Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Performing a query and viewing information

Status
Not open for further replies.
mbutler55

mbutler55

Instructor
Feb 5, 2003
33
US
I have set up the database to make the connection, now I am trying to get information out of the db. The user will type in a username and password and I need to check to see if the person matches someone in the db. Pretty elementary I am sure, but I am doing something wrong.

<% Dim objRS
Set objRS = Server.CreateObject (&quot;ADODB.Recordset&quot;)
objRS.Open &quot;UsernamePassword&quot;, objConn, , , 2
Dim strName, strPassword
strName = Request (&quot;Username&quot;)
strPassword = Request (&quot;Password&quot;)
Session (&quot;Username&quot;) = strName
Session (&quot;Password&quot;) = strPassword %>

later on for the comparison I have:

<% objRS.Filter = &quot;Username = &quot; & strName
If Not objRS.EOF then
Response.Redirect &quot;members.asp&quot;
Else
Response.End
end if
%>

Any help is GREATLY appreciated.
 
Sort by date Sort by votes
Rather than open the entire table (which will give you the additional wait time for communication and such) why not simply run an SQL query like so:
Code: 
sqlStr = &quot;SELECT * FROM UsernamePassword WHERE fldUsername = '&quot; & strName & &quot;' AND fldPassword = '&quot; & strPassword & &quot;'&quot;

Then you can do your EOF check because if the person exists it will return the single row that matches, if they don't exist it will return nothing.

Also, you should probably replace any single quotes in the username or password strings before putting them in the SQL query or you will leave yourself open tio an SQL injection attack:
Code: 
strName = Replace(Request(&quot;Username&quot;),&quot;'&quot;,&quot;''&quot;)

Then since your requesting the information from the db anyway, I would use the username and password from the database as your session variable values, this way the capitalization will always be exactly the same, rather than dependant on how they entered it in the login screen.

Hope this helps,
-Tarwn
________________________________________________
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048
 
Upvote 0 Downvote
So now I have changed it to:
<%@ Language=VBScript %>

<% Option Explicit

Dim objConn
Set objConn = Server.CreateObject(&quot;ADODB.Connection&quot;)
objConn.ConnectionString = &quot;PROVIDER=Microsoft.Jet.OLEDB.4.0;DATA SOURCE=&quot;& Server.MapPath(&quot;fpdb/CryoCathIPR.mdb&quot;) & &quot;;&quot;

Dim sqlStr
sqlStr = &quot;SELECT * FROM UnamePword WHERE fldUsername = '&quot; & strName & &quot;' AND fldPassword = '&quot; & strPassword & &quot;'&quot;

Dim strName, strPassword
strName = Replace(Request(&quot;Username&quot;),&quot;'&quot;,&quot;''&quot;)
strPassword = Replace(Request(&quot;Password&quot;),&quot;'&quot;,&quot;''&quot;)
Session (&quot;Username&quot;) = strName
Session (&quot;Password&quot;) = strPassword
%>

with the comparison as
<%
If Not sqlStr.EOF then
Response.Redirect &quot;members.asp&quot;
Else
Response.End
end if
%>

But now I get an error message of:
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
Error Type:
Microsoft VBScript runtime (0x800A01A8)
Object required: 'SELECT * FROM UnameP'
/cyrocathipr/cryocath/checkstatus.asp, line 66


Line 66 is the If . . . Then line. It seems to me the SELECT & From UnameP . . . is already at the top in the &quot;header&quot; section.
 
Upvote 0 Downvote
You still need to either use a recordset and .Open or use a COnnection/Command object and .Execute it into a recordset. SQL is only the language you use to communicate with the database, you still need to send this query (you can think of it as a request) to the database and capture it's response.

-Tarwn ________________________________________________
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048
 
Upvote 0 Downvote
I hate to appear as a total doo-doo, but being EXTREMELY new to this, I have NO CLUE what you are talking about. Could you give me an example or someplace that has VERY simple tutorial type explanations. I have published a database/webpage before but using a very elementary and old &quot;language&quot; called CDML.
 
Upvote 0 Downvote
Ok, you could use the SQL string in your objRS.Open string that you were first using by chainging the 2 (adOpenTable constant) with a 1 (adOpenText) which basically tells the database your executing a query instead of just opening a table.

I would write some examples, but I have found the ones at w3schools to be very complete, here is a link to their ADO section, you want to look at the Recordset object for more examples.


Hope this helps,
-Tarwn ________________________________________________
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
548
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
First execute an input command and only then proceed with displaying the next record of the table
Replies
0
Views
466
leifoet
leifoet
leifoet
  • Locked
  • Question
Wrong code in a href ?
Replies
1
Views
553
leifoet
leifoet
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
559
leifoet
leifoet
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
559
JScannell
JScannell

Part and Inventory Search

Sponsor

Back
Top