MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Software
Register FAQ Members List Calendar Casino Mark Forums Read

Software Software such as operating systems like Windows XP, Windows Vista, Windows 7 etc., or specific programs.


Reply
 
Thread Tools Display Modes
  #1  
Old 05-04-03, 21:07
man_im_bored's Avatar
man_im_bored man_im_bored is offline
Private First Class
 
Join Date: May 2003
Location: australia
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Post ASP error

Yeah, I'm starting to learn ASP, and what I'm trying to create is a login. I've set up the db and created a way for people to add a username and password to the db, but I can't get someone to "login" which is a pain. In the db, I've got two colums: 1)username and 2)passcol - which is the password column.

It connects successfully and everything, just doesn't run the query.

Here's the error:
'Technical Information (for support personnel)

'Error Type:
'Microsoft JET Database Engine (0x80040E14)
'Characters found after end of SQL statement.
'/programming/asp/login/login_engine.asp, line 34


- - - - - - - - - - - - - - - - - - - - - CODE - - - - - - - - - - - - - - - - - - - - - -

<%
Dim cnnSearch ' ADO connection
Dim rstSearch ' ADO recordset
Dim strDBPath ' path to our Access database (*.mdb) file

Dim strSQL ' The SQL Query we build on the fly
Dim strUser ' Username
Dim strPass ' Password

strUser= Request.Form("username")
strPass= Request.Form("passbox")


If strUser <> "" Then
If strPass <> "" Then

strDBPath = Server.MapPath("db.mdb")


Set cnnSearch = Server.CreateObject("ADODB.Connection")



cnnSearch.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Inetpub\wwwroot\programming\asp\login\db.mdb;"

' Build our query based on the input.
strSQL = "SELECT username, passcol " _
& "FROM usertable " _
& "WHERE username = strUser;" _
& "AND passcol = strPass "

' Execute our query using the connection object. It automatically
' creates and returns a recordset which we store in our variable.
Set rstSearch = cnnSearch.Execute(strSQL)

Do While Not rstSearch.EOB

Do While Not rstSearch.EOF

Set rstSearch = Nothing
cnnSearch.Close
Set cnnSearch = Nothing
Response.Redirect("failed.asp")
Loop
Loop
Response.Redirect("success.asp")
End If
else
Response.Redirect("failed.asp")
End if

%>


:D
__________________
Don't listen to me, I don't know what I'm on about...
Reply With Quote
Sponsored links
  #2  
Old 05-04-03, 22:55
Kodo's Avatar
Kodo Kodo is offline
SNATCHSQUATCH
 
Join Date: Jan 2002
Location: Syracuse NY, USA
Posts: 11,502
Thanks: 17
Thanked 72 Times in 49 Posts
Default

'apostrophe replacement helps avoid SQL injection as well as errors with strings being passed to the SQL statement.

strUser=replace(request.form("username"),"'","''")
passcol=replace(request.form("passbox"),"'","''")

strSQL = "SELECT ID FROM usertable WHERE username = '"&strUser&"' AND passcol = '"&strPass&"' "

' Execute our query using the connection object. It automatically
' creates and returns a recordset which we store in our variable.
Set rstSearch = cnnSearch.Execute(strSQL)

if not rstSearch.eof then
session("ID")=RS("ID")

rstSearch.close
Set rstSearch = Nothing
cnnSearch.Close
Set cnnSearch = Nothing

Response.Redirect("success.asp")

else

rstSearch.close
Set rstSearch = Nothing
cnnSearch.Close
Set cnnSearch = Nothing


Response.Redirect("failed.asp")
End if

the loop you had would have caused problems. Now, if you want to maintain some security after they've logged in or if you just want to make sure they're logged in, I added a session variable that holds the ID of the user's record. You need to do this at the top of your pages or make a function and call it at the top of your pages.

if session("ID")="" or isnull(Session("ID") then
response.redirect "login.asp
end if

this will check for the sessions state and maintain that persons log in until the browser is closed or until you use session.abandon.
__________________
"The American people will never knowingly adopt Socialism..." -Norman Thomas
Reply With Quote
  #3  
Old 05-05-03, 08:54
man_im_bored's Avatar
man_im_bored man_im_bored is offline
Private First Class
 
Join Date: May 2003
Location: australia
Posts: 71
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, that helps heaps. I was going to use cookies instead of the id thing, but might as well use that. Thanks again.
__________________
Don't listen to me, I don't know what I'm on about...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
msvcrt.dll error ie6 why? wcdeuv Software 11 02-08-05 21:01
RAS error mrudella Hardware 14 01-16-04 21:24
not sure of error message i got... pghstampr_ Software 2 01-12-04 20:51
Strange Error Message Robert Software 3 12-24-03 05:22


All times are GMT -5. The time now is 23:14.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger