Subject: Passing session variables from login page.
Posted By: captainzorro Post Date: 4/2/2008 2:26:18 PM
I am trying to pass session variables from login page but I am getting an error. Can anyone help why?

My default page code is 

<%
'-- Simple function to replace single quotes --
Function ValidateStr(strValue)
    strTemp = strValue
    strTemp = Trim(strTemp)
    strTemp = Replace(strTemp,"'","''")
    ValidateStr = strTemp
End Function


'-- Check that form has been submitted --
If Request.Form("Submit") = "Login" Then
    '-- Grab form values --
    UserEmail = ValidateStr(Request.Form("UserEmail"))
    UserPassword = ValidateStr(Request.Form("UserPassword"))


    ' -- Check if both email and password were submitted -
    If UserEmail = "" OR UserPassword = "" Then
        strError = "You must enter both an email address and password."
    End If


    ' -- If no errors, continue --
    If strError = "" Then
        '-- Connect to DB and create recordset --
        Set conn = Server.CreateObject("ADODB.Connection")
        conn.Provider = "Microsoft.Jet.OLEDB.4.0"
        conn.Open Server.MapPath("login.mdb")
        Set rsLogin = Server.CreateObject("ADODB.recordset")
    

        '-- Select the data from the DB using the submitted information --
        strSQL = "SELECT UserID, UserEmail, UserPassword FROM tblUsers WHERE UserEmail = '" & UserEmail & "' AND UserPassword = '" & UserPassword & "'"
        rsLogin.Open strSQL, conn


        ' -- Check that user exists --
        If Not rsLogin.EOF Then
            '-- If match found, and user exists, then set session variable --
            Session("UserID") = rsLogin("UserID")
            ' -- Redirect to protected page --
            Response.Redirect "profile.asp"
        Else
            strError = "Login failed."
        End If
    End If
End If
%>

<b><%= strError %></b><p />&nbsp;&nbsp;&nbsp;&nbsp;

<form name="login" method="post" action="default.asp">
  <table width="400" border="0" cellspacing="0" cellpadding="2">
    <tr>
      <td>Email Address</td>
      <td><input name="UserEmail" type="text" value="<%= UserEmail %>" /></td>
    </tr>
    <tr>
      <td>Password</td>
      <td><input name="UserPassword" type="password" value="<%= UserPassword %>" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><input type="submit" name="Submit" value="Login" /></td>
    </tr>
  </table>
</form>



My profile page code is

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>
<%
Set conn = Server.CreateObject("ADODB.Connection")
        conn.Provider = "Microsoft.Jet.OLEDB.4.0"
        conn.Open Server.MapPath("login.mdb")
        
UserID = Session("UserID")
response.write "User ID: " & UserID
'response.end
strSQL = "SELECT UserName FROM tblUsers WHERE UserID = " & UserID
Set loginRS = Conn.Execute(strSQL)

strUserName = loginRS("UserName")

response.write "Welcome " & strUserName & " to the password protected portion of my site."
%>
<p>profile happy </p>
<p>&nbsp; </p>
</body>
</html>


The error I am getting is Microsoft Jet Database Engine (0x80040E14)
Syntax error (missing operator) in query expression 'UserID='./profile.asp, line 18


Please help.
Reply By: prabodh_mishra Reply Date: 4/23/2008 11:54:19 PM
Check if you have EnableSessionState On and rsLogin("UserID") is actually returning anything.



Prabodh

Return to index page 1