Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 321
  • Last Modified:

ASP defined variables into JavaScript passed onto an ASP page

I am trying to use a simple javascript password to protect a dynamically created link.  I tried to pass the variables like I would in ASP, but obviously it didn't work.  The variables are defined on the same page in ASP.  Here is the code: (this is my first time using this forum and I am by no means good at web development)



<SCRIPT LANGUAGE="JavaScript">

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin
function password() {
var testV = 1;
var pass1 = prompt('Please Enter Your Password','');
while (testV < 3) {
if (!pass1)
history.go(-1);
if (pass1 == "password") {
alert('You Got it Right!');
window.open('entry_form.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &fdo=" & FDO_Number & " &cust_name=" & Cust & " &cust_address=" & cust_address & " &cust_city=" & cust_city & " &cust_state=" & cust_state & " &cust_zip=" & cust_zip & " &items=" & item & " &dollies=" & dolly & " &carrier=" & Carrier & " &ship_date=" & Ship_Date & " &id=" & db_id & "');
break;
}
testV+=1;
var pass1 =
prompt('Access Denied - Password Incorrect, Please Try Again.','Password');
}
if (pass1!="password" & testV ==3)              
history.go(-1);
return " ";
}
// End -->
</SCRIPT>
</head>


<!--  define the results in the recordset -->
       <%
               rst.movefirst
               Do while not rst.eof
                    db_id = rst("id")
                    Cust = rst("cust_name")
                    cust_address = rst("cust_address")
                    cust_city = rst("cust_city")
                    cust_state = rst("cust_state")
                    cust_zip = rst("cust_zip")
                    FDO_Number = rst("fdo")
                    oracle_number = rst("oracle_number")
                    Tracking_Number = rst("airway_bill")
                    Carrier = rst("carrier")
                    Ship_Date = rst("ship_date")
                    item = rst("items")
                    dolly = rst("dollies")
                   

     query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
     set rst2=objConn.execute (query2)
               rst2.movefirst
               Do while not rst2.eof
                    carrier_id = rst2("carrier_id")
                    name = rst2("name")
                    image = rst2("image")
                    url_std = rst2("url_std")
                    url_track = rst2("url_track")
               rst2.MoveNext        
               loop
          %>



<FORM>
<input type="button" value="Enter Password Protected Area" onClick="password()">
</FORM>




Whether you can or cannot help me, thank you very much for taking the time,
Brad
0
waldeux
Asked:
waldeux
  • 9
  • 5
1 Solution
 
locke_aCommented:
Brad,

Because ASP is server side, and javascript is running client side, your window.open('string" & variable & "stringcontinued') does not work.  Try substituting the following:

window.open('entry_form.asp?oracle_number=<%=oracle_number%>&airway_bill=<%=Tracking_Number%>&fdo=<%=FDO_Number%>&cust_name=<%=Cust%>&cust_address=<%=cust_address%>&cust_city=<%=cust_city%>&cust_state=<%=cust_state%>&cust_zip=<%=cust_zip%>&items=<%=item%>&dollies=<%=dolly%>&carrier=<%=Carrier%>&ship_date=<%=Ship_Date%>&id=<%=db_id%>');

This is of course assuming that you have already initialized the variables in the ASP.

AL
0
 
locke_aCommented:
Brad,

You'll want to move all of this:

<!--  define the results in the recordset -->
      <%
              rst.movefirst
              Do while not rst.eof
                   db_id = rst("id")
                   Cust = rst("cust_name")
                   cust_address = rst("cust_address")
                   cust_city = rst("cust_city")
                   cust_state = rst("cust_state")
                   cust_zip = rst("cust_zip")
                   FDO_Number = rst("fdo")
                   oracle_number = rst("oracle_number")
                   Tracking_Number = rst("airway_bill")
                   Carrier = rst("carrier")
                   Ship_Date = rst("ship_date")
                   item = rst("items")
                   dolly = rst("dollies")
                   

    query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
    set rst2=objConn.execute (query2)
              rst2.movefirst
              Do while not rst2.eof
                   carrier_id = rst2("carrier_id")
                   name = rst2("name")
                   image = rst2("image")
                   url_std = rst2("url_std")
                   url_track = rst2("url_track")
              rst2.MoveNext        
              loop
         %>

To the very top of your page (above the <html>)

AL
0
 
Kaoscrew-SixpackCommented:
Waldeux,

Better be care full when your sending such a large amount of information to a new web page call.  You could find yourself reaching the maximum limit.

Here a simple solution.  You are passing some unique identifier (ID fields).  Just pass those fields and then in the beginning of you page you are calling, you can extract those values form the database. That way you can also verify that if the ID is not found in the system, fo say someone tried to manually call the page by changing the value, you can display an error message.

Passing the Key Identity values removes the possibilty of a large amount of values being passed from page to page.

Good Luck,

Six
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
locke_aCommented:
Good point six.

Brad, you may be able to do your database query on the 'Entry_form.asp' page.  Then all you have to pass through is the carrier variable:

window.open('entry_form.asp?carrier=<%=Carrier%>');

and on 'entry_form.asp' do:

<!--  define the results in the recordset -->
     <%
             rst.movefirst
             Do while not rst.eof
                  db_id = rst("id")
                  Cust = rst("cust_name")
                  cust_address = rst("cust_address")
                  cust_city = rst("cust_city")
                  cust_state = rst("cust_state")
                  cust_zip = rst("cust_zip")
                  FDO_Number = rst("fdo")
                  oracle_number = rst("oracle_number")
                  Tracking_Number = rst("airway_bill")
                  Carrier = rst("carrier")
                  Ship_Date = rst("ship_date")
                  item = rst("items")
                  dolly = rst("dollies")
                 

   query2 = ("SELECT * FROM carrier WHERE name = '" & carrier & "'")
   set rst2=objConn.execute (query2)
             rst2.movefirst
             Do while not rst2.eof
                  carrier_id = rst2("carrier_id")
                  name = rst2("name")
                  image = rst2("image")
                  url_std = rst2("url_std")
                  url_track = rst2("url_track")
             rst2.MoveNext        
             loop
        %>

AL
0
 
locke_aCommented:
Is there a reason that you are doing the login process in javascript rather than server side using a form, and posting page?

If someone wanted to get in, they can view source, and see the 'password' stored in the javascript.  Or, see the page that you are redirecting to and could put that in their browsers address bar and skip your validation entirely.

If you are interested in a server side (ASP) version of the same thing, let me know, and I can show you how it's done.

AL
0
 
waldeuxAuthor Commented:
The original configuration starts with default.asp which has sort functions and passes results to result.asp which uses select statements to call requested data from the database by using Request.QueryString.
This result.asp page originally created a link for each record and passed some variables to update_form.asp which allowed the user to update the fields.
Since I wanted to protect this page, I tried using a freebie (the top asp portion copied from the previous page):

<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill )2001
           If you want your own  Login Script then goto http://www.webwizguide.info -->
 
<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")


query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>
<%
dim strOracleNumber

strOracleNumber = Request.QueryString ("oracle_number")
%>
<%
db_id = rsShipTrack("id")
                        Cust = rsShipTrack("cust_name")
                        cust_address = rsShipTrack("cust_address")
                        cust_city = rsShipTrack("cust_city")
                        cust_state = rsShipTrack("cust_state")
                        cust_zip = rsShipTrack("cust_zip")
                        FDO_Number = rsShipTrack("fdo")
                        oracle_number = rsShipTrack("oracle_number")
                        Tracking_Number = rsShipTrack("airway_bill")
                        Carrier = rsShipTrack("carrier")
                        Ship_Date = rsShipTrack("ship_date")
                        item = rsShipTrack("items")
                        dolly = rsShipTrack("dollies")
                        pass1 = oracle_number
                        pass2 = fdo_number
                        pass3 = cust_name
                        pass4 = cust_address
                        pass5 = cust_city
                        pass6 = cust_state
                        pass7 = cust_zip
                        pass8 = tracking_number1
                        pass9 = item1
                        pass10 = dollies1
                        pass11 = tracking_number2
                        pass12 = dollies2
                        pass13 = item2
                        pass14 = tracking_number3
                        pass15 = dollies3
                        pass16 = item3
                        pass17 = tracking_number4
                        pass18 = dollies4
                        pass19 = item4
                        pass20 = tracking_number5
                        pass21 = dollies5
                        pass22 = item5
                        pass23 = carrier
                        pass24 = ship_date

mydata = Request.QueryString("airway_bill")
                                                            
%>
</head>
<form name="Login" method="post" action = "default.asp?oracle_number1=" & oracle_number & " &airway_bill=" & Tracking_Number & " &fdo=" & FDO_Number & " &cust_name=" & Cust & " &cust_address=" & cust_address & " &cust_city=" & cust_city & " &cust_state=" & cust_state & " &cust_zip=" & cust_zip & " &items=" & item & " &dollies=" & dolly & " &carrier=" & Carrier & " &ship_date=" & Ship_Date & " &id=" & db_id & "">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center">
      <h1>Login</h1>
    </td>
  </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
    <tr>
      <td align="right" height="47" valign="bottom" width="94">User name: </td>
      <td height="47" valign="bottom" width="172">
        <input type="text" name="txtUserName">
      </td>
    </tr>
    <tr>
      <td align="right" width="94">Password: </td>
      <td width="172">
        <input type="password" name="txtUserPass">
      </td>
    </tr>
    <tr>
      <td align="right" height="44" width="94">&nbsp;</td>
      <td height="44" width="172">
        <input type="submit" name="Submit" value="Submit">
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <input type="reset" name="Submit2" value="Submit">
      </td>
    </tr>
  </table>
</form>
<br>
<center>
  Session Cookies must be enabled<br>
  <br>
  <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>




I could see that all variables were being passed to this page, but I wanted the string to then be passed, with the two form inputs, to the check_user.asp page to verify:

<%
'Dimension variables
Dim adoCon             'Database Connection Variable
Dim strCon            'Holds the Database driver and the path and name of the database
Dim rsCheckUser             'Database Recordset Variable
Dim strAccessDB       'Holds the Access Database Name
Dim strSQL             'Database query sring
Dim strUserName       'Holds the user name
Dim strOracleNumber      'Holds the oracle number

strOracleNumber = Request.QueryString("oracle_number")


'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")
                  
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
      
      'Read in the password for the user from the database
      If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
            
            'If the password is correct then set the session variable to True
            Session("blnIsUserGood") = True
            
            'Close Objects before redirecting
            Set adoCon = Nothing
            Set strCon = Nothing
            Set rsCheckUser = Nothing
            
            'Redirect to the authorised user page and send the users name
            Response.Redirect"update_form.asp?name=" & strOracleNumber"
End If
End If
            
'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
      
'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>

The problem here was that I noticed the QueryString wasn't even being sent here and I also wasn't sure if the response.redirect was working.  I've simplified the variables passed after the response.redirect just for testing purposes, I would like to pass that original string.

The reason I'm not using another asp page to verify password is that I could not figure out how to pass a querystring variable on a form.  What I needed on the next page (passprotect.asp) was the variables from the original page.

Do you think I should add the asp code to each page to recreate the select statement and use only three key identifier variables?
0
 
waldeuxAuthor Commented:
What it boils down to is why doesn't this page send the variables with it?



<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill ©2001
          If you want your own  Login Script then goto http://www.webwizguide.info -->
 
<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")
mydata1 = Request.QueryString("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                    db_id = rsShipTrack("id")
                    Cust = rsShipTrack("cust_name")
                    cust_address = rsShipTrack("cust_address")
                    cust_city = rsShipTrack("cust_city")
                    cust_state = rsShipTrack("cust_state")
                    cust_zip = rsShipTrack("cust_zip")
                    FDO_Number = rsShipTrack("fdo")
                    oracle_number = rsShipTrack("oracle_number")
                    Tracking_Number = rsShipTrack("airway_bill")
                    Carrier = rsShipTrack("carrier")
                    Ship_Date = rsShipTrack("ship_date")
                    item = rsShipTrack("items")
                    dolly = rsShipTrack("dollies")


%>
</head>
<form name="Login" method="post" action = "check_user.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & " ">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
  <tr>
    <td align="center">
      <h1>Login</h1>
    </td>
  </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
    <tr>
      <td align="right" height="47" valign="bottom" width="94">User name: </td>
      <td height="47" valign="bottom" width="172">
        <input type="text" name="txtUserName">
      </td>
    </tr>
    <tr>
      <td align="right" width="94">Password: </td>
      <td width="172">
        <input type="password" name="txtUserPass">
      </td>
    </tr>
    <tr>
      <td align="right" height="44" width="94">&nbsp;</td>
      <td height="44" width="172">
        <input type="submit" name="Submit" value="Submit">
        &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
        <input type="reset" name="Submit2" value="Submit">
      </td>
    </tr>
  </table>
</form>
<br>
<center>
  Session Cookies must be enabled<br>
  <br>
  <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>
0
 
locke_aCommented:
Brad,

Your problem here is the same as it was with the javascript / ASP.  One is server side one is client side...  Consider using hidden fields to pass your variables rather than in the form tag.  Try this:

<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">


<!-- The Web Wiz Guide Login Script is written by Bruce Corkhill )2001
         If you want your own  Login Script then goto http://www.webwizguide.info -->

