Hi again, I have a basic login pag

[susanh]

Hi again,
I have a basic login page and login action page based on data in an Access db. It works perfect, but now I want to add another component. I want add another column to my db. The user would then go to a particular page based on what is in the db column. Now the question, How do i incorporate that into my existing code?

login action page
<cfquery name=&quot;logincheck&quot; datasource=&quot;underwriting&quot;>
select * from login
where Username='#form.Username#'
and Password='#form.Password#'
</cfquery>
<cfif #LoginCheck.recordcount# is &quot;0&quot;>
<cflocation url=&quot;login.cfm&quot;>
<cfelse>
<cflocation url=&quot;aunder.cfm&quot;>
</cfif>

 

[rlatham]

Hi,
Perhaps this could help:

From your code:
<cfif #LoginCheck.recordcount# is &quot;0&quot;>
<cflocation url=&quot;login.cfm&quot;>
<cfelse>
<cflocation url=&quot;aunder.cfm&quot;>
</cfif>

In the cfelse section, include a SWITCH which examines the value of the field you want to add.

then use the cfcase tag to send the user to the specific page you want.

<cfswitch expression=&quot;#logincheck.newColumn#&quot;>
<cfcase value=&quot;aunder.cfm&quot;><cflocation url=&quot;aunder.cfm&quot;>
</cfcase>
<cfcase value=&quot;aunder2.cfm&quot;><cflocation url=&quot;aunder2.cfm&quot;>
</cfcase>
...
</cfswitch>

Hope this helps.

 

[pcorreia]

No need for a <cfswitch> statement! Just do this:

<cflocation url=&quot;#logincheck.newColumn#&quot;>

Also, I would recommend using <cfqueryparam> to limit the length of the #FORM.password# field. Consider what would happen if someone passed in the value:

foo' OR password=(SELECT password FROM login WHERE Username='Admin') OR password='bar

You should never pass an unchecked variable directly into a query.