?
Solved

Protecting ASP pages with a login

Posted on 2005-04-08
19
Medium Priority
?
319 Views
Last Modified: 2011-09-20
Hi,

I am trying to protect all my asp files with a login function. The function means that anyone trying to access any of the protected asp pages can't gain access unless they are logged in, and if they try to do so are taken straight to the login page. When i run the code though i receive this error.

Error Type:
Request object, ASP 0102 (0x80004005)
The function expects a string as input.
/logon.asp, line 5

Here is the code that runs the protection function.

<%
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open Application("Database1_ConnectionString")

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = " & Request.Form(username)& " AND password =" & Request.Form(password) & ";")


Do until RS.EOF
Pass = RS("password")
Name = RS("username")
RS.MoveNext
loop

RS.Close
Conn.Close

IF Pass = "" Then
Message = "The Password you entered is either wrong or not found in our database. Please press the back button and try again."
Else
Session("password") = Pass
Session("username") = Name

IF Session("Ori_URL") = "" Then 'do nothing
Else
Response.redirect(session("Ori_URL"))
End IF
End IF
%>

My knowledge of sql is very limited, and i can't see why this doesn't work. It seems to link in with my access database fine but fall down at the Set RS line. Any help would be fantastic as regardless of what combination of code i try i can't get it to work.
0
Comment
Question by:ChrisW2
  • 6
  • 6
  • 4
  • +2
19 Comments
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 13737661
try change:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = " & Request.Form(username)& " AND password =" & Request.Form(password) & ";")

to:

Set RS = Conn.Execute("SELECT * From tblMember WHERE username = " & Replace(Request.Form("username"),"'","''") & " AND password =" & Replace(Request.Form("password"),"'","''"))

?
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13737677
Add single quotes to your SELECT statement

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = '" &  Request.Form(username)& "' AND password ='" & Request.Form(password) & "';")
0
 

Author Comment

by:ChrisW2
ID: 13737828
Hi,

Thanks for the prompt response. I tried this:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = "& Request.Form(username)&; "' AND password ='" &; Request.Form(password) &; "';")

And received the following error:

Error Type:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/logon.asp, line 5, column 91
Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = "& Request.Form(username)&; "' AND password ='" &; Request.Form(password) &; "';")

Any ideas?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13737915
You need single quotes around the username as well.
0
 

Author Comment

by:ChrisW2
ID: 13738017
Tried this:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = "& Request.Form("username") &; "' AND password ='" &; Request.Form("password") &; "';")

And received the following error:

Error Type:
Microsoft VBScript compilation (0x800A03EA)
Syntax error
/logon.asp, line 5, column 94
Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = "& Request.Form("username") &; "' AND password ='" &; Request.Form("password") &; "';")


Is that what you meant?
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13738051
You should not build your SQL statement in code.  There are a number of reason not to do it that way, two of which are;

1. You are open to SQL injection attacks,
2. You will have problems with unfiltered string parameters, which is why ryancys was doing a replace on your form field values.  (However, by doing a replace on the password, he is changing the value.)

It is much better and safer to use parameterized SQL.  The parameters can not be executable SQL code so you are not liikely to have an SQL injection attack, and you do not have to worry about filtering the input for single quotes, like O'Brian.

<!--#include virtual="include/adovbs.inc"-->
Dim param, cmd, conn, rs

Set cmd = Server.CreateObject("ADODB.Command")
Set RS = Server.CreateObject("ADODB.Recordset")
Set conn = Server.CreateObject("ADODB.Connection")

conn.open *** your connection string ***
Set cmd.ActiveConnection = conn

cmd.CommandText = "SELECT password FROM tblMember WHERE username = @username"
      
Set param = cmd.CreateParameter("@username",adVarChar,adParamInput,CLng(Len(Request.Form("username"))),Request.Form("username"))
cmd.Parameters.Append param
      
RS.Open cmd

if NOT(RS.BOF AND RS.EOF) then
    if RS("password")=Request.Form("password") then
        Session("login")=true
    end if
end if

Regards,
Rod


0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 13738094
extra ; ??

try:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = "& Request.Form("username") &; "' AND password ='" &; Request.Form("password") & "';")
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13738105
And back to your latest error:

It is:

"SELECT * From tblMember WHERE username = '"& Request.Form("username") & "' AND password ='" &; Request.Form("password") & "';"

not

"SELECT * From tblMember WHERE username = "& Request.Form("username") &; "' AND password ='" &; Request.Form("password") &; "';")

You are missing the left single quote for username and you have illegal semicolons after the second and third ampersands.
0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 13738117
oops, re-post, try:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = " & Request.Form("username") & "' AND password ='" & Request.Form("password") & "' ")

or:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = " & Replace(Request.Form("username"),"'","''") & "' AND password ='" & Replace(Request.Form("password"),"'","''") & "' ")
0
 

Author Comment

by:ChrisW2
ID: 13738185
What code dfo i include in the file adovbs.inc? Or is that it, and i then place <!--#include virtual="include/adovbs.inc"--> at the top of each page?

The code looks like this at the moment:

<!--#include virtual="include/adovbs.inc"-->
<%
Dim param, cmd, conn, rs

Set cmd = Server.CreateObject("ADODB.Command")
Set RS = Server.CreateObject("ADODB.Recordset")
Set conn = Server.CreateObject("ADODB.Connection")

conn.open Application("Database1_ConnectionString")
Set cmd.ActiveConnection = conn

cmd.CommandText = "SELECT password FROM tblMember WHERE username = @username"
     
Set param = cmd.CreateParameter("@username",adVarChar,adParamInput,CLng(Len(Request.Form("username"))),Request.Form("username"))
cmd.Parameters.Append param
     
RS.Open cmd

if NOT(RS.BOF AND RS.EOF) then
    if RS("password")=Request.Form("password") then
        Session("login")=true
    end if
end if
%>

Is that along the right lines?
0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 13738212
seems like many re-post here.. sorry about that, try this instead:

Set RS = Conn.Execute ("SELECT * From tblMember WHERE username = '" & Request.Form(username) & "' AND password = '" & Request.Form(password) & "' ")

or:

Set RS = Conn.Execute("SELECT * From tblMember WHERE username = '" & Replace(Request.Form("username"),"'","''") & "' AND password = '" & Replace(Request.Form("password"),"'","''") & "' ")
0
 
LVL 54

Accepted Solution

by:
Ryan Chong earned 1000 total points
ID: 13738253
try:

<!--#include virtual="include/adovbs.inc"-->
<%
Dim conn, rs

Set conn = Server.CreateObject("ADODB.Connection")

conn.open Application("Database1_ConnectionString")

Set RS = Server.CreateObject("ADODB.Recordset")
Rs.open "SELECT password FROM tblMember WHERE username = '" & Replace(Request.Form("username"),"'","''") & "' And password = '" & Replace(Request.Form("password"),"'","''") & "' " , conn, 1, 1
     
if NOT RS.EOF then
    if RS("password")=Request.Form("password") then
        Session("login")=true
    end if
end if
%>
0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13738284
I do not know where adovbs.inc is on your web server.  Usually, it is outside of the web root where ever the ADO files were installed and you will need to put a copy in your web folder.

<%
'--------------------------------------------------------------------
' Microsoft ADO
' ADO constants include file for VBScript
'--------------------------------------------------------------------

'---- CursorTypeEnum Values ----
Const adOpenForwardOnly = 0
Const adOpenKeyset = 1
Const adOpenDynamic = 2
Const adOpenStatic = 3

'---- CursorOptionEnum Values ----
Const adHoldRecords = &H00000100
Const adMovePrevious = &H00000200
Const adAddNew = &H01000400
Const adDelete = &H01000800
Const adUpdate = &H01008000
Const adBookmark = &H00002000
Const adApproxPosition = &H00004000
Const adUpdateBatch = &H00010000
Const adResync = &H00020000
Const adNotify = &H00040000
Const adFind = &H00080000
Const adSeek = &H00400000
Const adIndex = &H00800000

'---- LockTypeEnum Values ----
Const adLockReadOnly = 1
Const adLockPessimistic = 2
Const adLockOptimistic = 3
Const adLockBatchOptimistic = 4

'---- ExecuteOptionEnum Values ----
Const adAsyncExecute = &H00000010
Const adAsyncFetch = &H00000020
Const adAsyncFetchNonBlocking = &H00000040
Const adExecuteNoRecords = &H00000080
Const adExecuteStream = &H00000400

'---- ConnectOptionEnum Values ----
Const adAsyncConnect = &H00000010

'---- ObjectStateEnum Values ----
Const adStateClosed = &H00000000
Const adStateOpen = &H00000001
Const adStateConnecting = &H00000002
Const adStateExecuting = &H00000004
Const adStateFetching = &H00000008

'---- CursorLocationEnum Values ----
Const adUseServer = 2
Const adUseClient = 3

'---- DataTypeEnum Values ----
Const adEmpty = 0
Const adTinyInt = 16
Const adSmallInt = 2
Const adInteger = 3
Const adBigInt = 20
Const adUnsignedTinyInt = 17
Const adUnsignedSmallInt = 18
Const adUnsignedInt = 19
Const adUnsignedBigInt = 21
Const adSingle = 4
Const adDouble = 5
Const adCurrency = 6
Const adDecimal = 14
Const adNumeric = 131
Const adBoolean = 11
Const adError = 10
Const adUserDefined = 132
Const adVariant = 12
Const adIDispatch = 9
Const adIUnknown = 13
Const adGUID = 72
Const adDate = 7
Const adDBDate = 133
Const adDBTime = 134
Const adDBTimeStamp = 135
Const adBSTR = 8
Const adChar = 129
Const adVarChar = 200
Const adLongVarChar = 201
Const adWChar = 130
Const adVarWChar = 202
Const adLongVarWChar = 203
Const adBinary = 128
Const adVarBinary = 204
Const adLongVarBinary = 205
Const adChapter = 136
Const adFileTime = 64
Const adPropVariant = 138
Const adVarNumeric = 139
Const adArray = &H2000

'---- FieldAttributeEnum Values ----
Const adFldMayDefer = &H00000002
Const adFldUpdatable = &H00000004
Const adFldUnknownUpdatable = &H00000008
Const adFldFixed = &H00000010
Const adFldIsNullable = &H00000020
Const adFldMayBeNull = &H00000040
Const adFldLong = &H00000080
Const adFldRowID = &H00000100
Const adFldRowVersion = &H00000200
Const adFldCacheDeferred = &H00001000
Const adFldIsChapter = &H00002000
Const adFldNegativeScale = &H00004000
Const adFldKeyColumn = &H00008000
Const adFldIsRowURL = &H00010000
Const adFldIsDefaultStream = &H00020000
Const adFldIsCollection = &H00040000

'---- EditModeEnum Values ----
Const adEditNone = &H0000
Const adEditInProgress = &H0001
Const adEditAdd = &H0002
Const adEditDelete = &H0004

'---- RecordStatusEnum Values ----
Const adRecOK = &H0000000
Const adRecNew = &H0000001
Const adRecModified = &H0000002
Const adRecDeleted = &H0000004
Const adRecUnmodified = &H0000008
Const adRecInvalid = &H0000010
Const adRecMultipleChanges = &H0000040
Const adRecPendingChanges = &H0000080
Const adRecCanceled = &H0000100
Const adRecCantRelease = &H0000400
Const adRecConcurrencyViolation = &H0000800
Const adRecIntegrityViolation = &H0001000
Const adRecMaxChangesExceeded = &H0002000
Const adRecObjectOpen = &H0004000
Const adRecOutOfMemory = &H0008000
Const adRecPermissionDenied = &H0010000
Const adRecSchemaViolation = &H0020000
Const adRecDBDeleted = &H0040000

