473,326 Members | 2,813 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

ASP and SQL

I have this login script for a certain portion of our website for a while,
and have around ~7500 users in a database that the script accesses.

I added two new columns in this table, the reason for this is because i
found a new trick for adding more security for the section of the site that
this script is protecting. Problem is that now that I have added thee two new
colums, the script does not write in any information in these two columns.

I have copied the script and made a test table and everythign works, and the
infromation is added in those two new columns.

Does anyone know what might be preventing the sciprt from writing in these
tables? Or can you not add columns to a SQL table once it is in use (and that
would make no sense to me if it was like that)

I wish i could provide more information other than posting up the script, as
i get no errors at all.

Any help would be greatly appreciated. Thanks!
Jul 22 '05 #1
3 1339
Athmaus wrote:
I have this login script for a certain portion of our website for a
while, and have around ~7500 users in a database that the script
accesses.

I added two new columns in this table, the reason for this is because
i found a new trick for adding more security for the section of the
site that this script is protecting. Problem is that now that I have
added thee two new colums, the script does not write in any
information in these two columns.

I have copied the script and made a test table and everythign works,
and the infromation is added in those two new columns.
I wish i could provide more information other than posting up the
script, as i get no errors at all.

Any help would be greatly appreciated. Thanks!


At least post the portion of the script that is supposed to write the
information to the database. (we do not need to see any html - we only need
to see the vbscript code that performs the data insertion)

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #2
Here is the code, it works on a fresh database that i setup, but it is not
working on the already established database wehre i put 2 new columns in


If Session("login") = FALSE Then
Response.Redirect "http://www.yahoo.com"
Else

Dim myconn, verify, blnLoggedIn, user, pass, site, logged, objRS, exceeded
Set verify = Server.CreateObject("ADODB.Connection")
verify.open = "connection string"
Set myconn = Server.CreateObject("ADODB.Connection")
myconn.open = "connection string"

'Response.Write(Session("username"))
'Response.Write(Session("password"))

user = CStr(Session("username"))
pass = CStr(Session("password"))

exceeded = 5

Set objRS = myconn.execute("SELECT id, download, totaldl FROM regfreeup
WHERE username='" & user & "' AND pass='" & pass & "';")

If objRS.EOF Then '''NO RECORDS MATCH. USER DID NOT LOG IN CORRECTLY
blnLoggedIn = False
Response.Redirect "http://www.yahoo.com"

Else
If objRS("download") >= exceeded Then 'LOGGED IN AN ABNORMAL TIME
blnLoggedIn = false
Response.Redirect "http://www.google.com"

Else '''EVERYTHING PASSED PROCEEDE WITH DOWNLOAD
blnLoggedIn = True
verify.execute("UPDATE regfreeup set download = (download + 1) , totaldl
= (totaldl + 1) WHERE username='" & user & "' AND pass='" & pass & "';")

Response.Redirect "http://www.ps2.ign.com"

objRS.Close
Set objRS= Nothing
myconn.Close
Set myconn= Nothing
verify.Close
Set verify= Nothing

End If
End If
End If

"Bob Barrows [MVP]" wrote:
Athmaus wrote:
I have this login script for a certain portion of our website for a
while, and have around ~7500 users in a database that the script
accesses.

I added two new columns in this table, the reason for this is because
i found a new trick for adding more security for the section of the
site that this script is protecting. Problem is that now that I have
added thee two new colums, the script does not write in any
information in these two columns.

I have copied the script and made a test table and everythign works,
and the infromation is added in those two new columns.
I wish i could provide more information other than posting up the
script, as i get no errors at all.

Any help would be greatly appreciated. Thanks!


At least post the portion of the script that is supposed to write the
information to the database. (we do not need to see any html - we only need
to see the vbscript code that performs the data insertion)

Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

Jul 22 '05 #3
Athmaus wrote:
Here is the code, it works on a fresh database that i setup, but it
is not working on the already established database wehre i put 2 new
columns in


If Session("login") = FALSE Then
Response.Redirect "http://www.yahoo.com"
Else

Dim myconn, verify, blnLoggedIn, user, pass, site, logged, objRS,
exceeded Set verify = Server.CreateObject("ADODB.Connection")
verify.open = "connection string"
Hopefully you are using a sqloledb connection string ...
http://www.aspfaq.com/show.asp?id=2126
Set myconn = Server.CreateObject("ADODB.Connection")
myconn.open = "connection string"
Why two connection objects? Are these separate database servers? If not,
only one connection is needed. Don't be wasteful of your network and server
rewources.

'Response.Write(Session("username"))
'Response.Write(Session("password"))

user = CStr(Session("username"))
pass = CStr(Session("password"))

exceeded = 5

Set objRS = myconn.execute("SELECT id, download, totaldl FROM
regfreeup WHERE username='" & user & "' AND pass='" & pass & "';")

If objRS.EOF Then '''NO RECORDS MATCH. USER DID NOT LOG IN CORRECTLY
blnLoggedIn = False
Bad technique here. Always close and destroy your ADO objects when finished
with them. The lines of code appearing after a redirect will NOT get
executed.
Response.Redirect "http://www.yahoo.com"

Else
If objRS("download") >= exceeded Then 'LOGGED IN AN ABNORMAL TIME
blnLoggedIn = false
Response.Redirect "http://www.google.com"

Else '''EVERYTHING PASSED PROCEEDE WITH DOWNLOAD
blnLoggedIn = True
verify.execute("UPDATE regfreeup set download = (download + 1) ,
totaldl = (totaldl + 1) WHERE username='" & user & "' AND pass='" &
pass & "';")

Response.Redirect "http://www.ps2.ign.com"

objRS.Close
Set objRS= Nothing
myconn.Close
Set myconn= Nothing
verify.Close
Set verify= Nothing

End If
End If
End If


My recommendations:
1. to facilitate debugging, comment out the redirects
2. Insert some response.write statements so you can follow the execution of
the code.
3. When using dynamic sql, assign your sql statements to variables so they
can be written to response for debugging
4. Use indenting
5. Use parameters
6. Use stored procedures to minimize the trips to the database

Here is how I would rewrite this code:

I would first create a stored procedure on your server, like this:

CREATE PROCEDURE VerifyUser (
@user varchar(50),
@pass varchar(50),
@limit int) AS
IF NOT EXISTS (SELECT * FROM regfreeup WHERE
username= @user AND pass = @pass)
RETURN 1
DECLARE @downloads int
SET @downloads = (SELECT download FROM regfreeup
WHERE username= @user AND pass = @pass)
IF @downloads > @limit
RETURN 2
UPDATE regfreeup set download = (download + 1) ,
totaldl= (totaldl + 1)
WHERE username= @user AND pass = @pass
IF @@ERROR =0
RETURN 0
ELSE
RETURN 3
Then, in ASP, I would use a Command object as follows

<%
Dim myconn, retVal, user, pass, site, logged, exceeded
dim sURL

If Session("login") = FALSE Then
sURL = "http://www.yahoo.com"
Response.Write "Not Logged In. <BR>"
Else
Set myconn = CreateObject("ADODB.Connection")
myconn.open = "connection string"
user = CStr(Session("username"))
pass = CStr(Session("password"))
exceeded = 5

set cmd=createobject("adodb.command")
arParms = array(user,pass)
cmd.commandtext="VerifyUser"
cmd.ActiveConnection = myconn
set params = cmd.Parameters
params.append cmd.CreateParameter("RETURN_VALUE", _
3,4)
params.append cmd.CreateParameter("@user", _
200,1,50,user)
params.append cmd.CreateParameter("@pass", _
200,1,50,pass)
params.append cmd.CreateParameter("@limit", _
3,1,,exceeded)
cmd.Execute ,,129
retVal = params(0).value
select case retVal
case 0
sURL="http://www.ps2.ign.com"
Response.Write "No problems. <BR>"
case 1
sURL = "http://www.yahoo.com"
Response.Write "No problems. <BR>"
case 2
sURL = "http://www.google.com"
Response.Write "Improper login. <BR>"
case 3
sURL = "http://www.microsoft.com"
Response.Write "The update failed. <BR>"
end select
set params=nothing
set cmd=nothing
myconn.close: set myconn=nothing
End If
Response.Write "Redirecting to " &
Server.htmlencode(sURL)
'Response.Redirect sURL
%>
When finished debugging, comment out the response.writes and uncomment the
redirect.

HTH,
Bob Barrows
--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 22 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: William C. White | last post by:
Does anyone know of a way to use PHP /w Authorize.net AIM without using cURL? Our website is hosted on a shared drive and the webhost company doesn't installed additional software (such as cURL)...
2
by: Albert Ahtenberg | last post by:
Hello, I don't know if it is only me but I was sure that header("Location:url") redirects the browser instantly to URL, or at least stops the execution of the code. But appearantely it continues...
3
by: James | last post by:
Hi, I have a form with 2 fields. 'A' 'B' The user completes one of the fields and the form is submitted. On the results page I want to run a query, but this will change subject to which...
0
by: Ollivier Robert | last post by:
Hello, I'm trying to link PHP with Oracle 9.2.0/OCI8 with gcc 3.2.3 on a Solaris9 system. The link succeeds but everytime I try to run php, I get a SEGV from inside the libcnltsh.so library. ...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.