?
Solved

ASP defined variables into JavaScript passed onto an ASP page

Posted on 2003-03-12
15
Medium Priority
?
313 Views
Last Modified: 2010-08-05
I am trying to use a simple javascript password to protect a dynamically created link.  I tried to pass the variables like I would in ASP, but obviously it didn't work.  The variables are defined on the same page in ASP.  Here is the code: (this is my first time using this forum and I am by no means good at web development)



<SCRIPT LANGUAGE="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function password() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password','');
while (testV < 3) {
if (!pass1)
history.go(-1);
if (pass1 == "password") {
alert('You Got it Right!');
window.open('entry_form.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &fdo=" & FDO_Number & " &cust_name=" & Cust & " &cust_address=" & cust_address & " &cust_city=" & cust_city & " &cust_state=" & cust_state & " &cust_zip=" & cust_zip & " &items=" & item & " &dollies=" & dolly & " &carrier=" & Carrier & " &ship_date=" & Ship_Date & " &id=" & db_id & "');
break;
}
testV+=1;
var pass1 =
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1!="password" & testV ==3)              
history.go(-1);
return " ";
}
// End -->
</SCRIPT>
</head>


<!--  define the results in the recordset -->
       <%
               rst.movefirst
               Do while not rst.eof
                    db_id = rst("id")
                    Cust = rst("cust_name")
                    cust_address = rst("cust_address")
                    cust_city = rst("cust_city")
                    cust_state = rst("cust_state")
                    cust_zip = rst("cust_zip")
                    FDO_Number = rst("fdo")
                    oracle_number = rst("oracle_number")
                    Tracking_Number = rst("airway_bill")
                    Carrier = rst("carrier")
                    Ship_Date = rst("ship_date")
                    item = rst("items")
                    dolly = rst("dollies")
                   

     query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
     set rst2=objConn.execute (query2)
               rst2.movefirst
               Do while not rst2.eof
                    carrier_id = rst2("carrier_id")
                    name = rst2("name")
                    image = rst2("image")
                    url_std = rst2("url_std")
                    url_track = rst2("url_track")
               rst2.MoveNext        
               loop
          %>



<FORM>
<input type="button" value="Enter Password Protected Area" onClick="password()">
</FORM>




Whether you can or cannot help me, thank you very much for taking the time,
Brad
0
Comment
Question by:waldeux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
15 Comments
 
LVL 11

Expert Comment

by:locke_a
ID: 8121996
Brad,

Because ASP is server side, and javascript is running client side, your window.open('string" & variable & "stringcontinued') does not work.  Try substituting the following:

window.open('entry_form.asp?oracle_number=<%=oracle_number%>&airway_bill=<%=Tracking_Number%>&fdo=<%=FDO_Number%>&cust_name=<%=Cust%>&cust_address=<%=cust_address%>&cust_city=<%=cust_city%>&cust_state=<%=cust_state%>&cust_zip=<%=cust_zip%>&items=<%=item%>&dollies=<%=dolly%>&carrier=<%=Carrier%>&ship_date=<%=Ship_Date%>&id=<%=db_id%>');

This is of course assuming that you have already initialized the variables in the ASP.

AL
0
 
LVL 11

Expert Comment

by:locke_a
ID: 8122084
Brad,

You'll want to move all of this:

<!--  define the results in the recordset -->
      <%
              rst.movefirst
              Do while not rst.eof
                   db_id = rst("id")
                   Cust = rst("cust_name")
                   cust_address = rst("cust_address")
                   cust_city = rst("cust_city")
                   cust_state = rst("cust_state")
                   cust_zip = rst("cust_zip")
                   FDO_Number = rst("fdo")
                   oracle_number = rst("oracle_number")
                   Tracking_Number = rst("airway_bill")
                   Carrier = rst("carrier")
                   Ship_Date = rst("ship_date")
                   item = rst("items")
                   dolly = rst("dollies")
                   

    query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
    set rst2=objConn.execute (query2)
              rst2.movefirst
              Do while not rst2.eof
                   carrier_id = rst2("carrier_id")
                   name = rst2("name")
                   image = rst2("image")
                   url_std = rst2("url_std")
                   url_track = rst2("url_track")
              rst2.MoveNext        
              loop
         %>

To the very top of your page (above the <html>)

AL
0
 

Expert Comment

by:Kaoscrew-Sixpack
ID: 8122649
Waldeux,

Better be care full when your sending such a large amount of information to a new web page call.  You could find yourself reaching the maximum limit.

