p2p.wrox.com Forums

p2p.wrox.com Forums (http://p2p.wrox.com/index.php)
-   SQL Server ASP (http://p2p.wrox.com/forumdisplay.php?f=101)
-   -   SQL Statement Error (http://p2p.wrox.com/showthread.php?t=306)

riskey_457 June 8th, 2003 11:50 PM

SQL Statement Error
 
I am building a web page that requires a member to login using a username and password. The username and password are stored as such:

uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")

The username and/or password can be:

john
3456
pass52
password63

And so on.
I then use a SELECT SQL statement to search the database:

<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30

Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>


When I do this I get an error such as:

Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92

Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!

Lord Farquhar

Hal Levy June 9th, 2003 09:20 AM

A few items...

1. Is this in ASP or ASP.NET

If it's .NET:
1. Take advantage of strong typing!
2. Use ADO.NET rather than classic ADO.

Which line is in #92?




Hal Levy
Daddyshome, LLC

riskey_457 June 9th, 2003 06:41 PM

It is just plain ASP. I do not have the .NET version yet. I really want it though!

Lord Farquhar

David Cameron June 9th, 2003 07:11 PM

Which of the lines of the code you posted is line 92?

BTW you have some confusing variable names in your code. Eg MySQL is a popular and free database engine. Also prefixing a variable with cmd normally denotes an ADO Command object rather than a recordset object.

regards
David Cameron

Hal Levy June 9th, 2003 07:15 PM

Which line number is 92?


Hal Levy
Daddyshome, LLC

riskey_457 June 9th, 2003 08:16 PM

The line #92 is:

MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"

And the MySQL, is just a name that I have chosen.
I know it MySQL is it's own program, but that is just the string storage.


Lord Farquhar

David Cameron June 9th, 2003 08:27 PM

I'd suggest your problem is that either uname or pword is an object of some sort and attempting to concetate them into a is causing an error. I can't see how else you would get a type mismatch error.

regards
David Cameron

riskey_457 June 9th, 2003 10:21 PM

The thing will work when it is like:

john
john_567
3465

But this won't:

pass5

That is the problem.

Lord Farquhar

KenSchaefer June 9th, 2003 11:01 PM

Why is this thread in an SQL Server group, when it's also running in the MS Access group?

Cheers
Ken

www.adOpenStatic.com

riskey_457 June 10th, 2003 11:35 AM

I feel so stupid! A few lines down I realized that that it changed pword to a null value! I realized it when I hard coded pword in the page! It is fixed now! Thanks for all of your help!

Sincerely,

Lord Farquhar


All times are GMT -4. The time now is 01:35 PM.

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.