For the purpose of demonstration, you will change the title of the Web page toNorthwind Employees and the title of the table to Employee Listing, then click Next.FIGURE 23.12 The Wizard
Trang 1CHAPTER 23 • THE WEB ASSISTANT WIZARD
FIGURE 23.11
The Web Assistant Wizard can help you format the Web page.
Trang 2For the purpose of demonstration, you will change the title of the Web page toNorthwind Employees and the title of the table to Employee Listing, then click Next.
FIGURE 23.12
The Wizard needs some information to help you format your
Web page.
Formatting the Table
The data from the tables in your database is displayed on the Web page as a table—atable that needs to be formatted Therefore, the next screen will allow you to changethe way the table looks on the Web page
The first choice you see at the top of the screen (as shown in Figure 23.13) askswhether the column names should be displayed at the top of the table All columnshave a name that is assigned when the table is designed; if you want that name to bedisplayed in the table on the Web page, select the Yes, Display Column Names option
If you do not want these to be displayed, select the No, Display Data Only option
PUBLISHING DATA WITH THE WEB ASSISTANT WIZARD
Development with S Q
P A R T
V
Trang 3CHAPTER 23 • THE WEB ASSISTANT WIZARD
872
The next choice to make on this screen is the style of font that you want to use todisplay the data in the table The four choices are listed with an example of what thetext will look like in the table
At the bottom of the screen, there is a checkbox that will turn on or off the borderlines around the table If border lines are on, the data in each cell of the table willhave a box around it; if border lines are off, there will be no box around the data cells
FIGURE 23.13
The table that is played on the page can be formatted to suit your needs.
dis-For this example, you will choose to display column names, leave the font as fixed,and leave the border-lines option checked, and then click Next
Linking to Other Sites
Usually, when you open a Web page, you see text that is a different color and lined When you move your mouse over this special text, the cursor changes, andwhen you click the text, you are transported to a different Web page This special text
under-is called a hyperlink, and on the screen that you see in Figure 23.14, you can add
hyperlinks to your page
If you select the first option on the page—No—you will not add any links to yourpage If you want to add a single link to the bottom of your page, enter the address ofthe page and a label for the page by selecting the Yes, Add One Hyperlink option andfilling in the data For example, if you want to add a hyperlink to your company’s main
Trang 4as the link and MyCompany Home Page as the label Doing so would create a link at
the bottom of the Web page labeled MyCompany Home Page that would take users to
www.mycompany.com
Just below that, there is a text box that will allow you to enter a Transact-SQLSELECT query to pull hyperlink information out of a SQL Server table The tableneeds to be created and populated in advance, but this option can come in veryhandy if you have a large number of links to add to the page or if your links arealways changing
FIGURE 23.14
Adding hyperlinks to your page can make other company sites easier to find.
If you’re following along, please select the option to add a single link, and enter
http://www.sybex.com in the Hyperlink URL textbox and Sybex Books in the
Hyperlink Label textbox, then click Next
Limiting the Rows Displayed
Even if you entered a WHERE clause (as seen in Figure 23.7 earlier in this chapter),you may still get too many rows For instance, if you work for a large company anddecide to display the records where the last name is Smith, you may see a large num-ber of records On the screen shown in Figure 23.15, you can limit the number ofrows displayed by SQL Server
PUBLISHING DATA WITH THE WEB ASSISTANT WIZARD
Development with S Q
P A R T
V
Trang 5CHAPTER 23 • THE WEB ASSISTANT WIZARD
874
The first option does just as it reads by displaying all the rows in the result set Ifyou want to limit the number of rows, you should select the second option, labeledYes, and then enter the number of records to be displayed on the Web page
Depending on the number of rows being displayed, you may want to split the dataacross several Web pages, because readers do not want to have to scroll through alarge number of records at once (and larger pages take longer to download) To splitthe data across several pages, simply select the option at the bottom of the page thatstates Yes, Link the Successive Pages Together and then enter the number of records to
be displayed on each page in the Limit Each Page to x Rows of Data textbox.
FIGURE 23.15
You may not need to display all rows of data, but if you do, you may want to split them across multiple Web pages.