Here a simple solution.  You are passing some unique identifier (ID fields).  Just pass those fields and then in the beginning of you page you are calling, you can extract those values form the database. That way you can also verify that if the ID is not found in the system, fo say someone tried to manually call the page by changing the value, you can display an error message.

Passing the Key Identity values removes the possibilty of a large amount of values being passed from page to page.

Good Luck,

Six
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 11

Expert Comment

by:locke_a
ID: 8122680
Good point six.

Brad, you may be able to do your database query on the 'Entry_form.asp' page.  Then all you have to pass through is the carrier variable:

window.open('entry_form.asp?carrier=<%=Carrier%>');

and on 'entry_form.asp' do:

<!--  define the results in the recordset -->
     <%
             rst.movefirst
             Do while not rst.eof
                  db_id = rst("id")
                  Cust = rst("cust_name")
                  cust_address = rst("cust_address")
                  cust_city = rst("cust_city")
                  cust_state = rst("cust_state")
                  cust_zip = rst("cust_zip")
                  FDO_Number = rst("fdo")
                  oracle_number = rst("oracle_number")
                  Tracking_Number = rst("airway_bill")
                  Carrier = rst("carrier")
                  Ship_Date = rst("ship_date")
                  item = rst("items")
                  dolly = rst("dollies")
                 

   query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
   set rst2=objConn.execute (query2)
             rst2.movefirst
             Do while not rst2.eof
                  carrier_id = rst2("carrier_id")
                  name = rst2("name")
                  image = rst2("image")
                  url_std = rst2("url_std")
                  url_track = rst2("url_track")
             rst2.MoveNext        
             loop
        %>

AL
0
 
LVL 11

Expert Comment

by:locke_a
ID: 8122714
Is there a reason that you are doing the login process in javascript rather than server side using a form, and posting page?

If someone wanted to get in, they can view source, and see the 'password' stored in the javascript.  Or, see the page that you are redirecting to and could put that in their browsers address bar and skip your validation entirely.

If you are interested in a server side (ASP) version of the same thing, let me know, and I can show you how it's done.

AL
0
 

Author Comment

by:waldeux
ID: 8127793
The original configuration starts with default.asp which has sort functions and passes results to result.asp which uses select statements to call requested data from the database by using Request.QueryString.
This result.asp page originally created a link for each record and passed some variables to update_form.asp which allowed the user to update the fields.
Since I wanted to protect this page, I tried using a freebie (the top asp portion copied from the previous page):

<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill )2001
           If you want your own  Login Script then goto http://www.webwizguide.info -->
 
<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")


query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>
<%
dim strOracleNumber

strOracleNumber = Request.QueryString ("oracle_number")
%>
<%
db_id = rsShipTrack("id")
                        Cust = rsShipTrack("cust_name")
                        cust_address = rsShipTrack("cust_address")
                        cust_city = rsShipTrack("cust_city")
                        cust_state = rsShipTrack("cust_state")
                        cust_zip = rsShipTrack("cust_zip")
                        FDO_Number = rsShipTrack("fdo")
                        oracle_number = rsShipTrack("oracle_number")
                        Tracking_Number = rsShipTrack("airway_bill")
                        Carrier = rsShipTrack("carrier")
                        Ship_Date = rsShipTrack("ship_date")
                        item = rsShipTrack("items")
                        dolly = rsShipTrack("dollies")
                        pass1 = oracle_number
                        pass2 = fdo_number
                        pass3 = cust_name
                        pass4 = cust_address
                        pass5 = cust_city
                        pass6 = cust_state
                        pass7 = cust_zip
                        pass8 = tracking_number1
                        pass9 = item1
                        pass10 = dollies1
                        pass11 = tracking_number2
                        pass12 = dollies2
                        pass13 = item2
                        pass14 = tracking_number3
                        pass15 = dollies3
                        pass16 = item3
                        pass17 = tracking_number4
                        pass18 = dollies4
                        pass19 = item4
                        pass20 = tracking_number5
                        pass21 = dollies5
                        pass22 = item5
                        pass23 = carrier
                        pass24 = ship_date

mydata = Request.QueryString("airway_bill")
                                                            
