SQL Statement Error

riskey_457 · #1 (**permalink**) June 8th, 2003, 11:48 PM

I am building a web page that requires a member to login using a username and password. The username and password are stored as such:

uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")

The username and/or password can be:

john
3456
pass52
password63

And so on.
I then use a SELECT SQL statement to search the database:

<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30

Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>

When I do this I get an error such as:

Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92

Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!

Lord Farquhar

riskey_457 · #2 (**permalink**) June 9th, 2003, 06:42 PM

It is just plain ASP. I do not have the .NET version yet. I really want it though!

Lord Farquhar

riskey_457 · #3 (**permalink**) June 9th, 2003, 08:17 PM

The line #92 is:

MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"

And the MySQL, is just a name that I have chosen.
I know it MySQL is it's own program, but that is just the string storage.

Lord Farquhar

KenSchaefer · #4 (**permalink**) June 9th, 2003, 10:57 PM

Before line 92, can you try:
Response.Write(uname)
Response.Write(pword)
Response.End

just to make sure that the problem isn't with your "uname" and "pword" variables?

Cheers
Ken

www.adOpenStatic.com

David Cameron · #5 (**permalink**) June 9th, 2003, 11:31 PM

Post the code where you set uname and pword. As I said earlier the type mismatch problem suggests that uname or pword is an object.

Try manually setting the values for uname and pword eg:
uname = "john34"
pword = "pwd345"
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))

regards
David Cameron

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
T-SQL statement causing error with insert/update	saf	SQL Language	0	September 7th, 2007 04:48 PM
convert a SQL Statement from MS Access to a SQL	Corey	Access	6	March 28th, 2007 12:33 PM
Syntax error on SQL statement	Chris1	Access VBA	1	September 7th, 2004 07:47 AM
Getting error in sql statement	Calibus	Classic ASP Databases	7	August 11th, 2004 07:11 AM
SQL Statement Error	riskey_457	SQL Server ASP	9	June 10th, 2003 11:35 AM