Wrox Programmer Forums

Need to download code?

View our list of code downloads.

| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old April 23rd, 2004, 05:07 AM
Registered User
 
Join Date: Apr 2004
Location: stoke, staffs, United Kingdom.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chnaging user details

Hi Guys,

I have this problem wiv my code, i am trying to let the user to chnage there password in a private area of the site. Anyway
the problem that i am having is that the users password is not being updated to the database according to which user is logged in if you know what i mean?

Below is the code, i was wondering if any of you gurus can tell where i ma goin wrong, please.

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%
'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function
dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn
username = ChkString(request.form("login"))
SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)
if RSuser.eof then
dim oldpassword, newpassword1, newpassword2
oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>
<%
SQLQuery2 = "Insert into users (newpassword2) WHERE username ='"
sqlquery2 = sqlquery2 & "values ('" & newpassword2 & "')"
Set RSuserUpdate = Conn.Execute(SQLQuery2)
session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>
<div align="center">Sorry have entered your username incorrectly </div>
<%End If%>
</body>
</html>
Thanks for your help


Andy
Reply With Quote
  #2 (permalink)  
Old April 23rd, 2004, 05:21 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Andy,

I can see at least two things that are wrong:

1. You're checking for .EOF, like this:
Code:
if RSuser.eof then
dim oldpassword, newpassword1, newpassword2
EOF means End Of File, and is only true when the user is NOT found. I think you should change that to
Code:
if Not RSuser.eof then
dim oldpassword, newpassword1, newpassword2
2. You're not trying to update the user, but you're creating a new record. Instead of INSERT INTO users, try:
Code:
UPDATE users SET newpassword2 = ' & " newpassword & "' WHERE username...
Other things you can fix:
1. You're using an old skool connection string. Look here for a better version: http://www.able-consulting.com/MDAC/...orMicrosoftJet

2. You should also query for the old password when you're trying to find the user. Otherwise, users can change the password of someone else's account.

HtH,

Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.


Reply With Quote
  #3 (permalink)  
Old April 25th, 2004, 09:11 AM
Registered User
 
Join Date: Apr 2004
Location: stoke, staffs, United Kingdom.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks for the help Imar,

With regards to the connection we have to do it that way (lecturer said so)Belwo is the ammended code

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%

'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function

dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn

username = ChkString(request.form("login"))

SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)

if NOT RSuser.eof then
dim oldpassword, newpassword1, newpassword2


oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>

<%

SQLQuery2 = "UPDATE users SET newpassword2 = '" & newpassword2 & "' WHERE username = '"

Set RSuser = conn.Execute(SQLQuery2)

session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>

<div align="center">Sorry have entered your username incorrectly </div>

<%End If%>

</body>
</html>

I have made the changes that you suggested and now get the following error

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'username = ''.

/andy11983/passchange1.asp, line 39


I would REALLY appreciate and of your or anybodys advice on how to fix this error as i have to demo thsi on tuesday morning at 9.

Thanks

Andy

Andy
Reply With Quote
  #4 (permalink)  
Old April 25th, 2004, 09:33 AM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hi Andy,

In that case, tell your lecturer he/she is wrong, and point him to this page to illustrate your point: http://support.microsoft.com/default.aspx?kbid=222135

The driver you're using is old and shouldn't really be used anymore as it's slower and has some issues. From the article:
Quote:
quote:The Microsoft Access ODBC driver (Jet ODBC driver) can have stability issues due to the version of Visual Basic for Applications that is invoked because the version is not thread safe. As a result, when multiple concurrent users make requests of a Microsoft Access database, unpredictable results may occur. The native Jet OLE DB Provider includes fixes and enhancements for stability, performance, and thread pooling (including calling a thread-safe version of Visual Basic for Applications).
Anyway, to return to your problem: you're not adding a user name to the update statement:
Code:
SQLQuery2 = "UPDATE users SET newpassword2 = '" &  newpassword2 & "' WHERE username = '"
As you can see, the SQL statement ends right after username = '.
To fix this, change the statement to this:
Code:
SQLQuery2 = "UPDATE users SET newpassword2 = '" &  newpassword2 & "' WHERE username = '" & username & "'"
You also did that for the SELECT statement, so the idea should be familiar.

If you post code here, can you please use the [code][/code] tags? That makes the code much easier to read.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.


Reply With Quote
  #5 (permalink)  
Old April 25th, 2004, 01:13 PM
Registered User
 
Join Date: Apr 2004
Location: stoke, staffs, United Kingdom.
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Hi its me again,

Thanks for your advice again. Ive made the alterations and now another error has appeared. I cannot give you more information on the error at this time because 1ASP host has decided to put a bandwith on so that you can only access your site a certain number of times.

However before it went pear-shaped it said it was something to do with line(s)36 which is the bolded bit in the code.

[CODE
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%

'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function

dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn

username = ChkString(request.form("login"))

SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)

if NOT RSuser.eof then
dim oldpassword, newpassword1, newpassword2

oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>

<%

SQLQuery2 = "UPDATE users SET newpassword2 = '" & newpassword2 & "' WHERE username = '" & username & "'"
Set RSuser = conn.Execute(SQLQuery2)


session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>

<div align="center">Sorry have entered your username incorrectly </div>

<%End If%>

</body>
</html>
[/CODE]

Thanks again people, i really appreciate your help

Andy

Andy
Reply With Quote
  #6 (permalink)  
Old April 25th, 2004, 01:24 PM
Imar's Avatar
Wrox Author
Points: 72,073, Level: 100
Points: 72,073, Level: 100 Points: 72,073, Level: 100 Points: 72,073, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Hard to tell, without the exact message.

Does the database have a column called newpassword2?

Try Response.Writing out the sql statement, to see what's going on:
Code:
SQLQuery2 = "UPDATE users SET newpassword2 = '" &  newpassword2 & "' WHERE username = '" & username & "'"
Response.Write("SQL Is " & SQLQuery2)
Response.End()
Set RSuser = conn.Execute(SQLQuery2)
Are you using a free host? It doesn't sound like the best service they're offering ;)

I think something when wrong with your code tags. If you click the code button on the toolbar, you get an opening and closing tag. Any code should go between those tags:
[code]
  Code here
[/code]

Cheers


Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Helderziende by Hans Teeuwen & Pieter Bouwman (Track 8 from the album: De mannen van de radio - improvisaties 1)
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
dynamically chnaging css sarah lee ASP.NET 1.0 and 1.1 Basics 2 January 25th, 2007 10:43 AM
user log details... anukagni Access 10 November 28th, 2006 01:51 PM
Details Height Paula222 Access VBA 1 April 11th, 2006 11:27 AM
I cannot edit user details hdoldur Classic ASP Databases 0 April 3rd, 2004 10:11 AM
Box in details sporkman43 Crystal Reports 0 January 15th, 2004 03:50 PM



All times are GMT -4. The time now is 09:58 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.