Hi Guys,
I have a problem with my ASP file. since I'm all new in ASP, i found
that the error statement generated by ASP is confusing. basically what
I want to do in this script is ability to change password. Currently
this script's running well in the PHP version ( I rewrote the entire
PHP app to ASP app):
1. The form contains these fields : old password, new passwd, confirm
new passwd. users have to input old passwd in order to change their
passwd.
2. then the ASP script check old password against tbl_users for that
userid. if found, the script then update password for that user.
I thought this would be easy, since I have no problem running it on
PHP. but when I did it for ASP, I had this following error :
Syntax error in update statement
This is my (horribly) simple code :
oldpasswd = Request.Form("o ldpasswd")
newpasswd = Request.Form("n ewpasswd")
userid = SESSION("userid ")
query = "SELECT password FROM tbl_users WHERE userid='" & userid & "'"
set RSusers = dataConn.Execut e(query)
referer = Request.Form("r eferer")
storedpwd = RSusers("passwo rd")
if sha256(oldpassw d) = storedpwd then
newencrypted = sha256(newpassw d)
kueri_update = "UPDATE tbl_users SET password='" & newencrypted & "'
WHERE NPK=" & SESSION("npk")
dataConn.Execut e(kueri_update)
dataConn.close
Response.Redire ct(referer & ".asp")
else
Response.Redire ct(referer & ".asp" & "?page=changepa sswd&err=on")
END IF
Thank you for your helps. 7 2409
"UPDATE tbl_users SET password='" & newencrypted & "'
WHERE NPK=" & SESSION("npk")
my guess is that NPK is not a numeric field in your database, so you need to
use quotes.
or one of the variables used is empty at time of execution
<an************ @gmail.com> wrote in message
news:11******** **************@ o13g2000cwo.goo glegroups.com.. . Hi Guys,
I have a problem with my ASP file. since I'm all new in ASP, i found that the error statement generated by ASP is confusing. basically what I want to do in this script is ability to change password. Currently this script's running well in the PHP version ( I rewrote the entire PHP app to ASP app): 1. The form contains these fields : old password, new passwd, confirm new passwd. users have to input old passwd in order to change their passwd. 2. then the ASP script check old password against tbl_users for that userid. if found, the script then update password for that user.
I thought this would be easy, since I have no problem running it on PHP. but when I did it for ASP, I had this following error : Syntax error in update statement
This is my (horribly) simple code :
oldpasswd = Request.Form("o ldpasswd") newpasswd = Request.Form("n ewpasswd") userid = SESSION("userid ") query = "SELECT password FROM tbl_users WHERE userid='" & userid & "'" set RSusers = dataConn.Execut e(query) referer = Request.Form("r eferer") storedpwd = RSusers("passwo rd") if sha256(oldpassw d) = storedpwd then newencrypted = sha256(newpassw d) kueri_update = "UPDATE tbl_users SET password='" & newencrypted & "' WHERE NPK=" & SESSION("npk") dataConn.Execut e(kueri_update) dataConn.close Response.Redire ct(referer & ".asp") else Response.Redire ct(referer & ".asp" & "?page=changepa sswd&err=on") END IF
Thank you for your helps.
Thanks Alan for the quick response.
I've checked that possibility and none of variables are empty at the
time of execution. Here's the output of SQL query when I response.write
it :
UPDATE tbl_users SET
password='98348 76dcfb05cb167a5 c24953eba58c4ac 89b1adf57f28f2f 9d09af107ee8f0'
WHERE NPK=989
the NPK field is already a number type in db (I use access). Is it
possible that there is a lock mechanism in Access that prevent updating
table when other query read the same table in the same page?
Thanks again :D an************@ gmail.com wrote: Thanks Alan for the quick response.
I've checked that possibility and none of variables are empty at the time of execution. Here's the output of SQL query when I response.write it : UPDATE tbl_users SET password='98348 76dcfb05cb167a5 c24953eba58c4ac 89b1adf57f28f2f 9d09af107ee8f0' WHERE NPK=989 the NPK field is already a number type in db (I use access). Is it possible that there is a lock mechanism in Access that prevent updating table when other query read the same table in the same page?
No, especially when you use the Execute method to open the recordset: this
will default to a read-only, forward-only cursor, so, no locks.
You are more probably facing a "reserved keyword" problem. If you look here: http://www.aspfaq.com/show.asp?id=2080
You will see that "password" is a reserved keyword wihich should be avoided
for your db object names.
My suggestion would be to change the name of the field, but, if you can't
for some reason, you will need to remember to enclose it in brackets []
whenever you use it in a query run via ADO.
With that out of the way, you need to be aware that by using dynamic sql
(using concatenation to build sql statements) you are leaving your database
and site vulnerable to hackers using sql injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
The best way to defeat sql injection is to use parameters, either via saved
parameter queries (my preferred technique): http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl http://groups-beta.google.com/group/...d322b882a604bd
or by using a Command object to pass parameters to a string containing ODBC
parameter markers: http://groups-beta.google.com/group/...e36562fee7804e
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
It is indeed the problem. I've change the field name and everything
goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks
for the advice.
but it is funny to think that the PHP version (also use Access thru
ODBC), didn't encounter the same problem.
