Create a new folder on your Web server and name it ch13.

Copy all the files and folders from the ch12 folder into the ch13 folder.

If you think some of the files in your ch12 folder might not be working properly, copy all the files and folders from the ch12 folder you installed from the companion CD.

Mark the ch13 folder as an IIS application. If you need instructions, refer to Chapter 2.

Create a new, empty Web page containing the usual structural tags. Apply any overall page formatting you want. Add an @ Page directive like the following as the first line in the file:

<%@ Page Language="VB" Debug="true" Explicit="true" %>

To display the standard page heading, add the @ Register directive as the second line in the page:

<%@ Register TagPrefix="webdbpgm" TagName="banner"
             src="../banner.ascx" %>
<html>

Then add the statement in blue to the <body> section:

<body>
<webdbpgm:banner id="banner" runat="server" />
</body>

After the page banner and before the end of the <body> section, add a Web form. Because this form will contain a file upload control, be sure to specify enctype="multipart/form-data" in the <form> tag. The <body> section should now look like this:

<body>
<webdbpgm:banner id="banner" runat="server" />
<form enctype="multipart/form-data" runat="server">
<!-- Form layout will go here -->
</form>
</body>

Recall that method="POST" is the default for ASP.NET Web forms.

Replace the comment in the previous step with a five-column, two-row HTML table. Use <th> and </th> cells in the first row and insert the titles ID, Headline, Picture File, Thumbnail, and New Picture.

Add the following controls respectively to columns 1 through 4 of row 2. Note that the <img> tag in column 4 is initially invisible, because it has an empty src attribute. If it turns out that a picture is available, code elsewhere in the page will provide a src value and set the Visible attribute to True.

<asp:Literal id="litCurAdId" runat="server" />
<asp:Literal id="litCurHeadline" runat="server" />
<asp:Literal id="litCurPicname" runat="server" />
<img src id="imgThumb" Visible="False" runat="server" />

In row 2, column 5 of the table you created in step 3, create another HTML table having one column and two rows. Name this table tblUpload and make it initially invisible. In the upper cell, add an HtmlInputFile control named fupUpload. This is the single tag that appears in blue in the following code. In the lower cell, add the Upload File button and the two Label controls shown below in blue. Note that clicking the Upload File button fires an event handler named btnUpload_Click.

<table id="tblUpload" visible="false"
         border="0" cellspacing="1" runat="server">
  <tr>
    <td><input id="fupUpload" type="file"
         size="30" runat="server"></td>
  </tr>
  <tr>
    <td>
    <asp:button id="btnUpload" Text="Upload File"
         OnClick="btnUpload_Click" runat="server" />
    <asp:Label class="err" id="lblError"
         EnableViewState="false" runat="server" />
    <asp:Label class="msg" id="lblOkMsg"
         EnableViewState="false" runat="server" />
    </td>
  </tr>
</table>

After the </form> tag you entered in step 2, create an HTML table with one column and two rows. Name the table tblResults, make it initially invisible, and center it on the page. Specify alignments of top and center for both table cells. This requires the code shown here in blue:

</form>
<table id="tblResults" visible="false" align="center"
       runat="server">
  <tr>
    <td valign="top" align="center"></td>
  </tr>
  <tr>
    <td valign="top" align="center"></td>
  </tr>
</table>
</body>

Create a four-column, two-row table inside the first table cell you created in the previous step. Use <th> and </th> cells in the first row, and insert the titles Picture Type, Width, Height, and Bytes.

Within the table you just created, add the following controls, respectively, to columns 1 through 4 of row 2:

<asp:literal id="litPropsType" EnableViewState="false"
             runat="server" />
<asp:literal id="litPropsWidth" EnableViewState="false"
             runat="server" />
<asp:literal id="litPropsHeight" EnableViewState="false"
             runat="server" />
<asp:literal id="litPropsBytes" EnableViewState="false"
             runat="server" />

In the lower table cell you created in step 6, add an <img> control named imgFull. Don’t bother specifying an src value for now; later code will supply this.

<img src id="imgFull" EnableViewState="false"
     runat="server" />

Save the page in the reg subfolder of your application (for example, in the ch13/reg subfolder).

Open the ad-pic.aspx page from the location where you saved it in step 11 of the previous procedure.

Add the declarations shown here in blue just before the existing <html> tag:

<%@ Import Namespace="System.Data" %>
<%@ Import NameSpace="System.Data.OleDb" %>
<%@ Import Namespace="System.Drawing" %>
<%@ Import Namespace="System.Drawing.Imaging" %>
<%@ Import Namespace="System.IO" %>
<html>

The first two declarations are for accessing a non–SQL Server database. The third and fourth are for accessing graphics functions, and the last is for file manipulation.