In this example, you are going to leave the default of displaying all rows on a gle page and click Next
sin-The Final Page
On the final screen of the Web Assistant Wizard, you will see a list of all the choicesthat you have made throughout the course of this Wizard; read through each choiceand make sure it agrees with you At the bottom of that laundry list, there is a button(as seen in Figure 23.16) labeled Write Transact-SQL to File, which will take all of yourhard work, transform it into Transact-SQL code, and store it in a text file on your harddisk This file can then be opened in Query Analyzer (a tool for running Transact-SQL
Trang 6For this example, click the Write Transact-SQL to File button and save the text asnwind_emp.sql When that is done, click Finish to create the Web page
The Steps to Create the Northwind Employees Web Page
As promised, here are all of the steps used to create the Northwind Employees Webpage (just in case you wanted to wait until the end):
1 Open Enterprise Manager by selecting it from the SQL Server 2000 group under
Programs on the Start menu
2 From the Tools menu, select Wizards.
3 Expand Management and double-click the Web Assistant Wizard.
4 On the welcome screen, click Next.
5 Select Northwind as the database from which to publish.
6 Name the job Northwind Employees and select Data from the Tables and
Columns That I Select
7 Select Employees as the table from the drop-down list and click the Add All
but-ton to publish data from all columns, then click Next
PUBLISHING DATA WITH THE WEB ASSISTANT WIZARD
Development with S Q
P A R T
V
Trang 7CHAPTER 23 • THE WEB ASSISTANT WIZARD
876
8 Select the All of the Rows option to publish all rows of data and click Next.
9 Select the At Regularly Scheduled Intervals choice and click Next.
10 Change the schedule for the job to every 2 minutes and click Next.
11 Select the default directory to place the Web page in and click Next.
12 Select the Yes, Help Me Format the Web Page option and click Next.
13 On the next page, change the title of the Web page to Northwind Employees,
change the title of the table to Employee Listing, and click Next, leaving the rest
of the choices as the default settings
14 On the next page, instruct the Web Assistant Wizard to display the column
names and use a fixed font, then click Next
15 On the next page, add a single hyperlink to http://www.sybex.com labeled
Sybex Books and click Next
16 On the next screen, you will instruct SQL Server to display all of the rows from
the result set and leave them on the same page, then click Next
17 On the final screen, you will save all of the code to a text file by clicking the Write Transact-SQL to File button, then entering nwind_emp.sql as the file-
name and clicking Save
18 Finally, click Finish to create the Web Assistant Wizard job and Web page.
Now you are ready to verify that everything was done correctly and view yourWeb page
Viewing the Page
If you have followed along though this chapter, you should have a Web publishingjob ready to go at this point To verify this, you can do the following:
1 In Enterprise Manager (which should still be open), expand your server, then
Management
2 Under Management, select Web Publishing.
3 In the contents pane (on the right), double-click the Northwind Employees job.
4 On the Properties page, read the code to see exactly what SELECT statement is
used to generate the result set being displayed on your Web page
Trang 8Not only do you have an entry in the Web Publishing section of Management, youhave a new job scheduled Let’s view the job that the Web Assistant Wizard createdfor you:
1 In Enterprise Manager, expand the SQLServerAgent under Management and
select Jobs (if you are a master job server, as discussed in Chapter 17, you need
to select Local Jobs under Jobs)
2 In the contents pane, double-click the job named Northwind Employees.
3 Select the Steps tab and double-click step number 1 to view the code that creates
the Web page Notice that this is a special system stored procedure namedsp_runwebtask
PUBLISHING DATA WITH THE WEB ASSISTANT WIZARD
Development with S Q
P A R T
V
Trang 9CHAPTER 23 • THE WEB ASSISTANT WIZARD
878
4 Click Cancel and select the Schedules tab.
5 Double-click the schedule to see when the job will activate.
6 Click Cancel, then click Cancel again to return to Enterprise Manager.
TIP If you want to change how often the Web page is created, you may do so from theSchedules tab of the job that creates the Web page If you want to stop updating the Webpage, you can disable the job altogether by unchecking the Enabled checkbox on the Gen-eral tab of the job’s properties
Trang 10You probably want to see the fruits of your labors by viewing the Web page itself
Let’s do that now by opening it right from the directory it is stored in on your hard disk:
1 Click the Start button and select Run.
2 In the Open text box, type C:\Program Files\Microsoft SQL Server\
80\Tools\HTML\WebPage1.htm (if you have installed SQL Server to a
dif-ferent drive, please replace the C with your drive letter)
3 This will open your Web browser and display the Web page Notice the title bar
at the top, the table title just above the table, the boxes around the data (thetable border), and, at the bottom, the link to Sybex Books
4 At the top of the Web page, you will see a timestamp; wait for 2 minutes and
click the Refresh button on your browser—the timestamp should be updated,indicating that the job is running every 2 minutes just as instructed
