p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   Classic ASP Basics (http://p2p.wrox.com/forumdisplay.php?f=61)
-   -   Chnaging user details (http://p2p.wrox.com/showthread.php?t=12187)

andy11983 April 23rd, 2004 05:07 AM

Chnaging user details
 
Hi Guys,

I have this problem wiv my code, i am trying to let the user to chnage there password in a private area of the site. Anyway
the problem that i am having is that the users password is not being updated to the database according to which user is logged in if you know what i mean?

Below is the code, i was wondering if any of you gurus can tell where i ma goin wrong, please.

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%
'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function
dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn
username = ChkString(request.form("login"))
SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)
if RSuser.eof then
dim oldpassword, newpassword1, newpassword2
oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>
<%
SQLQuery2 = "Insert into users (newpassword2) WHERE username ='"
sqlquery2 = sqlquery2 & "values ('" & newpassword2 & "')"
Set RSuserUpdate = Conn.Execute(SQLQuery2)
session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>
<div align="center">Sorry have entered your username incorrectly </div>
<%End If%>
</body>
</html>
Thanks for your help


Andy

Imar April 23rd, 2004 05:21 AM

Hi Andy,

I can see at least two things that are wrong:

1. You're checking for .EOF, like this:
Code:

if RSuser.eof then
dim oldpassword, newpassword1, newpassword2

EOF means End Of File, and is only true when the user is NOT found. I think you should change that to
Code:

if Not RSuser.eof then
dim oldpassword, newpassword1, newpassword2

2. You're not trying to update the user, but you're creating a new record. Instead of INSERT INTO users, try:
Code:

UPDATE users SET newpassword2 = ' & " newpassword & "' WHERE username...
Other things you can fix:
1. You're using an old skool connection string. Look here for a better version: http://www.able-consulting.com/MDAC/...orMicrosoftJet

2. You should also query for the old password when you're trying to find the user. Otherwise, users can change the password of someone else's account.

HtH,

Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.



andy11983 April 25th, 2004 09:11 AM

Thanks for the help Imar,

With regards to the connection we have to do it that way (lecturer said so)Belwo is the ammended code

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%

'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function

dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn

username = ChkString(request.form("login"))

SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)

if NOT RSuser.eof then
dim oldpassword, newpassword1, newpassword2


oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>

<%

SQLQuery2 = "UPDATE users SET newpassword2 = '" & newpassword2 & "' WHERE username = '"

Set RSuser = conn.Execute(SQLQuery2)

session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>

<div align="center">Sorry have entered your username incorrectly </div>

<%End If%>

</body>
</html>

I have made the changes that you suggested and now get the following error

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'username = ''.

/andy11983/passchange1.asp, line 39


I would REALLY appreciate and of your or anybodys advice on how to fix this error as i have to demo thsi on tuesday morning at 9.

Thanks

Andy

Andy

Imar April 25th, 2004 09:33 AM

Hi Andy,

In that case, tell your lecturer he/she is wrong, and point him to this page to illustrate your point: http://support.microsoft.com/default.aspx?kbid=222135

The driver you're using is old and shouldn't really be used anymore as it's slower and has some issues. From the article:
Quote:

quote:The Microsoft Access ODBC driver (Jet ODBC driver) can have stability issues due to the version of Visual Basic for Applications that is invoked because the version is not thread safe. As a result, when multiple concurrent users make requests of a Microsoft Access database, unpredictable results may occur. The native Jet OLE DB Provider includes fixes and enhancements for stability, performance, and thread pooling (including calling a thread-safe version of Visual Basic for Applications).
Anyway, to return to your problem: you're not adding a user name to the update statement:
Code:

SQLQuery2 = "UPDATE users SET newpassword2 = '" &  newpassword2 & "' WHERE username = '"
As you can see, the SQL statement ends right after username = '.
To fix this, change the statement to this:
Code:

SQLQuery2 = "UPDATE users SET newpassword2 = '" &  newpassword2 & "' WHERE username = '" & username & "'"
You also did that for the SELECT statement, so the idea should be familiar.

If you post code here, can you please use the [code][/code] tags? That makes the code much easier to read.

HtH,

Imar
---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.



andy11983 April 25th, 2004 01:13 PM

Hi its me again,

Thanks for your advice again. Ive made the alterations and now another error has appeared. I cannot give you more information on the error at this time because 1ASP host has decided to put a bandwith on so that you can only access your site a certain number of times.

However before it went pear-shaped it said it was something to do with line(s)36 which is the bolded bit in the code.

[CODE
<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Untitled Document</title>
</head>
<body>
<%

'Function to see what the user has entered
Function ChkString(string)
If String = "" Then String = " "
ChkString = replace(String, "'", " ")
End Function

dim username, conn
strconn = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Server.MapPath("db/cds.mdb")
set conn = server.createobject("adodb.connection")
conn.open strconn

username = ChkString(request.form("login"))

SQLQuery = "SELECT * FROM users WHERE username = '"
sqlquery = sqlquery & username & "'"
Set RSuser = conn.Execute(SQLQuery)

if NOT RSuser.eof then
dim oldpassword, newpassword1, newpassword2

oldpassword = ChkString(request.form("oldpassword"))
newpassword = ChkString(request.form("newpassword1"))
newpassword2 = ChkString(request.form("newpassword2"))
%>

<%

SQLQuery2 = "UPDATE users SET newpassword2 = '" & newpassword2 & "' WHERE username = '" & username & "'"
Set RSuser = conn.Execute(SQLQuery2)


session("sesusername") = username
locreturn=session("sesslocation")&"success.asp"
session("sesslocation") = ""
%>
<%Else%>

<div align="center">Sorry have entered your username incorrectly </div>

<%End If%>

</body>
</html>
[/CODE]

Thanks again people, i really appreciate your help

Andy

Andy

Imar April 25th, 2004 01:24 PM

Hard to tell, without the exact message.

Does the database have a column called newpassword2?

Try Response.Writing out the sql statement, to see what's going on:
Code:

SQLQuery2 = "UPDATE users SET newpassword2 = '" & newpassword2 & "' WHERE username = '" & username & "'"
Response.Write("SQL Is " & SQLQuery2)
Response.End()
Set RSuser = conn.Execute(SQLQuery2)

Are you using a free host? It doesn't sound like the best service they're offering ;)

I think something when wrong with your code tags. If you click the code button on the toolbar, you get an opening and closing tag. Any code should go between those tags:
[code]
  Code here
[/code]

Cheers


Imar

---------------------------------------
Imar Spaanjaars
Everyone is unique, except for me.
While typing this post, I was listening to: Helderziende by Hans Teeuwen & Pieter Bouwman (Track 8 from the album: De mannen van de radio - improvisaties 1)


All times are GMT -4. The time now is 09:01 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.