View Single Post
 
Old June 8th, 2003, 11:50 PM
riskey_457 riskey_457 is offline
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Statement Error

I am building a web page that requires a member to login using a username and password. The username and password are stored as such:

uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")

The username and/or password can be:

john
3456
pass52
password63

And so on.
I then use a SELECT SQL statement to search the database:

<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30

Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>


When I do this I get an error such as:

Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92

Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!

Lord Farquhar