Is this method of validation for password and username considered to be
secured. In my previous post I was given a solution that uses command
object and the values are parsed by parameters. But the solution only
worked well for insert and delete, but not select.
<%
if Request.QuerySt ring("Action") = 1 then
username = Trim(request.fo rm("username") )
password = Trim(request.fo rm("password") )
if username <> "" and password <> "" then
set conn = server.CreateOb ject("ADODB.Con nection")
conn.connection string = "Provider=Micro soft.Jet.OLEDB. 4.0;Data
Source=" & Server.MapPath( "/db/upload/stelladb.mdb") & ";"
conn.open
set rs = server.CreateOb ject("ADODB.Rec ordset")
sql = "SELECT Count(*) FROM Account WHERE username='" &
username & "' AND password='" & password & "'"
rs.open sql,conn,3,3
if rs.Fields(0) = 1 then
session("boolea n") = "true"
response.redire ct "main.asp"
else
session("boolea n") = "false"
response.write "<center><f ont class='error'>E rror: Invalid
Authentication</font></center><br><br> "
end if
conn.close
Set conn = nothing
end if
end if
%>
Eugene Anthony
*** Sent via Developersdex http://www.developersdex.com ***