'---- GetRowsOptionEnum Values ----
Const adGetRowsRest = -1

'---- PositionEnum Values ----
Const adPosUnknown = -1
Const adPosBOF = -2
Const adPosEOF = -3

'---- BookmarkEnum Values ----
Const adBookmarkCurrent = 0
Const adBookmarkFirst = 1
Const adBookmarkLast = 2

'---- MarshalOptionsEnum Values ----
Const adMarshalAll = 0
Const adMarshalModifiedOnly = 1

'---- AffectEnum Values ----
Const adAffectCurrent = 1
Const adAffectGroup = 2
Const adAffectAllChapters = 4

'---- ResyncEnum Values ----
Const adResyncUnderlyingValues = 1
Const adResyncAllValues = 2

'---- CompareEnum Values ----
Const adCompareLessThan = 0
Const adCompareEqual = 1
Const adCompareGreaterThan = 2
Const adCompareNotEqual = 3
Const adCompareNotComparable = 4

'---- FilterGroupEnum Values ----
Const adFilterNone = 0
Const adFilterPendingRecords = 1
Const adFilterAffectedRecords = 2
Const adFilterFetchedRecords = 3
Const adFilterConflictingRecords = 5

'---- SearchDirectionEnum Values ----
Const adSearchForward = 1
Const adSearchBackward = -1

'---- PersistFormatEnum Values ----
Const adPersistADTG = 0
Const adPersistXML = 1

'---- StringFormatEnum Values ----
Const adClipString = 2

'---- ConnectPromptEnum Values ----
Const adPromptAlways = 1
Const adPromptComplete = 2
Const adPromptCompleteRequired = 3
Const adPromptNever = 4

'---- ConnectModeEnum Values ----
Const adModeUnknown = 0
Const adModeRead = 1
Const adModeWrite = 2
Const adModeReadWrite = 3
Const adModeShareDenyRead = 4
Const adModeShareDenyWrite = 8
Const adModeShareExclusive = &Hc
Const adModeShareDenyNone = &H10
Const adModeRecursive = &H400000

'---- RecordCreateOptionsEnum Values ----
Const adCreateCollection = &H00002000
Const adCreateStructDoc = &H80000000
Const adCreateNonCollection = &H00000000
Const adOpenIfExists = &H02000000
Const adCreateOverwrite = &H04000000
Const adFailIfNotExists = -1

'---- RecordOpenOptionsEnum Values ----
Const adOpenRecordUnspecified = -1
Const adOpenOutput = &H00800000
Const adOpenAsync = &H00001000
Const adDelayFetchStream = &H00004000
Const adDelayFetchFields = &H00008000
Const adOpenExecuteCommand = &H00010000

'---- IsolationLevelEnum Values ----
Const adXactUnspecified = &Hffffffff
Const adXactChaos = &H00000010
Const adXactReadUncommitted = &H00000100
Const adXactBrowse = &H00000100
Const adXactCursorStability = &H00001000
Const adXactReadCommitted = &H00001000
Const adXactRepeatableRead = &H00010000
Const adXactSerializable = &H00100000
Const adXactIsolated = &H00100000

'---- XactAttributeEnum Values ----
Const adXactCommitRetaining = &H00020000
Const adXactAbortRetaining = &H00040000

'---- PropertyAttributesEnum Values ----
Const adPropNotSupported = &H0000
Const adPropRequired = &H0001
Const adPropOptional = &H0002
Const adPropRead = &H0200
Const adPropWrite = &H0400

