|
SQL Server ASP Discussions about ASP programming with Microsoft's SQL Server. For more ASP forums, see the ASP forum category. |
Welcome to the p2p.wrox.com Forums.
You are currently viewing the SQL Server ASP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
|
|
|
June 8th, 2003, 11:50 PM
|
Registered User
|
|
Join Date: Jun 2003
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
SQL Statement Error
I am building a web page that requires a member to login using a username and password. The username and password are stored as such:
uname = Request.Form("USERNAME")
pword = Request.Form("PASSWORD")
The username and/or password can be:
john
3456
pass52
password63
And so on.
I then use a SELECT SQL statement to search the database:
<%
Session("ConnGuestBook_ConnectionString") = "DBQ=" & Server.Mappath("db\Members.mdb") & ";DefaultDir=" & Server.Mappath("db\") & ";Driver={Microsoft Access Driver (*.mdb)};DriverId=25;FIL=MS Access;ImplicitCommitSync=Yes;MaxBufferSize=512;Ma xScanRows=8;PageTimeout=5;SafeTransactions=0;Threa ds=3;UID=admin;UserCommitSync=Yes;"
Session("ConnGuestBook_ConnectionTimeout") = 15
Session("ConnGuestBook_CommandTimeout") = 30
Dim CmdShowEntries
Dim MySQL
Set CmdShowEntries = Server.CreateObject("ADODB.Recordset")
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
CmdShowEntries.Open MySQL,Session("ConnGuestBook_ConnectionString"),3
%>
When I do this I get an error such as:
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[object]'
confirm.asp, line 92
Does anybody know how I can fix this so it works with alpha-numeric inputs?
Thanks for your time!
Lord Farquhar
|
June 9th, 2003, 09:20 AM
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
|
|
A few items...
1. Is this in ASP or ASP.NET
If it's .NET:
1. Take advantage of strong typing!
2. Use ADO.NET rather than classic ADO.
Which line is in #92?
Hal Levy
Daddyshome, LLC
|
June 9th, 2003, 06:41 PM
|
Registered User
|
|
Join Date: Jun 2003
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
It is just plain ASP. I do not have the .NET version yet. I really want it though!
Lord Farquhar
|
June 9th, 2003, 07:11 PM
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 215
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Which of the lines of the code you posted is line 92?
BTW you have some confusing variable names in your code. Eg MySQL is a popular and free database engine. Also prefixing a variable with cmd normally denotes an ADO Command object rather than a recordset object.
regards
David Cameron
|
June 9th, 2003, 07:15 PM
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 1,101
Thanks: 0
Thanked 2 Times in 2 Posts
|
|
Which line number is 92?
Hal Levy
Daddyshome, LLC
|
June 9th, 2003, 08:16 PM
|
Registered User
|
|
Join Date: Jun 2003
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
The line #92 is:
MySQL = "SELECT BOOK1.* FROM BOOK1 WHERE ((USERNAME = '" & uname & "' ) AND (PASSWORD = '" & pword & "' ))"
And the MySQL, is just a name that I have chosen.
I know it MySQL is it's own program, but that is just the string storage.
Lord Farquhar
|
June 9th, 2003, 08:27 PM
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 215
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I'd suggest your problem is that either uname or pword is an object of some sort and attempting to concetate them into a is causing an error. I can't see how else you would get a type mismatch error.
regards
David Cameron
|
June 9th, 2003, 10:21 PM
|
Registered User
|
|
Join Date: Jun 2003
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
The thing will work when it is like:
john
john_567
3465
But this won't:
pass5
That is the problem.
Lord Farquhar
|
June 9th, 2003, 11:01 PM
|
Friend of Wrox
|
|
Join Date: Jun 2003
Posts: 111
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Why is this thread in an SQL Server group, when it's also running in the MS Access group?
Cheers
Ken
www.adOpenStatic.com
|
June 10th, 2003, 11:35 AM
|
Registered User
|
|
Join Date: Jun 2003
Posts: 8
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I feel so stupid! A few lines down I realized that that it changed pword to a null value! I realized it when I hard coded pword in the page! It is fixed now! Thanks for all of your help!
Sincerely,
Lord Farquhar
|
|
|