%>
</head>
<form name="Login" method="post" action = "default.asp?oracle_number1=" & oracle_number & " &airway_bill=" & Tracking_Number & " &fdo=" & FDO_Number & " &cust_name=" & Cust & " &cust_address=" & cust_address & " &cust_city=" & cust_city & " &cust_state=" & cust_state & " &cust_zip=" & cust_zip & " &items=" & item & " &dollies=" & dolly & " &carrier=" & Carrier & " &ship_date=" & Ship_Date & " &id=" & db_id & "">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center">
      <h1>Login</h1>
    </td>
  </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
    <tr>
      <td align="right" height="47" valign="bottom" width="94">User name: </td>
      <td height="47" valign="bottom" width="172">
        <input type="text" name="txtUserName">
      </td>
    </tr>
    <tr>
      <td align="right" width="94">Password: </td>
      <td width="172">
        <input type="password" name="txtUserPass">
      </td>
    </tr>
    <tr>
      <td align="right" height="44" width="94">&nbsp;</td>
      <td height="44" width="172">
        <input type="submit" name="Submit" value="Submit">
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <input type="reset" name="Submit2" value="Submit">
      </td>
    </tr>
  </table>
</form>
<br>
<center>
  Session Cookies must be enabled<br>
  <br>
  <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>




I could see that all variables were being passed to this page, but I wanted the string to then be passed, with the two form inputs, to the check_user.asp page to verify:

<%
'Dimension variables
Dim adoCon             'Database Connection Variable
Dim strCon            'Holds the Database driver and the path and name of the database
Dim rsCheckUser             'Database Recordset Variable
Dim strAccessDB       'Holds the Access Database Name
Dim strSQL             'Database query sring
Dim strUserName       'Holds the user name
Dim strOracleNumber      'Holds the oracle number

strOracleNumber = Request.QueryString("oracle_number")


'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")
                  
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
      
      'Read in the password for the user from the database
      If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
            
            'If the password is correct then set the session variable to True
            Session("blnIsUserGood") = True
            
            'Close Objects before redirecting
            Set adoCon = Nothing
            Set strCon = Nothing
            Set rsCheckUser = Nothing
            
            'Redirect to the authorised user page and send the users name
            Response.Redirect"update_form.asp?name=" & strOracleNumber"
End If
End If
            
'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
      
'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>

The problem here was that I noticed the QueryString wasn't even being sent here and I also wasn't sure if the response.redirect was working.  I've simplified the variables passed after the response.redirect just for testing purposes, I would like to pass that original string.

The reason I'm not using another asp page to verify password is that I could not figure out how to pass a querystring variable on a form.  What I needed on the next page (passprotect.asp) was the variables from the original page.

Do you think I should add the asp code to each page to recreate the select statement and use only three key identifier variables?
0
 

Author Comment

by:waldeux
ID: 8128332
What it boils down to is why doesn't this page send the variables with it?



<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill ©2001
          If you want your own  Login Script then goto http://www.webwizguide.info -->
 
<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")
mydata1 = Request.QueryString("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                    db_id = rsShipTrack("id")
                    Cust = rsShipTrack("cust_name")
                    cust_address = rsShipTrack("cust_address")
                    cust_city = rsShipTrack("cust_city")
                    cust_state = rsShipTrack("cust_state")
                    cust_zip = rsShipTrack("cust_zip")
                    FDO_Number = rsShipTrack("fdo")
                    oracle_number = rsShipTrack("oracle_number")
                    Tracking_Number = rsShipTrack("airway_bill")
                    Carrier = rsShipTrack("carrier")
                    Ship_Date = rsShipTrack("ship_date")
                    item = rsShipTrack("items")
                    dolly = rsShipTrack("dollies")


%>
</head>
<form name="Login" method="post" action = "check_user.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & " ">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center">
      <h1>Login</h1>
    </td>
  </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
    <tr>
      <td align="right" height="47" valign="bottom" width="94">User name: </td>
      <td height="47" valign="bottom" width="172">
        <input type="text" name="txtUserName">
      </td>
    </tr>
    <tr>
      <td align="right" width="94">Password: </td>
      <td width="172">
        <input type="password" name="txtUserPass">
      </td>
    </tr>
    <tr>
      <td align="right" height="44" width="94">&nbsp;</td>
      <td height="44" width="172">
        <input type="submit" name="Submit" value="Submit">
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <input type="reset" name="Submit2" value="Submit">
      </td>
    </tr>
  </table>
</form>
<br>
<center>
  Session Cookies must be enabled<br>
  <br>
  <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>
0
 
LVL 11

Expert Comment

by:locke_a
ID: 8128654
Brad,

Your problem here is the same as it was with the javascript / ASP.  One is server side one is client side...  Consider using hidden fields to pass your variables rather than in the form tag.  Try this:

<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill )2001
         If you want your own  Login Script then goto http://www.webwizguide.info -->

<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")
mydata1 = Request.QueryString("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                   db_id = rsShipTrack("id")
                   Cust = rsShipTrack("cust_name")
                   cust_address = rsShipTrack("cust_address")
                   cust_city = rsShipTrack("cust_city")
                   cust_state = rsShipTrack("cust_state")
                   cust_zip = rsShipTrack("cust_zip")
                   FDO_Number = rsShipTrack("fdo")
                   oracle_number = rsShipTrack("oracle_number")
                   Tracking_Number = rsShipTrack("airway_bill")
                   Carrier = rsShipTrack("carrier")
                   Ship_Date = rsShipTrack("ship_date")
                   item = rsShipTrack("items")
                   dolly = rsShipTrack("dollies")


%>
</head>
<form name="Login" method="post" action = "check_user.asp">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
 <tr>
   <td align="center">
     <h1>Login</h1>
   </td>
 </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
   <tr>
     <td align="right" height="47" valign="bottom" width="94">User name: </td>
     <td height="47" valign="bottom" width="172">
       <input type="text" name="txtUserName">
     </td>
   </tr>
   <tr>
     <td align="right" width="94">Password: </td>
     <td width="172">
       <input type="password" name="txtUserPass">
     </td>
   </tr>
   <tr>
     <td align="right" height="44" width="94">&nbsp;</td>
     <td height="44" width="172">
       <input Type='Hidden' Name='oracle_number' Value='<%=oracle_number%>'>
       <input Type='Hidden' Name='airway_bill' Value='<%=Tracking_Number%>'>
       <input Type='Hidden' Name='items' Value='<%=item%>'>
       <input type="submit" name="Submit" value="Submit">
       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
       <input type="reset" name="Submit2" value="Submit">
     </td>
   </tr>
 </table>
</form>
<br>
<center>
 Session Cookies must be enabled<br>
 <br>
 <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>

You've already got an example of how to make the posting page for this right...?
0
 

Author Comment

by:waldeux
ID: 8128889
Sorry to keep bothering you, but this is really helping me understand.  Now I have the next page at check_user.asp (except now my query isn't working) and I think it has something to do with the previous variables:

<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.Form("airway_bill")
mydata1 = Request.Form("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.Form ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                        db_id = rsShipTrack("id")
                        Cust = rsShipTrack("cust_name")
                        cust_address = rsShipTrack("cust_address")
                        cust_city = rsShipTrack("cust_city")
                        cust_state = rsShipTrack("cust_state")
                        cust_zip = rsShipTrack("cust_zip")
                        FDO_Number = rsShipTrack("fdo")
                        oracle_number = rsShipTrack("oracle_number")
                        Tracking_Number = rsShipTrack("airway_bill")
                        Carrier = rsShipTrack("carrier")
                        Ship_Date = rsShipTrack("ship_date")
                        item = rsShipTrack("items")
                        dolly = rsShipTrack("dollies")
                                                            
%>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>

<%
'Dimension variables
Dim adoCon             'Database Connection Variable
Dim strCon            'Holds the Database driver and the path and name of the database
Dim rsCheckUser             'Database Recordset Variable
Dim strAccessDB       'Holds the Access Database Name
Dim strSQL             'Database query sring
Dim strUserName       'Holds the user name
Dim strOracleNumber      'Holds the oracle number

strOracleNumber = Request.QueryString("oracle_number")


