The user types their name, email, and message into an HTML form in their web browser.
The Replace(..., "'", "''") in the ASP code is essential to prevent basic SQL injection attacks.
<form id="reviewForm"> <div class="input-group"> <label><i>👤</i> Full name *</label> <input type="text" id="fullName" placeholder="e.g. Emily Johnson" required maxlength="60"> </div>
Because MS Access is a Microsoft product, it natively integrates best with Windows-based web servers (IIS) using via an OLEDB database connection.
<html> <head> <title>Guestbook</title> </head> <body> <h1>Guestbook</h1> <form action="guestbook.asp" method="post"> Name: <input type="text" name="name"><br> Email: <input type="text" name="email"><br> Message: <textarea name="message"></textarea><br> <input type="submit" value="Submit"> </form> </body> </html> ms access guestbook html
The guide above provides a complete, working foundation. Once your basic guestbook is running, here are ideas to expand and improve it:
On your website, you'll need a simple that uses the POST method to send data to your server-side script.
// sort by newest first (descending createdAt) const sorted = [...reviews].sort((a,b) => new Date(b.createdAt) - new Date(a.createdAt)); let html = ""; for(let rev of sorted) "General"); const commentText = escapeHtml(rev.comment).replace(/\n/g, '<br>'); const starsHtml = renderStars(rev.rating); const dateStr = formatDate(rev.createdAt); html += ` <div class="review-item"> <div class="review-header"> <div class="reviewer-name"> <span>👤</span> $safeName </div> <div class="review-date">📅 $dateStr</div> </div> <div style="display: flex; justify-content: space-between; align-items: center; flex-wrap:wrap; margin-bottom:6px;"> $starsHtml <span class="review-category">🏷️ $categoryLabel</span> </div> <div class="review-comment"> $commentText </div> </div> `;
<% ' Force explicit variable declaration for clean code Option Explicit ' Declare variables Dim strName, strEmail, strMessage Dim objConn, objCmd, strConnString, strSQL ' 1. Capture form data from the HTML POST request strName = Trim(Request.Form("txtName")) strEmail = Trim(Request.Form("txtEmail")) strMessage = Trim(Request.Form("txtMessage")) ' Basic Server-Side Validation If strName = "" Or strEmail = "" Or strMessage = "" Then Response.Write("Error: All fields are required.") Response.End End If ' 2. Build the Connection String for MS Access (.accdb) ' ACE.OLEDB.12.0 or ACE.OLEDB.16.0 handles modern Access files strConnString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=" & Server.MapPath("guestbook.accdb") & ";" ' 3. Initialize Connection and Command Objects Set objConn = Server.CreateObject("ADODB.Connection") Set objCmd = Server.CreateObject("ADODB.Command") ' Open Database Connection objConn.Open strConnString ' Configure the Parameterized SQL Command to prevent SQL Injection strSQL = "INSERT INTO tbl_entries (GuestName, GuestEmail, Message, DateSubmitted) VALUES (?, ?, ?, ?);" With objCmd .ActiveConnection = objConn .CommandText = strSQL .CommandType = 1 ' adCmdText ' Append parameters sequentially matching the question marks (?) .Parameters.Append .CreateParameter("@Name", 202, 1, 100, strName) ' adVarWChar .Parameters.Append .CreateParameter("@Email", 202, 1, 150, strEmail) ' adVarWChar .Parameters.Append .CreateParameter("@Message", 203, 1, -1, strMessage) ' adLongVarWChar .Parameters.Append .CreateParameter("@Date", 7, 1, -1, Now()) ' adDate ' Execute the query .Execute End With ' 4. Clean up resources Set objCmd = Nothing objConn.Close Set objConn = Nothing ' Redirect the user back to a success page or back to the index Response.Redirect("view_guestbook.asp") %> Use code with caution. 5. Displaying Stored Entries (HTML + Script) The user types their name, email, and message
To uniquely identify each entry. Name (Short Text): To store the visitor's name. Comment (Long Text/Memo): To store the visitor's message.
rs.Close conn.Close
Here is an example ASP code for the guestbook.asp page:
.rating-stars display: flex; gap: 12px; align-items: center; flex-wrap: wrap; margin-top: 8px; // sort by newest first (descending createdAt) const
return JSON.parse(localStorage.getItem(STORAGE_KEY));
: A user fills out the HTML form and clicks "Submit."
/* toast notification */ .toast-msg position: fixed; bottom: 30px; left: 50%; transform: translateX(-50%) translateY(100px); background: #1a2c3e; color: white; padding: 12px 24px; border-radius: 60px; font-weight: 500; box-shadow: 0 5px 20px rgba(0,0,0,0.2); transition: transform 0.3s ease; z-index: 1000; font-size: 0.9rem; backdrop-filter: blur(6px); background: #1f3b4aee;
To bridge this gap, you need a server-side intermediary to handle the database communication: