need help passing a variable

I have a  login area - when if the user is a stockist of a product, the link to that product page is displayed. What i need to do is to pass some variables i.e. username and password to the next page in order to display their discount level (another field in database).

I tried this code but failed;

Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp?"(Session(userName))">Carburettor Components</a>")

expected )

This is the current code:


<% Response.Buffer = true %>


<%
'-- Declare variables
Dim DataConnection, cmdDC, RecordSet
Dim RecordToEdit, Updated, strUserName, strPassword, dbConnStr
'--has a request to login been made?
If Request.Form("btnLogin") = "Go" Then
      strUserName = Request.Form("txtName")
      strPassword = Request.Form("txtPassword")
      strEmail = Request.Form("txtEmail")
      
      '-- Create object and open database
      dbConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../Data/customers.mdb")
      '-- compile SQL
      SQL = "SELECT tblSecurity.* FROM tblSecurity " & _
              "WHERE tblSecurity.userID='" & strUserName& _
              "' AND tblSecurity.password ='" & strPassword & "'"
      Set DataConnection = Server.CreateObject("ADODB.Recordset")
      
      with DataConnection
            .ActiveConnection = dbConnStr
            .Source = SQL
            .CursorType = 1
            .CursorLocation = 2
            .LockType = 3
            .Open
            end with

    If Not DataConnection.EOF Then
      dataconnection.Fields("email") = strEmail
      dataconnection.update
        Dim struserLevel
      struserLevel = DataConnection.Fields("userLevel")
      Session("userLevel") = struserLevel
        Session("userName") = strUserName
        Session("productAccess") = ""
        If DataConnection.Fields("catstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("lambdastatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("fuelpumpstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("emsstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("dieselstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("filterstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("carbstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If  
        Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","
        
      Else
      '----------------------------------
        'The user was not validated...
        'Take them to a page which tells them they were not validated...
    'Response.Redirect "register.asp"
      '----------------------------------
            loginFail = 1
    End If
End If
%>
LambdasensorAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
nurbekConnect With a Mentor Commented:
you mean this

Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp?username" & Session("username") & """>Carburettor Components</a>")


but you dont have to send the username by querystring
it is already assigned to Session variable

on the next page you use  Session("username")

that's why Session  variables is used for this




0
 
LambdasensorAuthor Commented:
<% If Session("userLevel") Then
                          Response.write("<img src=""../images/customerarea.gif"" width=""107"" height=""25"" />")
                          Response.write("<br>")
                          Response.write("<br>")
                          Response.write("Welcome ")
                          Response.write(Session("userName"))
                          Response.write("<BR>")
                          Response.write("<BR>")
                          Dim linkstatus
                              linkstatus = Split( Session("ProductAccess"),",")
                              If linkstatus(0) = 1 Then
                              Response.Write("<a href = ""Http://www.website.co.uk/customer/catalyticconverter.asp"">Catalytic Converters</a>")
                              Response.Write("<BR>")
                            End If
                          'If dataconnection("catstatus") = true then
                          'Response.Write("<a href = ""Http://www.website.co.uk/customer/catalyticconverter.asp"">Catalytic Converters</a>")
                          'Response.Write("<BR>")
                          'End If
                          'If dataconnection("lambdastatus") = true then
                          If linkstatus(1) = 1 Then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/lambdasensors.asp"">Lambda Sensors</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(2) = 1 Then
                          'If dataconnection("fuelpumpstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/fuelpumps.asp"">Fuel Pumps</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(3) = 1 Then
                          'If dataconnection("emsstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/enginemanagement.asp"">Engine Management</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(4) = 1 Then
                           'If dataconnection("dieselstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/diesel.asp"">Diesel Components</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(5) = 1 Then
                          'If dataconnection("filterstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/fuelfilters.asp"">Wheel Speed Sensors</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(6) = 1 Then
                          'If dataconnection("carbstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp"">Carburettor Components</a>")
                          Response.Write("<BR>")
                         
                          End If
                         
                        

                  if Instr(Session("ProductAccess"),"1") <1 then
    response.write("To view pricelists and other product information, you must be a stockist. Call sales on telephobe  for more information.")
end if



                          Response.write("</td>")
                         Else
                               Response.write("Existing customers logon:")
                               If loginFail = 1 Then
                                    Response.write("<BR><BR>Sorry either your username or password were incorrect!<BR>&nbsp;")
                               End if
                              
                    %>
0
 
LambdasensorAuthor Commented:
then take for example the carbstatus page, i have a verify as an include :


<%

If Session("userLevel") > 0 Then
' Do nothing, user has clearance
Else

Response.Write("<script>alert('You are not authorized to view this page')</script>")
Response.Redirect "http://website.co.uk/main/index.asp"
End If
Dim arrAccess
arrAccess = Split( Session("ProductAccess"),",")

If arrAccess(6) > 0 Then
'do nothing
Else
Response.Write("<script>alert('You are not authorized to view this page')</script>")
Response.Redirect "http://website.co.uk/main/index.asp"
End If

%>

What i need to do on this page is then select the row from the database which equal to the username and password. and response.write what is in a column, Any help much appreciated.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
aprestoCommented:
i havent read the whole code cos that a big one :o)! But why dont you store the user name and details you need in hidden fields and then submit the form to the next page this way all you need to do is a request.form("fieldname") and you have your value.  Either that or you could store the username in your Session.

Is this close to what you need?
0
 
MPKRCommented:
This code is insecure! Look for keyword SQL Incjection in Google !!!!!


  strUserName = Request.Form("txtName")
     strPassword = Request.Form("txtPassword")
     strEmail = Request.Form("txtEmail")
     
     '-- Create object and open database
     dbConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../Data/customers.mdb")
     '-- compile SQL
     SQL = "SELECT tblSecurity.* FROM tblSecurity " & _
            "WHERE tblSecurity.userID='" & strUserName& _
            "' AND tblSecurity.password ='" & strPassword & "'"
0
 
LambdasensorAuthor Commented:
I have added the password to the session too, so can anyone help with coding

WHERE USERNAME & PASSWORD IN TABLE BLAH IS EQUAL TO SESSION PASSWORD
RESPONSE.WRITE COLUMN7

0
 
MPKRCommented:
usr = session("password")
pwd = session("username")

'some securing:
usr = replace(usr, "'", "")
pwd = replace(pwd, "'", "")
usr = replace(usr, "-", "")
pwd = replace(pwd, "-", "")
usr = replace(usr, "=", "")
pwd = replace(pwd, "=", "")

SQL = "SELECT * FROM tblSecurity Where userID like '" & usr & "' and password = '" & pwd & "'"
0
 
LambdasensorAuthor Commented:
how can i secure it?
0
 
LambdasensorAuthor Commented:
i've done it using the session
0
 
LambdasensorAuthor Commented:
thanks for your help guys
0
All Courses

From novice to tech pro — start learning today.