Re: Validate logins with ASP, MS Access and Cookies error
- From: "malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx>
- Date: Sun, 16 Apr 2006 22:05:11 +0100
I do follow articles like those found on these websites.
when it goes wrong I am stuck and need to speak to guys like you 2.
What good books can you recommend ? I am obviously interested in ASP and
basic scripts.
Regards
Malcolm
www.bankchargesrefunded.co.uk
"Mike Brind" <paxtonend@xxxxxxxxxxx> wrote in message
news:1145131736.516317.252350@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Steve was pointing out that SELECT *(asterisk) is a BAD thing. SELECT
* returns all the rows in the tables in your FROM clause. When we
changed the SELECT statement to SELECT [name], UID FROM... it got round
the SELECT * problem.
If you plan to do much more ASP, I would advise looking for tutorials
that explain the code they offer, rather than these kinds of free
scripts. There are some excellent sites around, including
www.asp101.com and www.learnasp.com.
Another way to learn stuff is to make mistakes, and copy and paste the
error messages into www.aspfaq.com.
Good luck
--
Mike Brind
malcolm wrote:
I have now changed the code which Mike advised and it now works.
I have no idea how to do that Steven! I did read the article that you
refer
me too.
I have not stopped using "Select" because I don't know what to replace it
with!! I have gone back over the trail and found this
'// and NEVER use "Select * ..."
'//
'// http://aspfaq.com/show.asp?id=2096
I read that article. 2096 1st time but not sure how to implement the
changes
you recommend ?
Regards
Malcolm
"Steven Burn" <somewhere@xxxxxxxxxxxxxxx> wrote in message
news:edTpQvLYGHA.4484@xxxxxxxxxxxxxxxxxxxxxxx
AGAIN, stop using "Select *" !!!!!!
http://aspfaq.com/show.asp?id=2096
As for returning the users actual name, just select it from the DB;
strSQL = "Select UsersName, UID From tblUsers Where UID = '" & strUID &
"'"
Where "UsersName" is the name of the field that holds the data you
require.
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:444133fc$0$23199$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks Guys, i have now cleaned up the code and it is working ok. Justaas
one
thing I want to ask! on the login successful page it shows the username
typed into the form UID field.. what I would like to do now is actullydouble
return another column from the database that stores the users 1st name
:-)
any tips
here is the code I am using now. :-)
<%@ Language="VBScript"%>
<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
Files\System\ado\msado15.dll" -->
<!-- #include file="Connectionstring.asp" -->
<%
' variables
dim cnStr, rcSet, frmUID, frmPWD, sqlStr
'store form input into variables
frmUID = Request.Form("UID")
frmPWD = Request.Form("PWD")
'create connection and recordset objects
Set cnStr = Server.CreateObject("ADODB.Connection")
' defining database connection (connectionstring.asp)
cnStr.ConnectionString = path
cnStr.Provider = provider
cnStr.open
' execute sql and open as recordset
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
"'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
If Len(frmUID) < 1 Then frmUID = "NULL"
If Len(frmPWD) < 1 Then frmPWD = "NULL"
Set rcSet = cnStr.Execute(sqlStr)
If NOT rcSet.EOF Then
response.cookies("validated_user") = frmUID
response.write "<h1>Login successful!</h1>"
response.write "<p>Welcome " & rcSet(0) & "</p>"
else
response.write "Incorrect Username and/or Password"
end if
cnStr.Close: Set cnStr = Nothing
Set rcSet = Nothing
%>
I had to change this code
response.write "<p>Welcome " & rcSet(1) & "</p>"
to this code
response.write "<p>Welcome " & rcSet(0) & "</p>"
so that it would display the username and not the password ;-)
not bad for a guess. :-)
Regards
Malcolm
"Steven Burn" <somewhere@xxxxxxxxxxxxxxx> wrote in message
news:e%237BQOLYGHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
Change;
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
"'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
To;
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
Response.Write "<b><i>DEBUG</i><b><br>Username: " _
& frmUID & "<br>Password: " & frmPWD
sqlStr = "Select * From tblusers where UID = '" _
& frmUID & "' and PWD = '" & frmPWD & "'"
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
--
Regards
Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk
Keeping it FREE!