'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")
                  
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
      
      'Read in the password for the user from the database
      If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
            
            'If the password is correct then set the session variable to True
            Session("blnIsUserGood") = True
            
            'Close Objects before redirecting
            Set adoCon = Nothing
            Set strCon = Nothing
            Set rsCheckUser = Nothing
            
            'Redirect to the authorised user page and send the users name
            Response.Redirect"update_form.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & ""
End If
End If
            
'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
      
'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>
0
 
LVL 11

Expert Comment

by:locke_a
ID: 8129026
Brad,

There are several 'clean-up' type items that I would change about this posting page... but I think in order to answer your question, I'll need to know a little more...  Which query is not working for you, and in what way is it not working?

Also, I am trying to figure out why it is that you look up all that information on each of these pages, and are not using any of it.  It might be wise to just pass a unique key through the log in process and do your lookup after the user has already been validated.

AL
0
 

Author Comment

by:waldeux
ID: 8129163
query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.Form ("oracle_number") & " AND airway_bill = '" & mydata & "'"

Doesn't work it responds "Ether BOF or EOF is True, or the current record has been delted.  Requested operation requires a current record.

I guess the only reason I look up the info on the pages and then pass it on to be looked up again is because I don't know enough about the syntax and I know that if I open the recordset, define the variables, I can then pass them using the same ?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & ""

0
 
LVL 11

Expert Comment

by:locke_a
ID: 8129285
Brad,

You might try writing out your query string before you do the:

set rsShipTrack=objConn.execute (query)


do a "Response.Write(query)"

That way you can see what it is getting for the 'oracle_number' and 'airway_bill', and see if it is a problem with the variables from the previous page...

I'll clean up your code a little and post my recommended 'revised' version (using what you've shown me so far).

AL

0
 
LVL 11

Expert Comment

by:locke_a
ID: 8129520
Lets start with your login page.... I'd do something like this (You can change the look and feel as much as you'd like, my focus is on functionality):

<%
oracle_number = Request("oracle_number")
airway_bill = Request("airway_bill")
%>

<html>
<head>
     <title>Login</title>
</head>

<body bgColor='#FFFFFF' Text='#000000'>

<form Name='frmLogin' Action='check_user.asp' Method='Post'>
<table Width=518 Border=0 CellSpacing=0 CellPadding=0 Align='Center'>
<tr>
<td align="center">
   <h1>Login</h1>
</td>
</tr>
</table>

<br>
<br>
<br>
<br>

<table Width=273 Border=0 Align='Center' CellSpacing=0 CellPadding=0 bgColor='#CCCCCC'>
<tr>
<td Align='Right' Height=47 vAlign='Bottom' Width=94>
   <font Face='Arial,Helvetica' Size=2>
   User name:
   </font>
</td>
<td Height=47 vAlign='Bottom' Width=172>
   <input Type='Text' Name='UserName' Size=20 MaxLength=20>
</td>
</tr>

<tr>
<td Align='Right' Width=94>
   <font Face='Arial,Helvetica' Size=2>
   Password:
   </font>
</td>
<td Width=172>
   <input Type='Password' Name='Password' Size=20 MaxLength=20>
</td>
</tr>

<tr>
<td ColSpan=2 Align='Center' Height=44>
   <input Type='Hidden' Name='oracle_number' Value='<%=oracle_number%>'>
   <input Type='Hidden' Name='airway_bill' Value='<%=airway_bill%>'>
   <input Type='Submit' Value='Log In'>
</td>
</tr>
</table>
</form>
<br>
<center>
Session Cookies must be enabled<br>
</center>
</form>

</body>
</html>
0
 
LVL 11

Accepted Solution

by:
locke_a earned 2000 total points
ID: 8129561
When I make your check_user.asp page... are you using a database of usernames and passwords, or is it going to be 'hard-coded' in the posting page?

AL
0
 

Author Comment

by:waldeux
ID: 8130244
Al Thanks a lot for all of your help, things are now working, I appreciate your time.  Now I feel a tiny bit smarter.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There’s a good reason for why it’s called a homepage – it closely resembles that of a physical house and the only real difference is that it’s online. Your website’s homepage is where people come to visit you. It’s the family room of your website wh…
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question