<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.QueryString("airway_bill")
mydata1 = Request.QueryString("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.QueryString ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                   db_id = rsShipTrack("id")
                   Cust = rsShipTrack("cust_name")
                   cust_address = rsShipTrack("cust_address")
                   cust_city = rsShipTrack("cust_city")
                   cust_state = rsShipTrack("cust_state")
                   cust_zip = rsShipTrack("cust_zip")
                   FDO_Number = rsShipTrack("fdo")
                   oracle_number = rsShipTrack("oracle_number")
                   Tracking_Number = rsShipTrack("airway_bill")
                   Carrier = rsShipTrack("carrier")
                   Ship_Date = rsShipTrack("ship_date")
                   item = rsShipTrack("items")
                   dolly = rsShipTrack("dollies")


%>
</head>
<form name="Login" method="post" action = "check_user.asp">


<body bgcolor="#FFFFFF" text="#000000">
<table width="518" border="0" cellspacing="0" cellpadding="0" align="center">
 <tr>
   <td align="center">
     <h1>Login</h1>
   </td>
 </tr>
</table>
<br>
<br>
<br>
<br>
<table width="273" border="0" align="center" cellspacing="0" cellpadding="0" bgcolor="#CCCCCC">
   <tr>
     <td align="right" height="47" valign="bottom" width="94">User name: </td>
     <td height="47" valign="bottom" width="172">
       <input type="text" name="txtUserName">
     </td>
   </tr>
   <tr>
     <td align="right" width="94">Password: </td>
     <td width="172">
       <input type="password" name="txtUserPass">
     </td>
   </tr>
   <tr>
     <td align="right" height="44" width="94">&nbsp;</td>
     <td height="44" width="172">
       <input Type='Hidden' Name='oracle_number' Value='<%=oracle_number%>'>
       <input Type='Hidden' Name='airway_bill' Value='<%=Tracking_Number%>'>
       <input Type='Hidden' Name='items' Value='<%=item%>'>
       <input type="submit" name="Submit" value="Submit">
       &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
       <input type="reset" name="Submit2" value="Submit">
     </td>
   </tr>
 </table>
</form>
<br>
<center>
 Session Cookies must be enabled<br>
 <br>
 <a href="http://www.webwizguide.info" target="_blank"><img src="web_wiz_guide.gif" width="100" height="30" border="0" alt="Web Wiz Guide!"></a>
</center>
</body>
</html>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>

You've already got an example of how to make the posting page for this right...?
0
 
waldeuxAuthor Commented:
Sorry to keep bothering you, but this is really helping me understand.  Now I have the next page at check_user.asp (except now my query isn't working) and I think it has something to do with the previous variables:

<%
set objConn = server.createobject("ADODB.Connection")
strProvider = "Driver={Microsoft Access Driver (*.mdb)}; DBQ=d:\shipmentTracking\ship_info.mdb;"
objConn.Open strProvider

mydata = Request.Form("airway_bill")
mydata1 = Request.Form("items")

query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.Form ("oracle_number") & " AND airway_bill = '" & mydata & "'"

set rsShipTrack=objConn.execute (query)



%>

<%
                        db_id = rsShipTrack("id")
                        Cust = rsShipTrack("cust_name")
                        cust_address = rsShipTrack("cust_address")
                        cust_city = rsShipTrack("cust_city")
                        cust_state = rsShipTrack("cust_state")
                        cust_zip = rsShipTrack("cust_zip")
                        FDO_Number = rsShipTrack("fdo")
                        oracle_number = rsShipTrack("oracle_number")
                        Tracking_Number = rsShipTrack("airway_bill")
                        Carrier = rsShipTrack("carrier")
                        Ship_Date = rsShipTrack("ship_date")
                        item = rsShipTrack("items")
                        dolly = rsShipTrack("dollies")
                                                            
%>
<%
rsShipTrack.close
Set rsShipTrack = Nothing
Set objConn = Nothing
%>

<%
'Dimension variables
Dim adoCon             'Database Connection Variable
Dim strCon            'Holds the Database driver and the path and name of the database
Dim rsCheckUser             'Database Recordset Variable
Dim strAccessDB       'Holds the Access Database Name
Dim strSQL             'Database query sring
Dim strUserName       'Holds the user name
Dim strOracleNumber      'Holds the oracle number

strOracleNumber = Request.QueryString("oracle_number")


'Initalise the strUserName variable
strUserName = Request.Form("txtUserName")

'Check the database to see if user exsits and read in there password
'Initialise the strAccessDB variable with the name of the Access Database
strAccessDB = "users"

'Create a connection odject
Set adoCon = Server.CreateObject("ADODB.Connection")
                  
'Database connection info and driver
strCon = "DRIVER={Microsoft Access Driver (*.mdb)};uid=;pwd=letmein; DBQ=" & Server.MapPath(strAccessDB)

'Set an active connection to the Connection object
adoCon.Open strCon

'Create a recordset object
Set rsCheckUser = Server.CreateObject("ADODB.Recordset")

