<% ' Get Login Information useremail = TRIM( Request.Form( "useremail" ) ) password = TRIM( Request.Form( "password" ) ) ' Open Database Connection Set Con = Server.CreateObject( "ADODB.Connection" ) Con.Open "accessDSN" ' Get User ID userID = checkpassword(useremail, password, Con) Response.Write "userID = " Response.Write userID Response.End %> There is still no value assigned to "checkpassword" "Ken Schaefer" wrote in message news:%phx.gbl...[ref] > Typo in my code: > > "SELECT user_id, user_password " > > should be > > "SELECT user_id, user_password " & _ > > Cheers > Ken > > "Ken Schaefer" wrote in message > news:phx.gbl...[ref] >> First thing to do is work out where you code is falling to. If you do not >> have a debugger, we can use Response.Write() statements. >> >> Also, removed the extraneous spaces between your values and your negative >> (-) symbols >> Lastly - don't forget to clean up your objects before exiting the routine >> >> Function checkpassword(byVal useremail, byVal password, byRef Con) >> >> Dim sqlString >> Dim objRS >> >> sqlString = _ >> "SELECT user_id, user_password " >> "FROM users " &_ >> "WHERE user_email='" & useremail & "'" >> >> Set objRS = Con.Execute( sqlString ) >> >> If objRS.EOF then >> >> checkpassword = -1 >> Response.Write("-1
") >> >> ElseIf objRS( "user_password" ) = "" then >> >> checkpassword = -2 >> Response.Write("-2
") >> >> ElseIf objRS("user_password" ) <> password then >> >> checkpassword = -3 >> Response.Write("-3
") >> >> ElseIf objRS( "user_password" ) = password then >> >> checkpassword = RS( "user_id" ) >> Response.Write("-4
") >> >> Else >> >> Response.Write("-5
") >> >> End If >> >> objRS.Close >> Set objRS = Nothing >> >> End Function >> >> >> Cheeers >> Ken >> >> wrote in message >> news:phx.gbl...[ref] >>> The code below does not assign any value to "checkpassword" no matter >>> what values are passed to the function. I have used Response.Write on >>> all the values including the "user" table values and all values are >>> valid. I have no clue what's wrong. Can someone provide some help? >>> >>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con ) >>> >>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_ >>> >>> "WHERE user_email='" & useremail & "'" >>> >>> SET RS = Con.Execute( sqlString ) >>> >>> IF RS.EOF THEN >>> >>> checkpassword = - 1 >>> >>> ELSEIF RS( "user_password" ) = "" THEN >>> >>> checkpassword = - 2 >>> >>> ELSEIF RS( "user_password" ) <> password THEN >>> >>> checkpassword = - 3 >>> >>> ELSEIF RS( "user_password" ) = password THEN >>> >>> checkpassword = RS( "user_id" ) >>> >>> ELSE >>> >>> END IF >>> >>> END FUNCTION >>> >>>[/ref] >> >>[/ref] > >[/ref] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => <#U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl> [htmlstate] => on_nl2br [postusername] => [ip] => westernnord@web [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 4 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> > > <% > > ' Get Login Information > > useremail = TRIM( Request.Form( "useremail" ) ) > > password = TRIM( Request.Form( "password" ) ) > > ' Open Database Connection > > Set Con = Server.CreateObject( "ADODB.Connection" ) > > Con.Open "accessDSN" > > ' Get User ID > > userID = checkpassword(useremail, password, Con) > > Response.Write "userID = " > > Response.Write userID > > Response.End > > %> > > There is still no value assigned to "checkpassword" > > > > "Ken Schaefer" wrote in message > news:%phx.gbl...[ref] >> Typo in my code: >> >> "SELECT user_id, user_password " >> >> should be >> >> "SELECT user_id, user_password " & _ >> >> Cheers >> Ken >> >> "Ken Schaefer" wrote in message >> news:phx.gbl...[ref] >>> First thing to do is work out where you code is falling to. If you do >>> not have a debugger, we can use Response.Write() statements. >>> >>> Also, removed the extraneous spaces between your values and your >>> negative (-) symbols >>> Lastly - don't forget to clean up your objects before exiting the >>> routine >>> >>> Function checkpassword(byVal useremail, byVal password, byRef Con) >>> >>> Dim sqlString >>> Dim objRS >>> >>> sqlString = _ >>> "SELECT user_id, user_password " >>> "FROM users " &_ >>> "WHERE user_email='" & useremail & "'" >>> >>> Set objRS = Con.Execute( sqlString ) >>> >>> If objRS.EOF then >>> >>> checkpassword = -1 >>> Response.Write("-1
") >>> >>> ElseIf objRS( "user_password" ) = "" then >>> >>> checkpassword = -2 >>> Response.Write("-2
") >>> >>> ElseIf objRS("user_password" ) <> password then >>> >>> checkpassword = -3 >>> Response.Write("-3
") >>> >>> ElseIf objRS( "user_password" ) = password then >>> >>> checkpassword = RS( "user_id" ) >>> Response.Write("-4
") >>> >>> Else >>> >>> Response.Write("-5
") >>> >>> End If >>> >>> objRS.Close >>> Set objRS = Nothing >>> >>> End Function >>> >>> >>> Cheeers >>> Ken >>> >>> wrote in message >>> news:phx.gbl... >>>> The code below does not assign any value to "checkpassword" no matter >>>> what values are passed to the function. I have used Response.Write on >>>> all the values including the "user" table values and all values are >>>> valid. I have no clue what's wrong. Can someone provide some help? >>>> >>>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con ) >>>> >>>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_ >>>> >>>> "WHERE user_email='" & useremail & "'" >>>> >>>> SET RS = Con.Execute( sqlString ) >>>> >>>> IF RS.EOF THEN >>>> >>>> checkpassword = - 1 >>>> >>>> ELSEIF RS( "user_password" ) = "" THEN >>>> >>>> checkpassword = - 2 >>>> >>>> ELSEIF RS( "user_password" ) <> password THEN >>>> >>>> checkpassword = - 3 >>>> >>>> ELSEIF RS( "user_password" ) = password THEN >>>> >>>> checkpassword = RS( "user_id" ) >>>> >>>> ELSE >>>> >>>> END IF >>>> >>>> END FUNCTION >>>> >>>> >>> >>>[/ref] >> >>[/ref] > >[/ref] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => <#U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl> [htmlstate] => on_nl2br [postusername] => Ken [ip] => kenREMOVE@THISa [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 5 [islastshown] => [isfirstshown] => [attachments] => [allattachments] => ) --> > > <% > > ' Get Login Information > > useremail = TRIM( Request.Form( "useremail" ) ) > > password = TRIM( Request.Form( "password" ) ) > > ' Open Database Connection > > Set Con = Server.CreateObject( "ADODB.Connection" ) > > Con.Open "accessDSN" > > ' Get User ID > > userID = checkpassword(useremail, password, Con) > > Response.Write "userID = " > > Response.Write userID > > Response.End > > %> > > There is still no value assigned to "checkpassword" > > > > "Ken Schaefer" wrote in message > news:%phx.gbl...[ref] > > Typo in my code: > > > > "SELECT user_id, user_password " > > > > should be > > > > "SELECT user_id, user_password " & _ > > > > Cheers > > Ken > > > > "Ken Schaefer" wrote in message > > news:phx.gbl...[ref] > >> First thing to do is work out where you code is falling to. If you do[/ref][/ref][/ref] not[ref][ref][ref] > >> have a debugger, we can use Response.Write() statements. > >> > >> Also, removed the extraneous spaces between your values and your[/ref][/ref][/ref] negative[ref][ref][ref] > >> (-) symbols > >> Lastly - don't forget to clean up your objects before exiting the[/ref][/ref][/ref] routine[ref][ref][ref] > >> > >> Function checkpassword(byVal useremail, byVal password, byRef Con) > >> > >> Dim sqlString > >> Dim objRS > >> > >> sqlString = _ > >> "SELECT user_id, user_password " > >> "FROM users " &_ > >> "WHERE user_email='" & useremail & "'" > >> > >> Set objRS = Con.Execute( sqlString ) > >> > >> If objRS.EOF then > >> > >> checkpassword = -1 > >> Response.Write("-1
") > >> > >> ElseIf objRS( "user_password" ) = "" then > >> > >> checkpassword = -2 > >> Response.Write("-2
") > >> > >> ElseIf objRS("user_password" ) <> password then > >> > >> checkpassword = -3 > >> Response.Write("-3
") > >> > >> ElseIf objRS( "user_password" ) = password then > >> > >> checkpassword = RS( "user_id" ) > >> Response.Write("-4
") > >> > >> Else > >> > >> Response.Write("-5
") > >> > >> End If > >> > >> objRS.Close > >> Set objRS = Nothing > >> > >> End Function > >> > >> > >> Cheeers > >> Ken > >> > >> wrote in message > >> news:phx.gbl... > >>> The code below does not assign any value to "checkpassword" no matter > >>> what values are passed to the function. I have used Response.Write on > >>> all the values including the "user" table values and all values are > >>> valid. I have no clue what's wrong. Can someone provide some help? > >>> > >>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con ) > >>> > >>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_ > >>> > >>> "WHERE user_email='" & useremail & "'" > >>> > >>> SET RS = Con.Execute( sqlString ) > >>> > >>> IF RS.EOF THEN > >>> > >>> checkpassword = - 1 > >>> > >>> ELSEIF RS( "user_password" ) = "" THEN > >>> > >>> checkpassword = - 2 > >>> > >>> ELSEIF RS( "user_password" ) <> password THEN > >>> > >>> checkpassword = - 3 > >>> > >>> ELSEIF RS( "user_password" ) = password THEN > >>> > >>> checkpassword = RS( "user_id" ) > >>> > >>> ELSE > >>> > >>> END IF > >>> > >>> END FUNCTION > >>> > >>> > >> > >>[/ref] > > > >[/ref] > >[/ref] [allowsmilie] => 1 [showsignature] => 0 [ipaddress] => [iconid] => 0 [visible] => 1 [attach] => 0 [infraction] => 0 [reportthreadid] => 0 [isusenetpost] => 1 [msgid] => [ref] => <#U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl> [htmlstate] => on_nl2br [postusername] => Mark [ip] => mschupp@ielearn [isdeleted] => 0 [usergroupid] => [membergroupids] => [displaygroupid] => [password] => [passworddate] => [email] => [styleid] => [parentemail] => [homepage] => [icq] => [aim] => [yahoo] => [msn] => [skype] => [showvbcode] => [showbirthday] => [usertitle] => [customtitle] => [joindate] => [daysprune] => [lastvisit] => [lastactivity] => [lastpost] => [lastpostid] => [posts] => [reputation] => [reputationlevelid] => [timezoneoffset] => [pmpopup] => [avatarid] => [avatarrevision] => [profilepicrevision] => [sigpicrevision] => [options] => [akvbghsfs_optionsfield] => [birthday] => [birthday_search] => [maxposts] => [startofweek] => [referrerid] => [languageid] => [emailstamp] => [threadedmode] => [autosubscribe] => [pmtotal] => [pmunread] => [salt] => [ipoints] => [infractions] => [warnings] => [infractiongroupids] => [infractiongroupid] => [adminoptions] => [profilevisits] => [friendcount] => [friendreqcount] => [vmunreadcount] => [vmmoderatedcount] => [socgroupinvitecount] => [socgroupreqcount] => [pcunreadcount] => [pcmoderatedcount] => [gmmoderatedcount] => [assetposthash] => [fbuserid] => [fbjoindate] => [fbname] => [logintype] => [fbaccesstoken] => [newrepcount] => [vbseo_likes_in] => [vbseo_likes_out] => [vbseo_likes_unread] => [temp] => [field1] => [field2] => [field3] => [field4] => [field5] => [subfolders] => [pmfolders] => [buddylist] => [ignorelist] => [signature] => [searchprefs] => [rank] => [icontitle] => [iconpath] => [avatarpath] => [hascustomavatar] => 0 [avatardateline] => [avwidth] => [avheight] => [edit_userid] => [edit_username] => [edit_dateline] => [edit_reason] => [hashistory] => [pagetext_html] => [hasimages] => [signatureparsed] => [sighasimages] => [sigpic] => [sigpicdateline] => [sigpicwidth] => [sigpicheight] => [postcount] => 6 [islastshown] => 1 [isfirstshown] => [attachments] => [allattachments] => ) --> I have no clue what's wrong - ASP Database

I have no clue what's wrong - ASP Database

The code below does not assign any value to "checkpassword" no matter what values are passed to the function. I have used Response.Write on all the values including the "user" table values and all values are valid. I have no clue what's wrong. Can someone provide some help? FUNCTION checkpassword( byVal useremail, byVal password, byRef Con ) sqlString = "SELECT user_id, user_email, user_password FROM users " &_ "WHERE user_email='" & useremail & "'" SET RS = Con.Execute( sqlString ) IF RS.EOF THEN checkpassword = - 1 ELSEIF RS( "user_password" ) = "" THEN checkpassword = - 2 ELSEIF RS( "user_password" ...

  1. #1

    Default I have no clue what's wrong

    The code below does not assign any value to "checkpassword" no matter what
    values are passed to the function. I have used Response.Write on all the
    values including the "user" table values and all values are valid. I have no
    clue what's wrong. Can someone provide some help?

    FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )

    sqlString = "SELECT user_id, user_email, user_password FROM users " &_

    "WHERE user_email='" & useremail & "'"

    SET RS = Con.Execute( sqlString )

    IF RS.EOF THEN

    checkpassword = - 1

    ELSEIF RS( "user_password" ) = "" THEN

    checkpassword = - 2

    ELSEIF RS( "user_password" ) <> password THEN

    checkpassword = - 3

    ELSEIF RS( "user_password" ) = password THEN

    checkpassword = RS( "user_id" )

    ELSE

    END IF

    END FUNCTION


    Guest

  2. #2

    Default Re: I have no clue what's wrong

    First thing to do is work out where you code is falling to. If you do not
    have a debugger, we can use Response.Write() statements.

    Also, removed the extraneous spaces between your values and your negative
    (-) symbols
    Lastly - don't forget to clean up your objects before exiting the routine

    Function checkpassword(byVal useremail, byVal password, byRef Con)

    Dim sqlString
    Dim objRS

    sqlString = _
    "SELECT user_id, user_password "
    "FROM users " &_
    "WHERE user_email='" & useremail & "'"

    Set objRS = Con.Execute( sqlString )

    If objRS.EOF then

    checkpassword = -1
    Response.Write("-1<br>")

    ElseIf objRS( "user_password" ) = "" then

    checkpassword = -2
    Response.Write("-2<br>")

    ElseIf objRS("user_password" ) <> password then

    checkpassword = -3
    Response.Write("-3<br>")

    ElseIf objRS( "user_password" ) = password then

    checkpassword = RS( "user_id" )
    Response.Write("-4<br>")

    Else

    Response.Write("-5<br>")

    End If

    objRS.Close
    Set objRS = Nothing

    End Function


    Cheeers
    Ken

    <net> wrote in message
    news:phx.gbl... 


