Wrox Programmer Forums
Go Back   Wrox Programmer Forums > SQL Server > SQL Server ASP
| Search | Today's Posts | Mark Forums Read
SQL Server ASP Discussions about ASP programming with Microsoft's SQL Server. For more ASP forums, see the ASP forum category.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server ASP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
  #1 (permalink)  
Old June 8th, 2003, 11:50 PM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Statement Error

I am building a web page that requires a member to login using a username and password. The username and password are stored as such:

uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")

The username and/or password can be:

john
3456
pass52
password63

And so on.
I then use a SELECT SQL statement to search the database:

<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30

Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>


When I do this I get an error such as:

Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92

Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!

Lord Farquhar
  #2 (permalink)  
Old June 9th, 2003, 09:20 AM
Friend of Wrox
Points: 3,489, Level: 24
Points: 3,489, Level: 24 Points: 3,489, Level: 24 Points: 3,489, Level: 24
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Central, NJ, USA.
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
Default

A few items...

1. Is this in ASP or ASP.NET

If it's .NET:
1. Take advantage of strong typing!
2. Use ADO.NET rather than classic ADO.

Which line is in #92?




Hal Levy
Daddyshome, LLC
  #3 (permalink)  
Old June 9th, 2003, 06:41 PM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

It is just plain ASP. I do not have the .NET version yet. I really want it though!

Lord Farquhar
  #4 (permalink)  
Old June 9th, 2003, 07:11 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Sydney, NSW, Australia.
Posts: 215
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Which of the lines of the code you posted is line 92?

BTW you have some confusing variable names in your code. Eg MySQL is a popular and free database engine. Also prefixing a variable with cmd normally denotes an ADO Command object rather than a recordset object.

regards
David Cameron
  #5 (permalink)  
Old June 9th, 2003, 07:15 PM
Friend of Wrox
Points: 3,489, Level: 24
Points: 3,489, Level: 24 Points: 3,489, Level: 24 Points: 3,489, Level: 24
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Central, NJ, USA.
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
Default

Which line number is 92?


Hal Levy
Daddyshome, LLC
  #6 (permalink)  
Old June 9th, 2003, 08:16 PM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The line #92 is:

MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"

And the MySQL, is just a name that I have chosen.
I know it MySQL is it's own program, but that is just the string storage.


Lord Farquhar
  #7 (permalink)  
Old June 9th, 2003, 08:27 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Sydney, NSW, Australia.
Posts: 215
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'd suggest your problem is that either uname or pword is an object of some sort and attempting to concetate them into a is causing an error. I can't see how else you would get a type mismatch error.

regards
David Cameron
  #8 (permalink)  
Old June 9th, 2003, 10:21 PM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

The thing will work when it is like:

john
john_567
3465

But this won't:

pass5

That is the problem.

Lord Farquhar
  #9 (permalink)  
Old June 9th, 2003, 11:01 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: Sydney, NSW, Australia.
Posts: 111
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Why is this thread in an SQL Server group, when it's also running in the MS Access group?

Cheers
Ken

www.adOpenStatic.com
  #10 (permalink)  
Old June 10th, 2003, 11:35 AM
Registered User
 
Join Date: Jun 2003
Location: , , .
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I feel so stupid! A few lines down I realized that that it changed pword to a null value! I realized it when I hard coded pword in the page! It is fixed now! Thanks for all of your help!

Sincerely,

Lord Farquhar


Similar Threads
Thread Thread Starter Forum Replies Last Post
T-SQL statement causing error with insert/update saf SQL Language 0 September 7th, 2007 04:48 PM
convert a SQL Statement from MS Access to a SQL Corey Access 6 March 28th, 2007 12:33 PM
Syntax error on SQL statement Chris1 Access VBA 1 September 7th, 2004 07:47 AM
Getting error in sql statement Calibus Classic ASP Databases 7 August 11th, 2004 07:11 AM
SQL Statement Error riskey_457 Access ASP 4 June 9th, 2003 11:31 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.