Asp and Sql project.I need Help.

Shuchik · August 23rd, 2007, 12:20 AM

Well..let me first tell you all what my project is.I am building an application in which I need to maintain an online database that wud contain information of all companies in the country.The application will have simple basic four operations-Add information,modify Information,Delete Information and View Information.Though I am done with the interfaces and every database operation but the problem now is that if a company with company-id say 1 enters the database..then it can add,view,delete and modify the information related to the company say company-id 2...And m not able to keep a check if the company entered with company-id 1 enters its company-id before performing any further operation. How can I do this? Can any one tell me?? Its urgent.

vksingh24 · August 23rd, 2007, 05:47 AM

when company 1 gets login into your system, store its ID=1 into a session variable, and before any database operation check out with the ID it is associated with.

__________________
Vikash Kumar Singh

Shuchik · August 23rd, 2007, 06:04 AM

Thanx vikas...but m tryin to do same...I am collecting the company-id from main page in a variable named str and then m again askin for the company-id when user tries to perform an operation...n then I check if both the ids are same....but the "if" condition is doin nothin on my code :(

mat41 · August 23rd, 2007, 05:49 PM

Why dont you build a permission controlled environment like a login? I know if I was one of your users it would make me feel better.

Wind is your friend
Matt

Shuchik · August 23rd, 2007, 10:48 PM

ya,thats watm doin...Each company has to enter it's company-id before entering into the website...but then the problem is..once a company makes entry then it can access data of other companies also...wat shud I do to prevent a company from using other companies data? N like Vikas suggested I shud use session variable's concept then how to do that..m not much proficient in asp...n thus never used such concepts.. :(

mat41 · August 23rd, 2007, 11:00 PM

One way to do it - When a company logs in you assign thier UNIQUE id to the session variable. EG:

session("id") = somevariable

Now for security place this on the head of all pages where a non logged in user should not be able to access:

if session("id") = "" then
response.redirect("login.asp?login=failed")
end if

WHY: They may know your page name an type it directly into the browser address area

NOTE: login.asp could cotain a condition like:

if trim(request.querystring("login")) = "failed" then
response.write "You must login to access this page"
end if

So now all pages where you wish to show comapny info write conditional SQL Satements. EG on your show company infomation page

sql = "SELECT * from companyInfo WHERE id=" & session("id") & ";"

This will show them the company information relating to thier comapny only, are you following me?

Wind is your friend
Matt

Shuchik · August 23rd, 2007, 11:46 PM

well...thanx again MAT :) I just did this too..the way u told me..but of no use...when I enter company-id and press submit..it is gettin redirected to login.asp.in both the cases whether u supply company-id or not..it is gettin redirected to login.asp :(

If theres no problem Mat...can I have your yahoomail id? Its just to tell you wat my project code is..n it seems ur too gud in ASP...may be u wud be able to save my job by helpin me out...Only if theres no prob then let me know..else Shud I post the pages here?

mat41 · August 24th, 2007, 12:02 AM

mmmmmm. this is really a cross post with:

http://p2p.wrox.com/topic.asp?TOPIC_ID=64313

;;;when I enter company-id and press submit..it is gettin redirected to login.asp
You need to assign a value to the session variable or its always gong to be = ""

Problems and solutions should remain in the forum. This way others benefit. I come here for help myself and help other when I can, and have time. Posting pages here wont get youi much help, posting specific problems which you have done your best to solve yourself will work around here.

Listen carefully:
1..ask for user details
2..post to the same page
3..based on user input ask the DB is there a record:
   a..IF SO assign the ID to a session variable and redirect the user to where ever
   b..IF NOT promt them 'sorry no details found, try again

do not place:

if session("id") = "" then
   response.redirect("login.asp?login=failed")
end if

on the login page, or any other page which you send the user to before you have carried out steps 1, 2, 3 and or 3b

Hope that helps

Wind is your friend
Matt

Shuchik · August 24th, 2007, 12:13 AM

Thanks again MAT...well...let me tell you what am I doin on my first page...

this is from where am I taking information from the user...