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:4441284e$0$23185$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I am now presented with incorrect Username and/or Password. I have
Request.Form("PWD")checked this.
I now have the following code in my page
<%@ Language="VBScript"%>
<!-- METADATA TYPE="typelib" FILE="C:\Program Files\Common
Files\System\ado\msado15.dll" -->
<!-- #include file="Connectionstring.asp" -->
<%
' /////////////////////////////////////
' login validation script
' © Matt Millross
' www.designplace.org
' free for use as long as copyright notice left intact
' For more scripts, visit www.designplace.org
' /////////////////////////////////////
' variables
dim cnStr, rcSet, frmUID, frmPWD, sqlStr
'store form input into variables
frmUID = Request.Form("UID")
frmPWD = Request.Form("PWD")
'create connection and recordset objects
Set cnStr = Server.CreateObject("ADODB.Connection")
'// THIS IS NOT NEEDED!
'// Set rcSet = Server.CreateObject("ADODB.Recordset")
' defining database connection (connectionstring.asp)
cnStr.ConnectionString = path
cnStr.Provider = provider
cnStr.open
' execute sql and open as recordset
'// sqlStr = "Select * From tblusers where username = '" _
'// & Request.Form("UID") & "' and password = '" &
"'"&
"'"
'// You've already stored the user/pass into a local var - use them!
'// and NEVER use "Select * ..."
'//
'// http://aspfaq.com/show.asp?id=2096
sqlStr = "Select * From tblusers where UID = '" _
& Request.Form("UID") & "' and PWD = '" & Request.Form("PWD") &
information.
' Opens the returned values from the SQL as a recordset,
' ready for iteration by ASP
'// <<< LINE 53 >>> set rcSet = cnStr.Execute(sqlStr)
' validate variables against database
// If (not rcSet.BOF) and (not rcSet.EOF) then
'// Check before processing
If Len(frmUsername) < 1 Then frmUsername = "NULL"
If Len(frmPassword) < 1 Then frmPassword = "NULL"
'// Then go...
Set rcSet = cnStr.Execute(sqlStr)
If NOT rcSet.EOF Then
response.cookies("validated_user") = frmUID
response.write "<h1>Login successful!</h1>"
'// Forget using rcSet.Fields, and just use rcSet
'// directly
response.write "<p>Welcome " & rcSet(1) & "</p>"
else
response.write "incorrect Username and/or Password"
end if
'// Don't forget to cleanup after yourself
cnStr.Close: Set cnStr = Nothing
Set rcSet = Nothing
%>
Regards
Malcolm
"malcolm" <malcolm.whyte@xxxxxxxxxxxxxxxxx> wrote in message
news:4441273b$0$23177$ed2e19e4@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
UID and PWD are the 2 fields in my database that hold the
am
I have now changed the code
"Mike Brind" <paxtonend@xxxxxxxxxxx> wrote in message
news:1145119070.271743.314040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
malcolm wrote:
Hi, while trying to validate username and password on login form
I
Request.Form("PWD")presented with the following error message
Microsoft JET Database Engine error '80040e10'
No value given for one or more required parameters.
/vdateUsr.asp, line 53
The 2 fields within the database are text fields (UID) and (PWD)
these
are
spelt correctly!
<snip>
sqlStr = "Select * From tblusers where username = '" _
& Request.Form("UID") & "' and password = '" &
to&
"'"
No - they're not spelt correctly. In your SQL statement you
refer
calledtwo fields called username and password, yet you said they are
UID and PWD. Which is correct?
--
Mike Brind
.
- Follow-Ups:
- References:
- Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Mike Brind
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Steven Burn
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Steven Burn
- Re: Validate logins with ASP, MS Access and Cookies error
- From: malcolm
- Re: Validate logins with ASP, MS Access and Cookies error
- From: Mike Brind
- Validate logins with ASP, MS Access and Cookies error
- Prev by Date: Re: Validate logins with ASP, MS Access and Cookies error
- Next by Date: Re: Validate logins with ASP, MS Access and Cookies error
- Previous by thread: Re: Validate logins with ASP, MS Access and Cookies error
- Next by thread: Re: Validate logins with ASP, MS Access and Cookies error
- Index(es):
Relevant Pages
|