5 Close your Web browser.
Armed with this knowledge, you are now able to publish your data on the Webquickly and easily
PUBLISHING DATA WITH THE WEB ASSISTANT WIZARD
Development with S QL Server
P A R T
V
Trang 11CHAPTER 23 • THE WEB ASSISTANT WIZARD
880
Summary
The Web Assistant Wizard is a simple Wizard, but is very useful, which is why we icated an entire chapter to its use The first topic we discussed was why you wouldeven want your data on the Web We gave some scenarios of a store catalog, a phonelist, and event schedules on the Web All of these scenarios definitely benefit frombeing on the Web, and there are many, many more scenarios that you will be able toadd to that list
ded-After discussing the need to put your data on the Web, we went through each andevery screen in the Web Assistant Wizard and discussed each one in detail, describingeach choice and when each option would be most helpful
The Web Assistant Wizard, useful as it is, is somewhat limited when you look at allthat you can do with SQL Server on the Web In the next chapter, we will look intosome more powerful methods of putting your data on the Web by integrating SQLServer 2000 with Internet Information Server
Trang 12CHAPTER 24
Integrating SQL Server with
Internet Information Server
F E A T U R I N G :
What Is Internet Information Server? 882
Active Server Pages 884
Remote Data Service 900
Returning Results as XML 910
Querying SQL Server through HTTP 912
Trang 13In the last chapter, you saw that the Web Assistant Wizard makes it easy to
gen-erate HTML pages from data stored in a SQL Server database However, the nections between SQL Server and the Internet go much deeper than justgenerating HTML pages In this chapter, we’ll explore some of the ways inwhich you can use SQL Server together with Microsoft’s Web server offering, InternetInformation Server You’ll learn about using ADO in Web pages, Remote Data Ser-vices, HTTP queries, and SQL Server’s new XML features Some of these featuresdepend on Microsoft Internet Information Server, and some do not, but they allrequire you to be running a Web server of one variety or another We’ll concentrate
con-on IIS because it’s closely integrated with Windows and should be available to mostSQL Server installations
What Is Internet Information Server?
Internet Information Server (IIS) is a Web server application In particular, it’s the Webserver application designed by Microsoft for high-volume use on Windows NT plat-
forms A Web server is a program that responds to requests from Internet or intranet
clients (typically Web browsers) by sending back files These files might be HTMLpages or other documents
When you type a URL into a Web browser, such as http://www.microsoft.com,
you’re telling your browser to send a Hypertext Transfer Protocol request to that address (that’s where the http prefix comes from) The server at that address (presumably IIS,
in the case of microsoft.com) looks at the request, decides which file it refers to, andsends the file back to the user
Originally, Web servers such as IIS could return only static pages containing mation placed there for users However, over time the job of Web servers has expanded
infor-to include dynamic content In particular, IIS offers several ways infor-to merge data fromSQL Server with a Web page In this chapter, we’ll cover three of those options:
• ADO code in Active Server Pages
• Remote Data Services
• XML data
Installing IIS
There are two versions of IIS that you’re likely to run across as you’re working withSQL Server 2000: IIS 4 and IIS 5
Trang 14IIS 4 is an optional program for Windows NT 4 It’s not included as a part of theWindows NT operating system To install IIS 4, you need to install the Windows NTOption Pack The Option Pack is available as part of MSDN or TechNet subscrip-tions, or you may download it from http://www.microsoft.com/NTServer/all/
downloads.asp Some other products, such as Microsoft Visual Studio, also shipwith copies of the Option Pack
With Windows 2000, Microsoft has made IIS part of the core operating system Ifyou install Windows 2000 Server or Advanced Server, you get the chance to includeIIS 5 as part of the installation
Although the interface for managing IIS differs slightly between IIS 4 and IIS 5,either version will work perfectly well with SQL Server 2000 You can use the tech-niques in this chapter with both versions of IIS
NOTE For details on managing and setting up IIS, refer to the Windows NT Option Pack
or Windows 2000 documentation
A Few Words about Security
There’s something about a Web server that’s irresistibly attractive to crackers, scriptkiddies, and other Internet lowlifes Over the past few years, unfortunately, there havebeen a number of fairly high-profile security holes found in Internet InformationServer Some of these have allowed outsiders to cause your server to crash just bysending particular HTTP requests to it Others have exposed sensitive data, bypassingSQL Server and IIS security entirely If you’re going to hook up your SQL Server via IIS
to the public Internet, you must be concerned with security, unless all of your data
should be open to everyone in the world
We’d like to offer complete instructions for securing your server to prevent sions and data loss However, this is a quickly changing area, and any advice we couldgive would be out of date by the time you read it Rather than provide you with afalse sense of security, we’ll suggest a few resources that you should use to keep upwith the ins and outs of Web security
intru-Your first line of defense is the Microsoft Security Advisor Web site at http://www.microsoft.com/security/default.asp Microsoft has been diligent about publiciz-ing security problems and providing patches to eliminate such problems Considervisiting this Web site on a weekly basis to check for new problems that affect yourinstallation You should also check out their Product Security Notification Service,which will send you e-mail when new problems are discovered
WHAT IS INTERNET INFORMATION SERVER?
Development with S QL Server
P A R T
V
Trang 15CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
884
If you’re running IIS 4, you should refer to the IIS 4 security checklist at http://www.microsoft.com/technet/security/iischk.asp This page covers all the steps neces-sary to make an IIS 4 installation as secure as possible, with links to relevant articles andrecommendations
If you’re running IIS 5, you should download the Windows 2000 Internet ServerSecurity Configuration Tool from http://www.microsoft.com/Downloads/Release.asp?ReleaseID=19889 This tool, released in March 2000, will help you develop andapply a security policy for Windows 2000–based Web servers
Finally, if you get seriously interested in this topic, or if you’re responsible for verysensitive data, we recommend subscribing to the NTBugTraq mailing list This is amoderated mailing list that’s independent of Microsoft, on which many developersand system administrators discuss all aspects of Windows NT security You can getsigned up or read the list archives at http://www.ntbugtraq.com/
Active Server Pages
The simplest way to display data from SQL Server on a Web page is to use an ActiveServer Page that makes use of ADO In this section, we’ll review the general design ofActive Server Pages (ASP pages) and then see how you can use them in conjunctionwith SQL Server and IIS to display SQL Server data in a Web page
NOTE Because ASP stands for Active Server Pages, it would make sense to speak of AS
pages as shorthand However, perhaps by analogy with HTML pages, nearly all developers
refer to ASP pages So don’t blame us if this doesn’t make any sense.
What Are Active Server Pages?
To understand Active Server Pages, let’s start with regular HTML (Hypertext MarkupLanguage) pages Here’s what a very simple HTML page looks like when opened in atext editor on the server:
Trang 16</TITLE>defines the title of the page <TITLE> and </TITLE> are examples of HTML
tags, instructions for display of content Note that each tag is matched by a
corre-sponding tag beginning with a / character to indicate the end of a particular ing directive Table 24.1 lists some common HTML tags
process-NOTE We won’t try to teach you all the ins and outs of HTML in this book Instead,we’ll show simple examples that make use of only a few HTML tags For an in-depth tutor-
ial on HTML, see Mastering HTML 4.0 (by Deborah S Ray and Eric J Ray, Sybex Inc 1997).
TABLE 24.1: COMMON HTML TAGS
<FORM>and </FORM> Data input form
<HEAD>and </HEAD> Header information
<HTML>and </HTML> HTML page
<H1>and </H1> Heading, size 1
<I>and </I> Italics
<P>and </P> Paragraph
<TABLE>and </TABLE> Table
<TD>and </TD> Table cell
ACTIVE SERVER PAGES
Development with S QL Server
P A R T
V
Trang 17CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
886
TABLE 24.1: COMMON HTML TAGS (CONTINUED)
<TR>and </TR> Table row
<TITLE>and </TITLE> Page title
<U>and </U> Underline
Suppose this file is saved on your Web server under the name HTMLExample.htm Inthis case, when a user browses to HTMLExample.htm, these steps take place:
1 The user’s browser sends a Hypertext Transfer Protocol (HTTP) request to the
Web server for the particular page
2 Internet Information Server locates the file and sends its contents back to the
browser
3 The browser interprets the HTML tags and displays the resulting text on-screen
Figure 24.1 shows the end result of this sequence Note that the address bar in thebrowser contains the HTTP request that was used to locate the page
FIGURE 24.1
HTML page in the browser
When working with HTML pages, IIS functions as a sort of file clerk Its job is just
to look at the incoming HTTP request, locate the appropriate file, and send the file
back to the browser HTML pages are static Web pages whose content is always the
same (at least until the developer edits the page)
Active Server Pages, by contrast, are dynamic Web pages The file that’s stored on
the server is not precisely the file that is sent out to the browser Instead, the file on
Trang 181 The user’s browser sends a Hypertext Transfer Protocol (HTTP) request to the