<form action="modify.asp" method=post>
    <div align="center">
      <center>
    <table border="2" cellpadding="0" cellspacing="0"
style="border-collapse: collapse; text-align:center" width="40%"
bgcolor="#E1E1E1"
height="104">
      <tr>
        <td width="100%" colspan="2" bgcolor="#3163A0" height="22">
        <p align="center">

        Member Login</td>
      </tr>
      <tr>
        <td width="47%" style="text-align: left" height="20">

         Company-ID:</td>
        <td width="53%" style="text-align: left" height="20">
               <input type="text" name="cid" size="11" style="border-style: solid; border-width:1"></td>
      </tr>

      <tr>
        <td width="100%" colspan="2" height="26">
        <p align="center">
                <input type="submit" value="Sign-In"
name="signin"></td>
      </tr>
      <tr>
        <td width="100%" colspan="2" height="12">
        <p align="right">
         </td>
      </tr>
    </table>
    <table border="0" cellpadding="0" cellspacing="0"
style="border-collapse: collapse" bordercolor="#111111" width="100%"
id="AutoNumber5">
      <tr>
        <td width="100%"> </td>
      </tr>
      <tr>
        <td width="100%"> </td>
      </tr>

      <tr>
        <td width="100%"> </td>
      </tr>
      <tr>
        <td width="100%"> </td>
      </tr>
      <tr>
        <td width="100%"> </td>
      </tr>
      <tr>
        <td width="100%"> </td>
      </tr>
    </table>
      </center>
    </div>
    </form>

and in last lines m tryin to get the company-id entered in my session variable named "id"..this way-
  </center>
</div>
<% session("id")=request("cid")%>
</body>

</html>

Shuchik · August 24th, 2007, 12:16 AM

Then my second page on which it wud be checked if user has entered correct information is like-

<%@Language=VBScript%>
<%Option Explicit
'If (session("id")="") Then
    'response.redirect("login.asp?login=failed")

'Else %>
<html>
        <body>

        <%

        'DECLARE VARIALBLES AND ESTABLISH DATABASE CONNECTION
        Dim objConn,objRs,found,str
        set objConn=Server.createObject("ADODB.Connection")
        objConn.ConnectionString="Provider=SQLOLEDB; Data Source =(local); Initial Catalog = company_information;"&_
                                "User Id = sa; Password=sa"

        objConn.open
        str=request.form("cid")

        'IF USER HAS LEFT COMPANY-ID FIELD EMPTY
        If (request.form("cid")="") Then
                objConn.close
                Set objconn=nothing
                response.write "<center>"
                response.write "<a href='start_company_db_page.asp'>"
                response.write "You Can Not Leave Company-Id Field Empty."
                response.write "</a>"
                response.write "</center>"
                response.End
            End If

        'ELSE CHECK IF THE COMPANY-ID EXISTS
        set objRs=server.createObject("ADODB.Recordset")
        objRs.open "MASTER",objConn, 3 , 2
        found=False

        'TRAVERSE THROUGH DATABASE ELEMENTS TO MATCH THE ID
        Do While Not (objRs.eof Or found)
            If(StrComp(objRs("CompanyId"), str,vbTextCompare)=0) Then
                found=True %>
                <form action="modify1.asp" method=post>
                <input type=hidden name="cid" value="<%=str%>">
                <center> I want to <br><br><br>
                    <input type="submit" name="modify" value="Add Information" /><br><br>
                    <input type="submit" name="modify" value="Modify Information" /><br><br>
                    <input type="submit" name="modify" value="Delete Information" /><br><br>
                    <input type="submit" name="modify" value="View Information" />

                </center>

                </form>

        <% Else
                objRs.MoveNext
                End If
           Loop

            'IF THE COMPANY-ID IS NOT FOUND THEN INFORM THE USER
            If Not found Then
                objRs.close
                set objRs=Nothing
                objConn.close
                set objConn=Nothing
                response.write "<center>"
                response.write "<A HREF='start_company_db_page.asp'>"
                response.write "Invalid Company-Id.Please Enter Again.<P>"
                response.write "</A>"
                response.write "</center>"
                response.End

            end if

            objRs.close
            Set objRs=nothing
            objConn.close
            Set objConn=nothing
            'End if%>

       </body>
    </html>