On 17 Sep 2003 10:12:15 -0700 in comp.databases.ms-access,
swasak@hotmail.com (Alan Murrell) wrote:
[color=blue]
>Hello,
>
>One of our web hosting clients is getting the following error when
>someone tried to log in form their login page:
>
>--- ODBC ERROR ---
>Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
>
>[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing
>operator) in query expression 'userid= AND password='''.
>
>/store/process_login.asp, line 26
>--- ODBC ERROR ---
>
>When I open the 'process_login.asp' page in Notepad, this is the code
>snippet:
>
>(Note, the numbers at the beginning of each line are not in the code;
>they are reference for line numbers for the purposes of this post)
>
>--- CODE SNIPPET ---
>23 strsql = "SELECT * FROM registry WHERE userid=" & userid & " "
>24 strsql = strsql & "AND password='" & Request("pass") & "'"
>25
>26 rstlogin.Open strsql, oconnect
>--- CODE SNIPPET ---
>
>So line 26 is actually the 'rstlogin.Open' line. Unfortunately, I am
>not an ASP coder, just a Systems Admin, and the person who originally
>coded this is not available, so it's dropped in my lap, it appears.
>
>Your help in shedding any light on this is greatly appreciated.
>Please let me know if there is any further info you need (more
>snippets, perhaps??), and I will see what I can do to provide them[/color]
Somewhere along the line, you haven't populated the variable called
userid.
Also for blank passwords you want to do something like:
strsql = strsql & "and password"
if len(Request("pass")=0 then
strsql = strsql & " Is Null"
else
strsql = strsql & " = '" & Request("Pass") & "'"
end if
--
A)bort, R)etry, I)nfluence with large hammer.