    Ken Guest

  3. #3

    Default Re: I have no clue what's wrong

    Typo in my code:

    "SELECT user_id, user_password "

    should be

    "SELECT user_id, user_password " & _

    Cheers
    Ken

    "Ken Schaefer" <com> wrote in message
    news:phx.gbl... 
    >
    >[/ref]


    Ken Guest

  4. #4

    Default Re: I have no clue what's wrong

    I have made all the changes you suggested in the following code:

    FUNCTION checkpassword(byVal useremail,byVal password,byRef Con)

    Dim sqlString

    Dim RSuser

    sqlString = "SELECT user_id, user_email, user_password FROM users " &_

    "WHERE user_email='" & useremail & "'"

    SET RSuser = Con.Execute( sqlString )

    Response.Write "user_id = "

    Response.Write RSuser( "user_id" )

    Response.Write "user_email = "

    Response.Write RSuser( "user_email" )

    Response.Write "user_password = "

    Response.Write RSuser( "user_password" )

    Response.Write "useremail = "

    Response.Write useremail

    Response.Write "password = "

    Response.Write password

    IF RSuser.EOF THEN

    checkpassword = -1

    ELSEIF RSuser( "user_password" ) = "" THEN

    checkpassword = -2

    ELSEIF RSuser( "user_password" ) <> password THEN

    checkpassword = -3

    ELSEIF RSuser( "user_password" ) = password THEN

    checkpassword = RSuser( "user_id" )

    ELSE

    END IF

    RSuser.Close

    SET RSuser = Nothing

    END FUNCTION

    Here is the program that calls "checkpassword":

    <!-- #INCLUDE FILE="storefuncs.asp" -->

    <%

    ' Get Login Information

    useremail = TRIM( Request.Form( "useremail" ) )

    password = TRIM( Request.Form( "password" ) )

    ' Open Database Connection

    Set Con = Server.CreateObject( "ADODB.Connection" )

    Con.Open "accessDSN"

    ' Get User ID

    userID = checkpassword(useremail, password, Con)

    Response.Write "userID = "

    Response.Write userID

    Response.End

    %>

    There is still no value assigned to "checkpassword"



    "Ken Schaefer" <com> wrote in message
    news:%phx.gbl... 
    >>
    >>[/ref]
    >
    >[/ref]


    Guest

  5. #5

    Default Re: I have no clue what's wrong

    You made none of the relevant changes.

    Please look at the code I supplied again. Notice that I put in a number of
    Response.Write() statements inside each of the possible conditions? You need
    to find out where the code is falling to. For example, if your code matches
    none of your conditions, it's going to fall to your empty ELSE clause, and
    no value will be assigned to checkpassword.

    Please use the code I supplied and check the resulting output you see on the
    screen. Please do not post here saying that you have implemented the
    recommended changes if you haven't.

    Thankyou

    Cheers
    Ken

    <net> wrote in message
    news:phx.gbl... 
    >>
    >>[/ref]
    >
    >[/ref]


    Ken Guest

  6. #6

    Default Re: I have no clue what's wrong

    this is not related to your original problem (see Ken's responses) but any
    time you build a SQL statement from user input you need to allow for the
    possibility of embedded single quotes to avoid SQL Injection attacks.

    WHERE user_email='" & Replace(useremail,"'","''") & ...

    --
    Mark Schupp
    Head of Development
    Integrity eLearning
    www.ielearning.com


    <net> wrote in message
    news:phx.gbl... [/ref][/ref]
    not [/ref][/ref]
    negative [/ref][/ref]
    routine 
    > >
    > >[/ref]
    >
    >[/ref]


    Mark Guest

Similar Threads

  1. Anybody have a clue?
    By digitalparser in forum Macromedia Director 3D
    Replies: 1
    Last Post: May 9th, 12:05 AM
  2. NO CLUE what I'm doing-PLEASE HELP !
    By bargaintent in forum Macromedia Contribute Connection Administrtion
    Replies: 0
    Last Post: May 19th, 06:10 PM
  3. haven't a clue!
    By Larry Brindise in forum ASP.NET Security
    Replies: 5
    Last Post: November 24th, 11:11 AM
  4. Working dir -- no clue
    By Matt in forum UNIX Programming
    Replies: 7
    Last Post: September 30th, 09:55 PM
  5. Need a clue or diskEvt
    By Terje in forum Mac Programming
    Replies: 2
    Last Post: August 7th, 11:51 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •