Re: Validate logins with ASP, MS Access and Cookies error

I am now presented with incorrect Username and/or Password. I have double
checked this.

I now have the following code in my page

<%@ Language="VBScript"%>

<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
Files\System\ado\msado15.dll" -->
<!-- #include file="Connectionstring.asp" -->
<%
' /////////////////////////////////////
' login validation script
' © Matt Millross
' www.designplace.org
' free for use as long as copyright notice left intact
' For more scripts, visit www.designplace.org
' /////////////////////////////////////

' variables
dim cnStr, rcSet, frmUID, frmPWD, sqlStr

'store form input into variables
frmUID = Request.Form("UID")
frmPWD = Request.Form("PWD")

'create connection and recordset objects
Set cnStr = Server.CreateObject("ADODB.Connection")
'// THIS IS NOT NEEDED!
'// Set rcSet = Server.CreateObject("ADODB.Recordset")

' defining database connection (connectionstring.asp)
cnStr.ConnectionString = path
cnStr.Provider = provider
cnStr.open

' execute sql and open as recordset
'// sqlStr = "Select * From tblusers where username = '" _
'// & Request.Form("UID") & "' and password = '" & Request.Form("PWD") &
"'"
'// You've already stored the user/pass into a local var - use them!
'// and NEVER use "Select * ..."
'//
'// http://aspfaq.com/show.asp?id=2096

sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") & "'"

' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then

'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
'// Then go...
Set rcSet = cnStr.Execute(sqlStr)

If NOT rcSet.EOF Then
response.cookies("validated_user") = frmUID
response.write "<h1>Login successful!</h1>"
'// Forget using rcSet.Fields, and just use rcSet
'// directly
response.write "<p>Welcome " & rcSet(1) & "</p>"
else
response.write "incorrect Username and/or Password"
end if

'// Don't forget to cleanup after yourself
cnStr.Close: Set cnStr = Nothing
Set rcSet = Nothing
%>


Regards
Malcolm


"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:4441273b$0$23177$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UID and PWD are the 2 fields in my database that hold the information.

I have now changed the code

"Mike Brind" <paxtonend@xxxxxxxxxxx> wrote in message
news:1145119070.271743.314040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

malcolm wrote:
Hi, while trying to validate username and password on login form I am
presented with the following error message


Microsoft JET Database Engine error '80040e10'

No value given for one or more required parameters.

/vdateUsr.asp, line 53

The 2 fields within the database are text fields (UID) and (PWD) these
are
spelt correctly!


<snip>
sqlStr = "Select * From tblusers where username = '" _
& Request.Form("UID") & "' and password = '" & Request.Form("PWD") &
"'"


No - they're not spelt correctly. In your SQL statement you refer to
two fields called username and password, yet you said they are called
UID and PWD. Which is correct?

--
Mike Brind





.