Thanks again :D an************@ gmail.com wrote: It is indeed the problem. I've change the field name and everything goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks for the advice.
but it is funny to think that the PHP version (also use Access thru ODBC), didn't encounter the same problem.
Does PHP use ADO?
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
I guess not. PHP connects to Access via ODBC, so I think it lacks of
ADO functionality. (pardon me, I'm not so knowledgeable on ADO thingy)
So, maybe because of that PHP can use ADO's reseved words as field's
name, although it uses Access as database. Right?
Thanks for shed some lights here. (and sorry for top posting, won't
happen again :D)
Bob Barrows [MVP] wrote: an************@ gmail.com wrote: It is indeed the problem. I've change the field name and everything goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks for the advice.
but it is funny to think that the PHP version (also use Access thru ODBC), didn't encounter the same problem. Does PHP use ADO?
-- Microsoft MVP - ASP/ASP.NET Please reply to the newsgroup. This email account is my spam trap so I don't check it very often. If you must reply off-line, then remove the "NO SPAM" an************@ gmail.com wrote: I guess not. PHP connects to Access via ODBC, so I think it lacks of ADO functionality. (pardon me, I'm not so knowledgeable on ADO thingy)
You can find the ADO API Reference at msdn.microsoft. com/library
So, maybe because of that PHP can use ADO's reseved words as field's name, although it uses Access as database. Right?
Sort of. ADO enforces a different set of reserved keywords than the set of
keywords enforced by ODBC on its own. Thanks for shed some lights here. (and sorry for top posting, won't happen again :D)
Not a problem for me.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Tony Clarke |
last post by:
Hi,
I'm trying to write a system thats used for about 50 clients that uses html
forms and php to log details. The problem is that when a client loads the
form page it's given a value which is the last record in a table +1 (i.e. so
its the next record). The problem with that is that a client could sit on
that page for 20 mins (or whatever length of time) and a different client
could use that record number and there what be an error...
|
by: skidvd |
last post by:
Hello:
I have just recently converted to using the InnoDB table type so that
I can enforce FOREIGN key constraints. I have been using MyISAM
tables (accessed via JDBC) successfully for some time. However, I
have just come across a problem with the new configuration that
boggles my mind....
First some configuration data:
|
by: Leaf |
last post by:
Greetings,
I've been reading with interest the threads here on deadlocking, as I'm
finding my formerly happy app in a production environment suddenly
deadlocking left and right. It started around the time I decided to
wrap a series of UPDATE commands with BEGIN/END.
The gist of it is I have a .NET app that can do some heavy reading (no
writing) from tblWOS. It can take a minute or so to read all the data
into the app, along with data...
|
by: kalamos |
last post by:
This statement fails
update ded_temp a
set a.balance = (select sum(b.ln_amt)
from ded_temp b
where a.cust_no = b.cust_no
and a.ded_type_cd = b.ded_type_cd
and a.chk_no = b.chk_no
group by cust_no, ded_type_cd, chk_no)
|
by: Mike R |
last post by:
Hi,
I cant figure out how to do this....
for example:
Select name from mytab order by col1
could return
Mike
| |
by: Nick Barr |
last post by:
Hi,
I am trying to gather stats about how many times a resource in our web
app is viewed, i.e. just a COUNT. There are potentially millions of
resources within the system.
I thought of two methods:
1. An extra column in the resource table which contains a count.
a. Each time a resource is viewed an UPDATE statement is run.
|
by: Ed L. |
last post by:
I think I'm seeing table-level lock contention in the following function
when I have many different concurrent callers, each with mutually distinct
values for $1. Is there a way to reimplement this function using
select-for-update (or equivalent) in order to get a row-level lock (and
thus less contention) while maintaining the function interface? The docs
seem to suggest so, but it's not clear how to return the SETOF queued_item
and also...
|
by: Lada 'Ray' Lostak |
last post by:
Hello there,
I am thinking how to solve another typical problem of online systems
with combination of thin client... Imagine simple case, 2 users are going to
edit 'same' datas. Both see on the 'screen' the same, after they started
edit them. First one changes datas and submit changes (sucessfully).
Database (set tables - inserts/updates/deleting) was changed. At this point,
datas which second user is watching are not valid anymore. They...
|
by: Steve |
last post by:
ASP error number 13 - Type mismatch with SELECT...FOR UPDATE statement
I got ASP error number 13 when I use the SELECT...FOR UPDATE statement
as below.
However, if I use SELECT statement without FOR UPDATE, it is fine and
no error.
I also tried Set objRs = objConn.Execute("SELECT * FROM EMP UPDATE OF
EMPNO"), but it still couldn't help.
any ideas? I tried to search in the web but couldn't find similar
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |