HTML form.
The user can then update contact information but not the contact ID (because the ContactID is the primary key). After the user submits the information, an updategram is executed and all the form parameters are passed to the updategram.
The following template is the first template (GetContact.xml). Save this template in the directory that is associated with the virtual name of template type.
<root xmlns:sql="urn:schemas-microsoft-com:xml-sql">
<sql:header>
<sql:param name="cid"></sql:param>
</sql:header>
<sql:query>
SELECT *
FROM Person.Contact
WHERE ContactID=@cid
FOR XML AUTO
</sql:query>
</root>
The following template is the second template (UpdateContact.xml). Save this template in the directory that is associated with the virtual name of template type.
<ROOT xmlns:updg="urn:schemas-microsoft-com:xml-updategram">
<updg:header>
<updg:param name="cid"/>
<updg:param name="title" />
<updg:param name="firstname" />
<updg:param name="lastname" />
<updg:param name="emailaddress" />
<updg:param name="phone" />
</updg:header>
<updg:sync >
<updg:before>
<Person.Contact ContactID="$cid" />
</updg:before>
<updg:after>
<Person.Contact ContactID="$cid"
Title="$title"
FirstName="$firstname"
LastName="$lastname"
EmailAddress="$emailaddress"
Phone="$phone"/>
</updg:after>
</updg:sync>
</ROOT>
The following code is the ASP application (SampleASP.asp). Save it in the directory that is associated with a virtual root that you create by using the Internet Services Manager utility. (This virtual root is not created by using the IIS Virtual Directory Management for SQL Server utility because IIS Virtual Directory Management for SQL Server cannot access or identify ASP applications.).
Note
In the code, you must replace "ServerName" with the name of the server running Microsoft Internet Information Services (IIS).
<% LANGUAGE=VBSCRIPT %>
<%
Dim ContactID
ContactID=Request.Form("cid")
%>
<html>
<body>
<%
'If a ContactID value is not yet provided, display this form.
if ContactID="" then
%>
<!-- If the ContactID has not been specified, display the form that allows users to enter an ID. -->
<form action="AdventureWorksContacts.asp" method="POST">
<br>
Enter ContactID: <input type=text name="cid"><br>
<input type=submit value="Submit this ID" ><br><br>
<-- Otherwise, if a ContactID is entered, display the second part of the form where the user can change customer information. -->
<%
else
%>
<form name="Contacts" action="https://localhost/AdventureWorks/Template/UpdateContact.xml" method="POST">
You may update customer information below.<br><br>
<!-- A comment goes here to separate the parts of the application or page. -->
<br>
<%
' Load the document in the parser and extract the values to populate the form.
Set objXML=Server.CreateObject("MSXML2.DomDocument")
ObjXML.setProperty "ServerHTTPRequest", TRUE
objXML.async=False
objXML.Load("https://localhost/AdventureWorks/Template/GetContact.xml?cid=" & ContactID)
set objCustomer=objXML.documentElement.childNodes.Item(0)
' In retrieving data from the database, if a value in the column is NULL there
' is no attribute for the corresponding element. In this case,
' skip the error generation and go to the next attribute.
On Error Resume Next
Response.Write "Contact ID: <input type=text readonly=true style='background-color:silver' name=cid value="""
Response.Write objCustomer.attributes(0).value
Response.Write """><br><br>"
Response.Write "Title: <input type=text name=title value="""
Response.Write objCustomer.attributes(1).value
Response.Write """><br><br>"
Response.Write "First Name: <input type=text name=firstname value="""
Response.Write objCustomer.attributes(2).value
Response.Write """><br>"
Response.Write "Last Name: <input type=text name=lastname value="""
Response.Write objCustomer.attributes(3).value
Response.Write """><br><br>"
Response.Write "Email Address: <input type=text name=emailaddress value="""
Response.Write objCustomer.attributes(4).value
Response.Write """><br><br>"
Response.Write "Phone: <input type=text name=phone value="""
Response.Write objCustomer.attributes(9).value
Response.Write """><br><br>"
set objCustomer=Nothing
Set objXML=Nothing
%>
<input type="submit" value="Submit this change" ><br><br>
<input type=hidden name="contenttype" value="text/xml">
<input type=hidden name="eeid" value="<%=ContactID%>"><br><br>
<% end if %>
</form>
</body>
</html>
See Also
Reference
Updategram Security Considerations (SQLXML 4.0)