Web server for the particular page
2 Internet Information Server locates the file and notes that it’s an ASP page.
3 IIS creates an HTML file by combining the static text and tags on the page with
the results of the code on the page
4 IIS sends the resulting HTML file to the browser.
5 The browser interprets the HTML tags and displays the resulting text on-screen
The result of this sequence is shown in Figure 24.2
ACTIVE SERVER PAGES
Development with S QL Server
P A R T
V
Trang 19CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
As you can see, all of the programming content has been removed from the page
by IIS and replaced by its results
You’re not limited to VBScript in developing ASP pages IIS supports VBScript,JScript, Perl, and REXX programming languages For example, here’s the same ASPpage rewritten using JScript (the scripting variant of the Java programming language):
<HTML>
<HEAD>
Trang 20Creating ASP Pages with ADO
Of course, just running code in ASP pages on the server won’t deliver data to thebrowser You need to somehow tie the code from IIS to your SQL Server The easiestway to do this is to use ADO objects with your ASP pages You can use the Server.Cre-ateObject method in ASP code to create arbitrary objects, and IIS can then use thoseobjects
Displaying a Table
We’ll start with an extremely simple example This ASP page will display the contents
of two fields from the authors table in the pubs database:
ACTIVE SERVER PAGES
Development with S QL Server
P A R T
V
Trang 21CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
rstAuthors.CloseSet rstAuthors = NothingSet objConnection = Nothing
disen-After the recordset is open, the code uses a Do Until loop to walk through all therecords the recordset contains with the MoveNext method Within this loop, you’llfind a line with some syntax that’s new:
<%= rstAuthors(“au_id”) %> ➥
<%= rstAuthors(“au_lname”) %><BR>
The <%= fieldname %>syntax tells IIS to retrieve the current contents of the fied field and output it to the HTML at that point The portion of the line isHTML’s syntax for a nonbreaking space character So this line outputs the au_id fieldfollowed by a space followed by the au_lname field Because this line of code is insidethe loop, it does this once for each row in the recordset
Trang 22At the end of the code, IIS closes and cleans up the object variables that were used
to retrieve the data The result of opening this page in a browser is shown in Figure 24.3
FIGURE 24.3
Retrieving data with
ASP code
Putting Results in a Table
For a nicer presentation, you’ll probably want to display SQL Server data in HTMLtables You can easily accomplish this by inserting the markup tags for a table in thecorrect spots in the ASP code For example, this version of the authors example dis-plays the results in a table:
strConnection = “Provider=SQLOLEDB;Data Source=HENHOUSE;➥
Database=pubs;Integrated Security=SSPI”
ACTIVE SERVER PAGES
Development with S QL Server
P A R T
V
Trang 23CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
rstAuthors.CloseSet rstAuthors = NothingSet objConnection = Nothing
%></TABLE></P>
</BODY>
</HTML>
To create the table, this example adds the <TABLE> tag around all of the data, and
<TR>and <TD> tags to create the rows and cells of data Note that the column ings are outside of the loop that fetches data, because you want those headings to dis-play only once in the table Figure 24.4 shows the resulting page in a Web browser It’sthe same information that you saw in the previous example, but the additionalmarkup tags make it a bit easier to follow
Trang 24FIGURE 24.4
SQL Server data in an
HTML table
Retrieving Specific Results
You may also want to present a truly dynamic method of retrieving data based onuser input There are several ways to accomplish this with ADO and ASP pages We’lldemonstrate a technique using an HTML form to collect the data
HTML forms use special tags to define a data-entry section on a Web page Ourexample page uses these tags to define the form:
<FORM METHOD=”Get” ACTION=”DisplayAuthors3.asp”>
<INPUT TYPE=”Text” NAME=”State” VALUE=➥
ACTIVE SERVER PAGES
Development with S QL Server
P A R T
V
Trang 25CHAPTER 24 • INTEGRATING SQL SERVER WITH INTERNET INFORMATION SERVER
in the URL regardless of the new page loaded by the form
The VBScript code for retrieving records makes use of the Request object to build aWHERE clause from this same value:
strSQL = “SELECT au_id, au_lname, state FROM authors “strSQL = strSQL & “WHERE state =’” & Request.QueryString(“State”) & “‘ “strSQL = strSQL & “ORDER BY au_id”
Set rstAuthors = objConnection.Execute(strSQL)Thus, the information entered by the user is used to construct a SQL statementwith a WHERE clause derived from that information The result is a final page thatshows only the records in which the user is interested Figure 24.6 shows the pageafter the user has entered a value and clicked Find