'---- ErrorValueEnum Values ----
Const adErrProviderFailed = &Hbb8
Const adErrInvalidArgument = &Hbb9
Const adErrOpeningFile = &Hbba
Const adErrReadFile = &Hbbb
Const adErrWriteFile = &Hbbc
Const adErrNoCurrentRecord = &Hbcd
Const adErrIllegalOperation = &Hc93
Const adErrCantChangeProvider = &Hc94
Const adErrInTransaction = &Hcae
Const adErrFeatureNotAvailable = &Hcb3
Const adErrItemNotFound = &Hcc1
Const adErrObjectInCollection = &Hd27
Const adErrObjectNotSet = &Hd5c
Const adErrDataConversion = &Hd5d
Const adErrObjectClosed = &He78
Const adErrObjectOpen = &He79
Const adErrProviderNotFound = &He7a
Const adErrBoundToCommand = &He7b
Const adErrInvalidParamInfo = &He7c
Const adErrInvalidConnection = &He7d
Const adErrNotReentrant = &He7e
Const adErrStillExecuting = &He7f
Const adErrOperationCancelled = &He80
Const adErrStillConnecting = &He81
Const adErrInvalidTransaction = &He82
Const adErrUnsafeOperation = &He84
Const adwrnSecurityDialog = &He85
Const adwrnSecurityDialogHeader = &He86
Const adErrIntegrityViolation = &He87
Const adErrPermissionDenied = &He88
Const adErrDataOverflow = &He89
Const adErrSchemaViolation = &He8a
Const adErrSignMismatch = &He8b
Const adErrCantConvertvalue = &He8c
Const adErrCantCreate = &He8d
Const adErrColumnNotOnThisRow = &He8e
Const adErrURLIntegrViolSetColumns = &He8f
Const adErrURLDoesNotExist = &He8f
Const adErrTreePermissionDenied = &He90
Const adErrInvalidURL = &He91
Const adErrResourceLocked = &He92
Const adErrResourceExists = &He93
Const adErrCannotComplete = &He94
Const adErrVolumeNotFound = &He95
Const adErrOutOfSpace = &He96
Const adErrResourceOutOfScope = &He97
Const adErrUnavailable = &He98
Const adErrURLNamedRowDoesNotExist = &He99
Const adErrDelResOutOfScope = &He9a
Const adErrPropInvalidColumn = &He9b
Const adErrPropInvalidOption = &He9c
Const adErrPropInvalidValue = &He9d
Const adErrPropConflicting = &He9e
Const adErrPropNotAllSettable = &He9f
Const adErrPropNotSet = &Hea0
Const adErrPropNotSettable = &Hea1
Const adErrPropNotSupported = &Hea2
Const adErrCatalogNotSet = &Hea3
Const adErrCantChangeConnection = &Hea4
Const adErrFieldsUpdateFailed = &Hea5
Const adErrDenyNotSupported = &Hea6
Const adErrDenyTypeNotSupported = &Hea7
Const adErrProviderNotSpecified = &Hea9
Const adErrConnectionStringTooLong = &Heaa

'---- ParameterAttributesEnum Values ----
Const adParamSigned = &H0010
Const adParamNullable = &H0040
Const adParamLong = &H0080

'---- ParameterDirectionEnum Values ----
Const adParamUnknown = &H0000
Const adParamInput = &H0001
Const adParamOutput = &H0002
Const adParamInputOutput = &H0003
Const adParamReturnValue = &H0004

'---- CommandTypeEnum Values ----
Const adCmdUnknown = &H0008
Const adCmdText = &H0001
Const adCmdTable = &H0002
Const adCmdStoredProc = &H0004
Const adCmdFile = &H0100
Const adCmdTableDirect = &H0200

'---- EventStatusEnum Values ----
Const adStatusOK = &H0000001
Const adStatusErrorsOccurred = &H0000002
Const adStatusCantDeny = &H0000003
Const adStatusCancel = &H0000004
Const adStatusUnwantedEvent = &H0000005

'---- EventReasonEnum Values ----
Const adRsnAddNew = 1
Const adRsnDelete = 2
Const adRsnUpdate = 3
Const adRsnUndoUpdate = 4
Const adRsnUndoAddNew = 5
Const adRsnUndoDelete = 6
Const adRsnRequery = 7
Const adRsnResynch = 8
Const adRsnClose = 9
Const adRsnMove = 10
Const adRsnFirstChange = 11
Const adRsnMoveFirst = 12
Const adRsnMoveNext = 13
Const adRsnMovePrevious = 14
Const adRsnMoveLast = 15