Follow the code you just entered with a code declaration block that contains the following subroutines: Page_Init, Page_Load, btnUpload_Click, and Page_PreRender. Here’s the required code:

<script runat="server">
Sub Page_Init(sender As Object, e As EventArgs)
End Sub
Sub Page_Load(sender As Object, e As EventArgs)
End Sub
Sub btnUpload_Click(sender As Object, e As EventArgs)
End Sub
Sub Page_PreRender(sender As Object, e As EventArgs)
End Sub
</script>

Immediately after the <script runat="server"> tag you just added, declare an OleDbConnection variable named conClasf and two constants named THUMB_PFX and PICTURE_PFX. This requires the new code shown in blue:

<script runat="server">
Dim conClasf As OleDbConnection
Const THUMB_PFX = "../picture.aspx?size=75&url=pix/"
Const PICTURE_PFX = "../pix/"
Sub Page_Init(sender As Object, e As EventArgs)

The THUMB_PFX constant provides a URL prefix for displaying a thumbnail of a picture in the application’s pix folder. Note that the path to the picture.aspx page must be relative to the current page, and that the path in the url= query string parameter must be relative to the picture.aspx page.

The PICTURE_PFX constant provides a URL prefix for displaying a full-sized picture in the pix folder. Defining these two locations as constants guards against coding their values differently in various parts of the code. It also simplifies ongoing maintenance.

Within the Page_Init subroutine, open a connection to the classified.mdb database. These statements should be quite familiar by now, but here they are in blue:

Sub Page_Init(sender As Object, e As EventArgs)
  conClasf = New OleDbConnection(Session("conClasf"))
  conClasf.Open
End Sub

The Page_Init subroutine is guaranteed to run before the Page_Load subroutine, and also before the btnUpload_Click subroutine. This makes the Page_Init subroutine a great place to open a database connection that either of the other subroutines can use. Because step 4 defined the conClasf variable outside of any subroutine, function, or class, it’s available everywhere within the page.

Close the conClasf database connection within the Page_PreRender subroutine, which is guaranteed to run after the Page_Load and btnUpload_Click subroutines. This requires the code in blue:

Sub Page_PreRender(sender As Object, e As EventArgs)
  conClasf.Close
End Sub

Within the empty Page_Load subroutine, code the declarations shown here in blue:

Sub Page_Load(sender As Object, e As EventArgs)
  Dim strAdId As String
  Dim strSQL As String
  Dim cmdAd As OleDbCommand
  Dim rdrAd As OleDbDataReader
End Sub

The strAdId variable will store a copy of the id= query string variable. The strSQL variable will store a SQL statement. The cmdAd and rdrAd variables will access the classified.mdb database.

If the Page_Load subroutine is running because of a postback, exit immediately. Otherwise, retrieve the id= query string value, remove any leading or trailing spaces, and store the result in the strAdId variable. Finally, copy the value you saved in the strAdId variable into the litCurAdId server control. This control displays the ad ID in the top left corner of the Web page. This code should follow the declarations you entered in the previous step:

If Page.IsPostBack Then
  Exit Sub
End if
strAdId = Trim(Request.Params("id"))
litCurAdId.Text = strAdId

Because query string variables appear openly in the browser’s Address bar, visitors can readily change them. As a result, incoming query string variables usually warrant some scrutiny. For starters, if the strAdId value you just retrieved is blank or nonnumeric, display an error message and exit. Here’s the necessary code, which should follow the code from the previous step:

If strAdId = "" then
  litCurHeadline.Text = "No Ad ID specified."
  Exit Sub
End If
If Not IsNumeric(strAdId) Then
  litCurHeadline.Text = "Ad ID not numeric."
  Exit Sub
End If

The litCurHeadline control normally displays the ad headline in the top left corner of the page. Using this field to display an error message is slightly lazy but undeserving of major punishment.