'Initalise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT tblUsers.Password FROM tblUsers WHERE tblUsers.UserID ='" & strUserName & "'"

'Query the database
rsCheckUser.Open strSQL, strCon

'If the recordset finds a record for the username entered then read in the password for the user
If NOT rsCheckUser.EOF Then
      
      'Read in the password for the user from the database
      If (Request.Form("txtUserPass")) = rsCheckUser("Password") Then
            
            'If the password is correct then set the session variable to True
            Session("blnIsUserGood") = True
            
            'Close Objects before redirecting
            Set adoCon = Nothing
            Set strCon = Nothing
            Set rsCheckUser = Nothing
            
            'Redirect to the authorised user page and send the users name
            Response.Redirect"update_form.asp?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & ""
End If
End If
            
'Close Objects
Set adoCon = Nothing
Set strCon = Nothing
Set rsCheckUser = Nothing
      
'If the script is still running then the user must not be authorised
Session("blnIsUserGood") = False

'Redirect to the unautorised user page
Response.Redirect"unauthorised_user_page.htm"
%>
0
 
locke_aCommented:
Brad,

There are several 'clean-up' type items that I would change about this posting page... but I think in order to answer your question, I'll need to know a little more...  Which query is not working for you, and in what way is it not working?

Also, I am trying to figure out why it is that you look up all that information on each of these pages, and are not using any of it.  It might be wise to just pass a unique key through the log in process and do your lookup after the user has already been validated.

AL
0
 
waldeuxAuthor Commented:
query = "SELECT ship.* FROM ship WHERE oracle_number = " & Request.Form ("oracle_number") & " AND airway_bill = '" & mydata & "'"

Doesn't work it responds "Ether BOF or EOF is True, or the current record has been delted.  Requested operation requires a current record.

I guess the only reason I look up the info on the pages and then pass it on to be looked up again is because I don't know enough about the syntax and I know that if I open the recordset, define the variables, I can then pass them using the same ?oracle_number=" & oracle_number & " &airway_bill=" & Tracking_Number & " &items=" & item & ""

0
 
locke_aCommented:
Brad,

You might try writing out your query string before you do the:

set rsShipTrack=objConn.execute (query)


do a "Response.Write(query)"

That way you can see what it is getting for the 'oracle_number' and 'airway_bill', and see if it is a problem with the variables from the previous page...

I'll clean up your code a little and post my recommended 'revised' version (using what you've shown me so far).

AL

0
 
locke_aCommented:
Lets start with your login page.... I'd do something like this (You can change the look and feel as much as you'd like, my focus is on functionality):

<%
oracle_number = Request("oracle_number")
airway_bill = Request("airway_bill")
%>

<html>
<head>
     <title>Login</title>
</head>

<body bgColor='#FFFFFF' Text='#000000'>

<form Name='frmLogin' Action='check_user.asp' Method='Post'>
<table Width=518 Border=0 CellSpacing=0 CellPadding=0 Align='Center'>
<tr>
<td align="center">
   <h1>Login</h1>
</td>
</tr>
</table>

<br>
<br>
<br>
<br>

<table Width=273 Border=0 Align='Center' CellSpacing=0 CellPadding=0 bgColor='#CCCCCC'>
<tr>
<td Align='Right' Height=47 vAlign='Bottom' Width=94>
   <font Face='Arial,Helvetica' Size=2>
   User name:
   </font>
</td>
<td Height=47 vAlign='Bottom' Width=172>
   <input Type='Text' Name='UserName' Size=20 MaxLength=20>
</td>
</tr>

<tr>
<td Align='Right' Width=94>
   <font Face='Arial,Helvetica' Size=2>
   Password:
   </font>
</td>
<td Width=172>
   <input Type='Password' Name='Password' Size=20 MaxLength=20>
</td>
</tr>

<tr>
<td ColSpan=2 Align='Center' Height=44>
   <input Type='Hidden' Name='oracle_number' Value='<%=oracle_number%>'>
   <input Type='Hidden' Name='airway_bill' Value='<%=airway_bill%>'>
   <input Type='Submit' Value='Log In'>
</td>
</tr>
</table>
</form>
<br>
<center>
Session Cookies must be enabled<br>
</center>
</form>

</body>
</html>
0
 
locke_aCommented:
When I make your check_user.asp page... are you using a database of usernames and passwords, or is it going to be 'hard-coded' in the posting page?

AL
0
 
waldeuxAuthor Commented:
Al Thanks a lot for all of your help, things are now working, I appreciate your time.  Now I feel a tiny bit smarter.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 9
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now