Re: functions in asp

Stick to one thread in one newsgroup
- posting the same thing in 2 newsgroups is counter productive
See detailed responses to same post in the client newsgroup
--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
To find the best Newsgroup for FrontPage support see:
http://www.net-sites.com/sitebuilder/newsgroups.asp
_____________________________________________


"Paul M" <paul@xxxxxxxxxxxxxxxxx> wrote in message news:%23VAcZ0FtFHA.908@xxxxxxxxxxxxxxxxxxxxxxx
| Thanks guys I must be doing something wrong because when I insert the
| function I get "The page cannot be displayed" error
| Here is the section of code that I am using
|
| <%
| 'First we create a connection object
| Set Conn = Server.CreateObject("ADODB.Connection")
|
| 'Next, we open the connection object by calling the connection string
| 'that FrontPage created and stored in the global.asa file when the "store"
| 'connection was created
| Conn.Open Application("string removed for this post ConnectionString")
|
| 'Then we create a record set object and a SQL statement
| Set RS = Conn.Execute ("SELECT user_name, pass_word From Results WHERE
| user_name = '" & Request.Form("user_name") & "' AND pass_word = '" &
| Request.Form("pass_word") & "'")
|
| 'Loop through the database to check for the users information
| Do until RS.EOF
| Pass = RS("pass_word")
| Name = RS("user_name")
| RS.MoveNext
| loop
|
| 'Close the recordset and database connection
| RS.Close
| Conn.Close
|
| 'If the password given is not in the database then we don't do anything.
| 'Otherwise, we create the session objects
| IF pass = "" Then
| Message = "The Password you entered is either wrong or not found in our
| database. Please press the BACK button and try again or if you have not yet
| created a username and password then click on the registration link."
| Else
| Session("password") = Pass
| Session("username") = Name
|
| 'Now we will check to see it there is a session object for an original URL.
| 'This would have been created (as you will see later) if the user first
| tried
| 'to visit a protected page. If so, we send them there. If not, we stay here.
| IF Session("Ori_URL") = "" Then 'do nothing
| Else
| Response.redirect(session("Ori_URL"))
| End IF
| End IF
| %>
|
|
|
| "Jon Spivey" <jons@xxxxxxxx> wrote in message
| news:u4YdNQ$sFHA.3188@xxxxxxxxxxxxxxxxxxxxxxx
| > For username and password the only issue you'll have is with single quotes
| > (') so you can just do
| > <%
| > function StripQuotes(s)
| > StripQuotes = replace(s, "'", ""))
| > end function
| >
| > sPass= StripQuotes(request.form("pass"))
| > sUser = StripQuotes(request.form("user"))
| > %>
| >
| > We're just replacing a single quote with nothing.
| >
| > --
| > Cheers,
| > Jon
| > Microsoft MVP
| >
| > "Paul M" <paul@xxxxxxxxxxxxxxxxx> wrote in message
| > news:uHkztB%23sFHA.1704@xxxxxxxxxxxxxxxxxxxxxxx
| >> Thanks Kevin
| >> Can you help with parameterized queries and how to use them
| >> Paul M
| >> "Kevin Spencer" <kevin@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
| >> news:OaaPBz9sFHA.3452@xxxxxxxxxxxxxxxxxxxxxxx
| >>> If you're using SQL Server or another full-strength database server, the
| >>> easiest way to avoid SQL Injection is to use Stored Procedures. With
| >>> Access, you can actually use parameterized queries. They aren't as
| >>> powerful as Stored Procedures, but often can do what you need.
| >>>
| >>> --
| >>> HTH,
| >>>
| >>> Kevin Spencer
| >>> Microsoft MVP
| >>> .Net Developer
| >>> Neither a follower nor a lender be.
| >>>
| >>> "Paul M" <paul@xxxxxxxxxxxxxxxxx> wrote in message
| >>> news:eWpb6p9sFHA.2592@xxxxxxxxxxxxxxxxxxxxxxx
| >>>> Thanks Jon
| >>>> Maybe you can help me with this
| >>>> I have posted it on the client forum but you don't seem to be working
| >>>> there so I will ask you here
| >>>> I have a form Which with username and password fields.the form submits
| >>>> to a
| >>>> login validation asp script
| >>>> To stop SQL injection I need to Filter out server side character like
| >>>> single
| >>>> quote, double quote, slash, back slash, semi colon, extended character
| >>>> like
| >>>> NULL, carry return, new line, etc,
| >>>> I know I need to add some validation asp script to the validation asp
| >>>> page
| >>>> but I have been looking on the web and I can't find any tutorials
| >>>> Paul M
| >>>>
| >>>> "Jon Spivey" <jons@xxxxxxxx> wrote in message
| >>>> news:uuRX7d9sFHA.284@xxxxxxxxxxxxxxxxxxxxxxx
| >>>>> Hi,
| >>>>> Anywhere you like, eg
| >>>>> <%
| >>>>> function DoSomething(..)
| >>>>> '
| >>>>> DoSomething = .....
| >>>>> end function
| >>>>> %>
| >>>>>
| >>>>> <%=DoSomething('something')%>
| >>>>>
| >>>>> It's probably best practice to place them at the top of the page - ie
| >>>>> befoe <html> just to make your code easier to follow and so your
| >>>>> designer doesn't mess things up when he touches the page.
| >>>>>
| >>>>> --
| >>>>> Cheers,
| >>>>> Jon
| >>>>> Microsoft MVP
| >>>>>
| >>>>> "Paul M" <paul@xxxxxxxxxxxxxxxxx> wrote in message
| >>>>> news:O8NHr$8sFHA.3720@xxxxxxxxxxxxxxxxxxxxxxx
| >>>>>> Hi
| >>>>>> Where are asp functions placed on the page
| >>>>>> Paul M
| >>>>>>
| >>>>>
| >>>>>
| >>>>
| >>>>
| >>>
| >>>
| >>
| >>
| >
| >
|
|


.