need help passing a variable

I have a  login area - when if the user is a stockist of a product, the link to that product page is displayed. What i need to do is to pass some variables i.e. username and password to the next page in order to display their discount level (another field in database).

I tried this code but failed;

Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp?"(Session(userName))">Carburettor Components</a>")

expected )

This is the current code:


<% Response.Buffer = true %>


<%
'-- Declare variables
Dim DataConnection, cmdDC, RecordSet
Dim RecordToEdit, Updated, strUserName, strPassword, dbConnStr
'--has a request to login been made?
If Request.Form("btnLogin") = "Go" Then
      strUserName = Request.Form("txtName")
      strPassword = Request.Form("txtPassword")
      strEmail = Request.Form("txtEmail")
      
      '-- Create object and open database
      dbConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../Data/customers.mdb")
      '-- compile SQL
      SQL = "SELECT tblSecurity.* FROM tblSecurity " & _
              "WHERE tblSecurity.userID='" & strUserName& _
              "' AND tblSecurity.password ='" & strPassword & "'"
      Set DataConnection = Server.CreateObject("ADODB.Recordset")
      
      with DataConnection
            .ActiveConnection = dbConnStr
            .Source = SQL
            .CursorType = 1
            .CursorLocation = 2
            .LockType = 3
            .Open
            end with

    If Not DataConnection.EOF Then
      dataconnection.Fields("email") = strEmail
      dataconnection.update
        Dim struserLevel
      struserLevel = DataConnection.Fields("userLevel")
      Session("userLevel") = struserLevel
        Session("userName") = strUserName
        Session("productAccess") = ""
        If DataConnection.Fields("catstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("lambdastatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("fuelpumpstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("emsstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("dieselstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("filterstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If
         Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","

        
        If DataConnection.Fields("carbstatus") = true then
        lvlTemp = "1"
        Else
        lvlTemp = "0"
        End If  
        Session("ProductAccess") = Session("ProductAccess")&lvlTemp&","
        
      Else
      '----------------------------------
        'The user was not validated...
        'Take them to a page which tells them they were not validated...
    'Response.Redirect "register.asp"
      '----------------------------------
            loginFail = 1
    End If
End If
%>
LambdasensorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LambdasensorAuthor Commented:
<% If Session("userLevel") Then
                          Response.write("<img src=""../images/customerarea.gif"" width=""107"" height=""25"" />")
                          Response.write("<br>")
                          Response.write("<br>")
                          Response.write("Welcome ")
                          Response.write(Session("userName"))
                          Response.write("<BR>")
                          Response.write("<BR>")
                          Dim linkstatus
                              linkstatus = Split( Session("ProductAccess"),",")
                              If linkstatus(0) = 1 Then
                              Response.Write("<a href = ""Http://www.website.co.uk/customer/catalyticconverter.asp"">Catalytic Converters</a>")
                              Response.Write("<BR>")
                            End If
                          'If dataconnection("catstatus") = true then
                          'Response.Write("<a href = ""Http://www.website.co.uk/customer/catalyticconverter.asp"">Catalytic Converters</a>")
                          'Response.Write("<BR>")
                          'End If
                          'If dataconnection("lambdastatus") = true then
                          If linkstatus(1) = 1 Then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/lambdasensors.asp"">Lambda Sensors</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(2) = 1 Then
                          'If dataconnection("fuelpumpstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/fuelpumps.asp"">Fuel Pumps</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(3) = 1 Then
                          'If dataconnection("emsstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/enginemanagement.asp"">Engine Management</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(4) = 1 Then
                           'If dataconnection("dieselstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/diesel.asp"">Diesel Components</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(5) = 1 Then
                          'If dataconnection("filterstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/fuelfilters.asp"">Wheel Speed Sensors</a>")
                          Response.Write("<BR>")
                          End If
                          If linkstatus(6) = 1 Then
                          'If dataconnection("carbstatus") = true then
                          Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp"">Carburettor Components</a>")
                          Response.Write("<BR>")
                         
                          End If
                         
                        

                  if Instr(Session("ProductAccess"),"1") <1 then
    response.write("To view pricelists and other product information, you must be a stockist. Call sales on telephobe  for more information.")
end if



                          Response.write("</td>")
                         Else
                               Response.write("Existing customers logon:")
                               If loginFail = 1 Then
                                    Response.write("<BR><BR>Sorry either your username or password were incorrect!<BR>&nbsp;")
                               End if
                              
                    %>
0
LambdasensorAuthor Commented:
then take for example the carbstatus page, i have a verify as an include :


<%

If Session("userLevel") > 0 Then
' Do nothing, user has clearance
Else

Response.Write("<script>alert('You are not authorized to view this page')</script>")
Response.Redirect "http://website.co.uk/main/index.asp"
End If
Dim arrAccess
arrAccess = Split( Session("ProductAccess"),",")

If arrAccess(6) > 0 Then
'do nothing
Else
Response.Write("<script>alert('You are not authorized to view this page')</script>")
Response.Redirect "http://website.co.uk/main/index.asp"
End If

%>

What i need to do on this page is then select the row from the database which equal to the username and password. and response.write what is in a column, Any help much appreciated.
0
nurbekCommented:
you mean this

Response.Write("<a href = ""Http://www.website.co.uk/customer/carbstatus.asp?username" & Session("username") & """>Carburettor Components</a>")


but you dont have to send the username by querystring
it is already assigned to Session variable

on the next page you use  Session("username")

that's why Session  variables is used for this




0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

aprestoCommented:
i havent read the whole code cos that a big one :o)! But why dont you store the user name and details you need in hidden fields and then submit the form to the next page this way all you need to do is a request.form("fieldname") and you have your value.  Either that or you could store the username in your Session.

Is this close to what you need?
0
MPKRCommented:
This code is insecure! Look for keyword SQL Incjection in Google !!!!!


  strUserName = Request.Form("txtName")
     strPassword = Request.Form("txtPassword")
     strEmail = Request.Form("txtEmail")
     
     '-- Create object and open database
     dbConnStr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("../Data/customers.mdb")
     '-- compile SQL
     SQL = "SELECT tblSecurity.* FROM tblSecurity " & _
            "WHERE tblSecurity.userID='" & strUserName& _
            "' AND tblSecurity.password ='" & strPassword & "'"
0
LambdasensorAuthor Commented:
I have added the password to the session too, so can anyone help with coding

WHERE USERNAME & PASSWORD IN TABLE BLAH IS EQUAL TO SESSION PASSWORD
RESPONSE.WRITE COLUMN7

0
MPKRCommented:
usr = session("password")
pwd = session("username")

'some securing:
usr = replace(usr, "'", "")
pwd = replace(pwd, "'", "")
usr = replace(usr, "-", "")
pwd = replace(pwd, "-", "")
usr = replace(usr, "=", "")
pwd = replace(pwd, "=", "")

SQL = "SELECT * FROM tblSecurity Where userID like '" & usr & "' and password = '" & pwd & "'"
0
LambdasensorAuthor Commented:
how can i secure it?
0
LambdasensorAuthor Commented:
i've done it using the session
0
LambdasensorAuthor Commented:
thanks for your help guys
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.