Re: Validate logins with ASP, MS Access and Cookies error
- From: "Steven Burn" <somewhere@xxxxxxxxxxxxxxx>
- Date: Sat, 15 Apr 2006 19:39:38 +0100
AGAIN, stop using "Select *" !!!!!!
http://aspfaq.com/show.asp?id=2096
As for returning the users actual name, just select it from the DB;
strSQL = "Select UsersName, UID From tblUsers Where UID = '" & strUID & "'"
Where "UsersName" is the name of the field that holds the data you require.
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:444133fc$0$23199$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks Guys, i have now cleaned up the code and it is working ok. Just oneaas
thing I want to ask! on the login successful page it shows the username
typed into the form UID field.. what I would like to do now is actullydouble
return another column from the database that stores the users 1st name :-)
any tips
here is the code I am using now. :-)
<%@ Language="VBScript"%>
<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
Files\System\ado\msado15.dll" -->
<!-- #include file="Connectionstring.asp" -->
<%
' variables
dim cnStr, rcSet, frmUID, frmPWD, sqlStr
'store form input into variables
frmUID = Request.Form("UID")
frmPWD = Request.Form("PWD")
'create connection and recordset objects
Set cnStr = Server.CreateObject("ADODB.Connection")
' defining database connection (connectionstring.asp)
cnStr.ConnectionString = path
cnStr.Provider = provider
cnStr.open
' execute sql and open as recordset
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") & "'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
If Len(frmUID) < 1 Then frmUID = "NULL"
If Len(frmPWD) < 1 Then frmPWD = "NULL"
Set rcSet = cnStr.Execute(sqlStr)
If NOT rcSet.EOF Then
response.cookies("validated_user") = frmUID
response.write "<h1>Login successful!</h1>"
response.write "<p>Welcome " & rcSet(0) & "</p>"
else
response.write "Incorrect Username and/or Password"
end if
cnStr.Close: Set cnStr = Nothing
Set rcSet = Nothing
%>
I had to change this code
response.write "<p>Welcome " & rcSet(1) & "</p>"
to this code
response.write "<p>Welcome " & rcSet(0) & "</p>"
so that it would display the username and not the password ;-)
not bad for a guess. :-)
Regards
Malcolm
"Steven Burn" <somewhere@xxxxxxxxxxxxxxx> wrote in message
news:e%237BQOLYGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
Change;
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") & "'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
To;
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
Response.Write "<b><i>DEBUG</i><b><br>Username: " _
& frmUID & "<br>Password: " & frmPWD
sqlStr = "Select * From tblusers where UID = '" _
& frmUID & "' and PWD = '" & frmPWD & "'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:4441284e$0$23185$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am now presented with incorrect Username and/or Password. I have
Request.Form("PWD")checked this.
I now have the following code in my page
<%@ Language="VBScript"%>
<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
Files\System\ado\msado15.dll" -->
<!-- #include file="Connectionstring.asp" -->
<%
' /////////////////////////////////////
' login validation script
' © Matt Millross
' www.designplace.org
' free for use as long as copyright notice left intact
' For more scripts, visit www.designplace.org
' /////////////////////////////////////
' variables
dim cnStr, rcSet, frmUID, frmPWD, sqlStr
'store form input into variables
frmUID = Request.Form("UID")
frmPWD = Request.Form("PWD")
'create connection and recordset objects
Set cnStr = Server.CreateObject("ADODB.Connection")
'// THIS IS NOT NEEDED!
'// Set rcSet = Server.CreateObject("ADODB.Recordset")
' defining database connection (connectionstring.asp)
cnStr.ConnectionString = path
cnStr.Provider = provider
cnStr.open
' execute sql and open as recordset
'// sqlStr = "Select * From tblusers where username = '" _
'// & Request.Form("UID") & "' and password = '" &
"'"&
"'"
'// You've already stored the user/pass into a local var - use them!
'// and NEVER use "Select * ..."
'//
'// http://aspfaq.com/show.asp?id=2096
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
information.
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
'// Then go...
Set rcSet = cnStr.Execute(sqlStr)
If NOT rcSet.EOF Then
response.cookies("validated_user") = frmUID
response.write "<h1>Login successful!</h1>"
'// Forget using rcSet.Fields, and just use rcSet
'// directly
response.write "<p>Welcome " & rcSet(1) & "</p>"
else
response.write "incorrect Username and/or Password"
end if
'// Don't forget to cleanup after yourself
cnStr.Close: Set cnStr = Nothing
Set rcSet = Nothing
%>
Regards
Malcolm
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:4441273b$0$23177$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UID and PWD are the 2 fields in my database that hold the
am
I have now changed the code
"Mike Brind" <paxtonend@xxxxxxxxxxx> wrote in message
news:1145119070.271743.314040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
malcolm wrote:
Hi, while trying to validate username and password on login form I
Request.Form("PWD")presented with the following error message
Microsoft JET Database Engine error '80040e10'
No value given for one or more required parameters.
/vdateUsr.asp, line 53
The 2 fields within the database are text fields (UID) and (PWD)
these
are
spelt correctly!
<snip>
sqlStr = "Select * From tblusers where username = '" _
& Request.Form("UID") & "' and password = '" &
to&
"'"
No - they're not spelt correctly. In your SQL statement you refer
calledtwo fields called username and password, yet you said they are
UID and PWD. Which is correct?
--
Mike Brind
.
- Follow-Ups:
- References:
- Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Mike Brind
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Steven Burn
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Validate logins with ASP, MS Access and Cookies error
- Prev by Date: Re: Validate logins with ASP, MS Access and Cookies error
- Next by Date: Re: Validate logins with ASP, MS Access and Cookies error
- Previous by thread: Re: Validate logins with ASP, MS Access and Cookies error
- Next by thread: Re: Validate logins with ASP, MS Access and Cookies error
- Index(es):
Relevant Pages
|
Loading