If the strAdId value passes these checks, use it to retrieve the corresponding record from the ads table. This requires constructing a simple SQL statement, using the SQL statement to construct an OleDbCommand object, and using the command object to open a DataReader. This should follow the code from the previous step:

strSQL = "SELECT * " & _
           "FROM ads " & _
          "WHERE adid = " & strAdId & " "
cmdAd = New OleDbCommand(strSQL, conClasf)
rdrAd = cmdAd.ExecuteReader

Attempt to read one record from the DataReader you just opened. If this returns False, no matching record exists, so report a not found condition. Code these statements next in sequence:

If rdrAd.Read Then
'  Code to process found record will go here.
Else
  litCurHeadline.Text = "Ad ID not found."
End If

If a record matching the given adid does exist, verify that its memberid matches that of the current Web visitor. Return an error message if not. This code replaces the comment in the previous step:

If rdrAd.Item("memberid") = _
    Request.ServerVariables("AUTH_USER") Then
' Code to display current record information will go here.
Else
  litCurHeadline.Text = "This ad doesn't belong to you."
End If

To understand how this statement works, recall that the current Web page resides in the application’s reg folder. The application’s web.config file puts forms-based authentication into effect for this folder, redirecting any visitor who isn’t logged in to the login.aspx page. If the login.aspx page accepts the member ID and password that the visitor enters, it informs ASP.NET that the visitor is authenticated and gives ASP.NET the visitor’s member ID as an identity. This is the identity that shows up in Request.ServerVariables("AUTH_USER").

So, if a visitor logged in as [email protected] tries to modify an ad posted by [email protected], the preceding statements will block the activity.

If the visitor is trying to modify his or her own ad, display the ad headline. Also, if the ad already has a picture, display its name and a thumbnail picture. Finally, make the table that contains the file upload control and the Upload File button visible. To do all this, replace the comment in the previous step with this code:

litCurHeadline.Text = rdrAd.Item("headline")
litCurPicname.Text = "" & rdrAd.Item("picname")
If "" & rdrAd.Item("picname") <> "" Then
  imgThumb.src = THUMB_PFX & rdrAd.Item("picname")
  imgThumb.Visible = True
End If
tblUpload.Visible = True

"" & rdrAd.Item("picname")

rdrAd.Item("picname")

This completes the database processing in the Page_Load subroutine. Therefore, after the End If statement you coded in step 11, close the data reader rdrAd and dispose of the command object cmdAd. This action requires the statements shown in blue. These will be the last two statements in the Page_Load subroutine.

  End If
  rdrAd.Close
  cmdAd.Dispose
End Sub

Save the page and load it into your browser, taking care to specify an HTTP URL and a proper query string value. Here’s an example, assuming that a Web server runs on your own PC:

http://127.0.0.1/webdbpgm/ch13/reg/ad-pic.aspx?id=61

Add the following declarations inside the btnUpload_Click subroutine you started in step 3 of the previous procedure:

Dim strFileName As String
Dim imgUpload As System.Drawing.Image
Dim strSQL As String
Dim cmdClasf As New OleDbCommand
Dim intRowsAff As Integer

The strFileName variable will store the name of the uploaded file. The imgUpload variable will load a copy of the uploaded file for processing. The last three variables are for updating the ads table: strSQL will contain a SQL statement, cmdClasf will point to an OleDbCommand object, and intRowsAff will contain the number of rows affected by running the SQL statement.

Make sure the table that displays the file upload results is invisible. The HTML always makes this table invisible initially, but if the visitor uploads first a valid picture and then an invalid one, the table will still be visible after the invalid attempt runs. To prevent this, add the following statement:

tblResults.Visible = False

Recall that fupUpload is the name of the file upload control you coded in step 6 of the first procedure. If this object’s PostedFile property doesn’t point to an object, the visitor didn’t upload a file. In that case, display an error message and exit. Here’s the required code:

If fupUpload.PostedFile Is Nothing Then
    lblError.Text = "No File Received"
    Exit Sub
  End If

If the uploaded file has no name (that is, if the length of its name, after dropping any leading and trailing spaces, is less than one), or if the file contains zero bytes, once again display an error message and exit. Here’s the code:

If (fupUpload.PostedFile.FileName.Trim().Length < 1) _
Or (fupUpload.PostedFile.ContentLength < 1) then
  lblError.Text = "Uploaded file is empty."
  Exit Sub
End If

Try loading the uploaded file into the image object imgUpload. If this produces an exception, display an error message and exit. Here’s the necessary code:

Try
  imgUpload = System.Drawing.Image.FromStream( _
              fupUpload.PostedFile.InputStream)
Catch ex As Exception
  lblError.Text = "Uploaded file isn't a valid picture."
  Exit Sub
End Try

Check the picture’s file format. The imgUpload object’s RawFormat property has a method called Equals that makes this relatively easy. If file format is GIF or JPEG, store the type below the Picture Type heading that appears above the uploaded picture. If it’s anything else, display an error message and exit. Here’s the code:

If imgUpload.RawFormat.Equals(ImageFormat.GIF) Then
  litPropsType.Text = "GIF"
ElseIf imgUpload.RawFormat.Equals(ImageFormat.JPEG) Then
  litPropsType.Text = "JPEG"
Else
  lblError.Text = "Uploaded file isn't a valid " & _
                  "picture format."
  Exit Sub
End If

Fill in the remaining three values that appear above the uploaded picture: Width, Height, and Bytes. The width and height in pixels come from the imgUpload object. The file size in bytes comes from the file upload control’s PostedFile.ContentLength property. Add these statements:

litPropsWidth.Text = imgUpload.Width
litPropsHeight.Text = imgUpload.Height
litPropsBytes.Text = fupUpload.PostedFile.ContentLength

Get the file name portion of the uploaded picture’s fully qualified file name and store it in the strFileName variable. The Path.GetFileName method performs this extraction easily; here’s the statement:

strFileName = Path.GetFileName( _
                   fupUpload.PostedFile.FileName)

Next, save the uploaded file using the file name the visitor specified and the physical equivalent of the URL path you coded in the PICTURE_PFX constant. Here’s the necessary statement:

fupUpload.PostedFile.SaveAs( _
              Server.Mappath(PICTURE_PFX) & strFileName)

Note that if the visitor uploaded a file named C:My Picturesschnauzer.jpg, this statement would store it in the physical location that corresponds to ../pix/schnauzer.jpg.

Replace the existing file name and thumbnail picture, if any, that appear under the Picture File and Thumbnail headings in the top left corner of the page. Replacing the picture name is easy; just copy the value in the strFileName variable. Replacing the thumbnail is slightly more complicated: you must update the src property of the imgThumb control to contain the URL prefix from THUMB_PFX plus the file name from strFileName. You should also make sure the imgThumb control is visible. Here’s the code:

litCurPicname.Text = strFileName
imgThumb.src = THUMB_PFX & strFileName
imgThumb.Visible = True

Display the full-sized picture. Doing so requires setting the src property of the imgFull control to the path in PICTURE_PFX plus the file name in strFileName, and then making the tblResults table visible. (The tblResults table contains the imgFull control.) Use the following statements:

imgFull.src = PICTURE_PFX & strFileName
tblResults.Visible = True

Construct a SQL statement that sets the picname field in the ads table equal to the value in strFileName, but only in the record for the adid that the Page_Load subroutine validated. The Page_Load subroutine, you might recall, stored this value in the litCurAdId control. ASP.NET uses the ViewState mechanism—which is fairly resistant to tampering—to store this value between form submissions. Here’s the code:

strSQL = "UPDATE ads " & _
            "SET picname = '" & strFileName & "' " & _
          "WHERE adid = " & litCurAdId.Text & " "

Build an OleDbCommand object that contains this SQL statement. Then use the command object’s ExecuteNonQuery method to update the database. Save the number of affected table rows in the intRowsAff variable. This requires the following code:

cmdClasf = New OleDbCommand(strSQL, conClasf)
intRowsAff = cmdClasf.ExecuteNonQuery

If the number of affected rows is one, display a success message. If the number of affected rows is anything else, display an error message. Here’s the code:

If intRowsAff = 1 Then
  lblOkMsg.Text = "Ad ID '" & litCurAdId.Text & "' updated"
Else
  lblError.Text = intRowsAff & "database records updated."
End If

Dispose of the cmdClasf object using the following statement:

cmdClasf.Dispose

Save the page and test it. You should find that after uploading a picture for an ad, using the ad-dtl.aspx page to display the same ad displays the new picture.

Open the ad-new.aspx page.

Choose a spot in the body of the Web page where you want the hyperlink to appear. The sample page uses a location just after the lblOkMsg control, which displays the ad posting success message.

Add the following hyperlink in this location. Note the runat="server" attribute, the id of ancUpload, the lack of an href location, and the lack of visibility.

<a id="ancUpload" href visible="false"
                 runat="server"><b>Upload Picture</b></a>

Add the following statement after the declarations (and before any other statements) in the PostNewAd subroutine. This ensures that the ancUpload hyperlink won’t be visible unless the current ad posting succeeds.

ancUpload.visible = False

Add the following statements shown in blue near the end of the PostNewAd subroutine. The first blue statement sets the target location of the ancUpload hyperlink to the page named ad-pic.aspx followed by the query string identifier id= and the number of the newly posted ad. The second blue statement makes the hyperlink visible.

  lblOkMsg.Text = "Ad " & rowAds("adid") & " posted."
  ancUpload.href = "ad-pic.aspx?id=" & rowAds("adid")
  ancUpload.visible = True
  conClasf.Close
End Sub