'---- SchemaEnum Values ----
Const adSchemaProviderSpecific = -1
Const adSchemaAsserts = 0
Const adSchemaCatalogs = 1
Const adSchemaCharacterSets = 2
Const adSchemaCollations = 3
Const adSchemaColumns = 4
Const adSchemaCheckConstraints = 5
Const adSchemaConstraintColumnUsage = 6
Const adSchemaConstraintTableUsage = 7
Const adSchemaKeyColumnUsage = 8
Const adSchemaReferentialConstraints = 9
Const adSchemaTableConstraints = 10
Const adSchemaColumnsDomainUsage = 11
Const adSchemaIndexes = 12
Const adSchemaColumnPrivileges = 13
Const adSchemaTablePrivileges = 14
Const adSchemaUsagePrivileges = 15
Const adSchemaProcedures = 16
Const adSchemaSchemata = 17
Const adSchemaSQLLanguages = 18
Const adSchemaStatistics = 19
Const adSchemaTables = 20
Const adSchemaTranslations = 21
Const adSchemaProviderTypes = 22
Const adSchemaViews = 23
Const adSchemaViewColumnUsage = 24
Const adSchemaViewTableUsage = 25
Const adSchemaProcedureParameters = 26
Const adSchemaForeignKeys = 27
Const adSchemaPrimaryKeys = 28
Const adSchemaProcedureColumns = 29
Const adSchemaDBInfoKeywords = 30
Const adSchemaDBInfoLiterals = 31
Const adSchemaCubes = 32
Const adSchemaDimensions = 33
Const adSchemaHierarchies = 34
Const adSchemaLevels = 35
Const adSchemaMeasures = 36
Const adSchemaProperties = 37
Const adSchemaMembers = 38
Const adSchemaTrustees = 39
Const adSchemaFunctions = 40
Const adSchemaActions = 41
Const adSchemaCommands = 42
Const adSchemaSets = 43

'---- FieldStatusEnum Values ----
Const adFieldOK = 0
Const adFieldCantConvertValue = 2
Const adFieldIsNull = 3
Const adFieldTruncated = 4
Const adFieldSignMismatch = 5
Const adFieldDataOverflow = 6
Const adFieldCantCreate = 7
Const adFieldUnavailable = 8
Const adFieldPermissionDenied = 9
Const adFieldIntegrityViolation = 10
Const adFieldSchemaViolation = 11
Const adFieldBadStatus = 12
Const adFieldDefault = 13
Const adFieldIgnore = 15
Const adFieldDoesNotExist = 16
Const adFieldInvalidURL = 17
Const adFieldResourceLocked = 18
Const adFieldResourceExists = 19
Const adFieldCannotComplete = 20
Const adFieldVolumeNotFound = 21
Const adFieldOutOfSpace = 22
Const adFieldCannotDeleteSource = 23
Const adFieldReadOnly = 24
Const adFieldResourceOutOfScope = 25
Const adFieldAlreadyExists = 26
Const adFieldPendingInsert = &H10000
Const adFieldPendingDelete = &H20000
Const adFieldPendingChange = &H40000
Const adFieldPendingUnknown = &H80000
Const adFieldPendingUnknownDelete = &H100000

'---- SeekEnum Values ----
Const adSeekFirstEQ = &H1
Const adSeekLastEQ = &H2
Const adSeekAfterEQ = &H4
Const adSeekAfter = &H8
Const adSeekBeforeEQ = &H10
Const adSeekBefore = &H20

'---- ADCPROP_UPDATECRITERIA_ENUM Values ----
Const adCriteriaKey = 0
Const adCriteriaAllCols = 1
Const adCriteriaUpdCols = 2
Const adCriteriaTimeStamp = 3

'---- ADCPROP_ASYNCTHREADPRIORITY_ENUM Values ----
Const adPriorityLowest = 1
Const adPriorityBelowNormal = 2
Const adPriorityNormal = 3
Const adPriorityAboveNormal = 4
Const adPriorityHighest = 5

'---- ADCPROP_AUTORECALC_ENUM Values ----
Const adRecalcUpFront = 0
Const adRecalcAlways = 1

'---- ADCPROP_UPDATERESYNC_ENUM Values ----
Const adResyncNone = 0
Const adResyncAutoIncrement = 1
Const adResyncConflicts = 2
Const adResyncUpdates = 4
Const adResyncInserts = 8
Const adResyncAll = 15

'---- MoveRecordOptionsEnum Values ----
Const adMoveUnspecified = -1
Const adMoveOverWrite = 1
Const adMoveDontUpdateLinks = 2
Const adMoveAllowEmulation = 4

'---- CopyRecordOptionsEnum Values ----
Const adCopyUnspecified = -1
Const adCopyOverWrite = 1
Const adCopyAllowEmulation = 4
Const adCopyNonRecursive = 2

'---- StreamTypeEnum Values ----
Const adTypeBinary = 1
Const adTypeText = 2

'---- LineSeparatorEnum Values ----
Const adLF = 10
Const adCR = 13
Const adCRLF = -1

'---- StreamOpenOptionsEnum Values ----
Const adOpenStreamUnspecified = -1
Const adOpenStreamAsync = 1
Const adOpenStreamFromRecord = 4

'---- StreamWriteEnum Values ----
Const adWriteChar = 0
Const adWriteLine = 1

'---- SaveOptionsEnum Values ----
Const adSaveCreateNotExist = 1
Const adSaveCreateOverWrite = 2

'---- FieldEnum Values ----
Const adDefaultStream = -1
Const adRecordURL = -2

'---- StreamReadEnum Values ----
Const adReadAll = -1
Const adReadLine = -2

'---- RecordTypeEnum Values ----
Const adSimpleRecord = 0
Const adCollectionRecord = 1
Const adStructDoc = 2
%>
0
 
LVL 2

Expert Comment

by:ronkupper
ID: 13740300
You should follow rdivilbiss advice on parameterized SQL.
The first code you've shown here can be hacked in about 20 sec' without any special software.

It is preferable to take the time to learn it rather than putting user's input directly into the SQL statement.

0
 
LVL 29

Expert Comment

by:rdivilbiss
ID: 13740322
You really think it would take that long?  Are you a slow typer <smile>
0
 
LVL 2

Expert Comment

by:ronkupper
ID: 13740402
Slow Connection? o_O

0
 

Expert Comment

by:Chandresh_k6
ID: 13742782
Hello Dear,

try this code I hope with this code you protected your asp pages  ...........

<%
loginname=trim(request.form("loginname"))
password=trim(request.form("password"))

set con=server.createobject("adodb.connection")
Con.Open "YOUR CONNECTION STRING"

Set rs=Server.CreateObject("ADODB.RecordSet")
rs.CurSorType=AdOpenStatic
rs.Open "SELECT * from login",con
      
if lcase(trim(loginname))=rs("login_name") and trim(password)=rs("password") then
      session("loginname")=lcase(trim(loginname))
      response.redirect "otherpage.asp"            
else
      loginname=""
      password=""
end if      
%>

when you get the session("looginname"), according to the above code then you pass session("loginname") to everypage and check the session("loginname") to every asp page.

If you got any error then please write me.

chandresh.k6@gmail.com
0
 
LVL 54

Expert Comment

by:Ryan Chong
ID: 13742794
Chandresh_k6,

that's not gonna to work properly if:

1. your table got more than 1 record (bcos you not include where condition in your sql statement)
2. your table has no record (error handling issue)

just my $0.02
0
 

Author Comment

by:ChrisW2
ID: 13743764
Cheers for all the help guys. Finally got it working with the code which ryancys supplied and a portion added in afterwards by myself to take the user to the originally requested page. Thanks again guys.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
Without even knowing it, most of us are using web applications on a daily basis.  In fact, Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We generally confuse these web applications to…
This video teaches users how to migrate an existing Wordpress website to a new domain.
The viewer will learn how to dynamically set the form action using jQuery.
Suggested Courses
Course of the Month15 days, 12 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question