SQL Statement Error
I am building a web page that requires a member to login using a username and password. The username and password are stored as such:
uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")
The username and/or password can be:
john
3456
pass52
password63
And so on.
I then use a SELECT SQL statement to search the database:
<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30
Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>
When I do this I get an error such as:
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92
Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!
Lord Farquhar
|