Hi Guys,
I have a problem with my ASP file. since I'm all new in ASP, i found
that the error statement generated by ASP is confusing. basically what
I want to do in this script is ability to change password. Currently
this script's running well in the PHP version ( I rewrote the entire
PHP app to ASP app):
1. The form contains these fields : old password, new passwd, confirm
new passwd. users have to input old passwd in order to change their
passwd.
2. then the ASP script check old password against tbl_users for that
userid. if found, the script then update password for that user.
I thought this would be easy, since I have no problem running it on
PHP. but when I did it for ASP, I had this following error :
Syntax error in update statement
This is my (horribly) simple code :
oldpasswd = Request.Form("oldpasswd")
newpasswd = Request.Form("newpasswd")
userid = SESSION("userid")
query = "SELECT password FROM tbl_users WHERE userid='" & userid & "'"
set RSusers = dataConn.Execute(query)
referer = Request.Form("referer")
storedpwd = RSusers("password")
if sha256(oldpasswd) = storedpwd then
newencrypted = sha256(newpasswd)
kueri_update = "UPDATE tbl_users SET password='" & newencrypted & "'
WHERE NPK=" & SESSION("npk")
dataConn.Execute(kueri_update)
dataConn.close
Response.Redirect(referer & ".asp")
else
Response.Redirect(referer & ".asp" & "?page=changepasswd&err=on")
END IF
Thank you for your helps.
7  2390 
"UPDATE tbl_users SET password='" & newencrypted & "'
WHERE NPK=" & SESSION("npk")
my guess is that NPK is not a numeric field in your database, so you need to
use quotes.
or one of the variables used is empty at time of execution
<an************@gmail.com> wrote in message
news:11**********************@o13g2000cwo.googlegr oups.com... Hi Guys,
I have a problem with my ASP file. since I'm all new in ASP, i found
that the error statement generated by ASP is confusing. basically what
I want to do in this script is ability to change password. Currently
this script's running well in the PHP version ( I rewrote the entire
PHP app to ASP app):
1. The form contains these fields : old password, new passwd, confirm
new passwd. users have to input old passwd in order to change their
passwd.
2. then the ASP script check old password against tbl_users for that
userid. if found, the script then update password for that user.
I thought this would be easy, since I have no problem running it on
PHP. but when I did it for ASP, I had this following error :
Syntax error in update statement
This is my (horribly) simple code :
oldpasswd = Request.Form("oldpasswd")
newpasswd = Request.Form("newpasswd")
userid = SESSION("userid")
query = "SELECT password FROM tbl_users WHERE userid='" & userid & "'"
set RSusers = dataConn.Execute(query)
referer = Request.Form("referer")
storedpwd = RSusers("password")
if sha256(oldpasswd) = storedpwd then
newencrypted = sha256(newpasswd)
kueri_update = "UPDATE tbl_users SET password='" & newencrypted & "'
WHERE NPK=" & SESSION("npk")
dataConn.Execute(kueri_update)
dataConn.close
Response.Redirect(referer & ".asp")
else
Response.Redirect(referer & ".asp" & "?page=changepasswd&err=on")
END IF
Thank you for your helps.
Thanks Alan for the quick response.
I've checked that possibility and none of variables are empty at the
time of execution. Here's the output of SQL query when I response.write
it :
UPDATE tbl_users SET
password='9834876dcfb05cb167a5c24953eba58c4ac89b1a df57f28f2f9d09af107ee8f0'
WHERE NPK=989
the NPK field is already a number type in db (I use access). Is it
possible that there is a lock mechanism in Access that prevent updating
table when other query read the same table in the same page?
Thanks again :D
an************@gmail.com wrote: Thanks Alan for the quick response.
I've checked that possibility and none of variables are empty at the
time of execution. Here's the output of SQL query when I
response.write
it :
UPDATE tbl_users SET
password='9834876dcfb05cb167a5c24953eba58c4ac89b1a df57f28f2f9d09af107ee8f0'
WHERE NPK=989
the NPK field is already a number type in db (I use access). Is it
possible that there is a lock mechanism in Access that prevent
updating table when other query read the same table in the same page?
No, especially when you use the Execute method to open the recordset: this
will default to a read-only, forward-only cursor, so, no locks.
You are more probably facing a "reserved keyword" problem. If you look here: http://www.aspfaq.com/show.asp?id=2080
You will see that "password" is a reserved keyword wihich should be avoided
for your db object names.
My suggestion would be to change the name of the field, but, if you can't
for some reason, you will need to remember to enclose it in brackets []
whenever you use it in a query run via ADO.
With that out of the way, you need to be aware that by using dynamic sql
(using concatenation to build sql statements) you are leaving your database
and site vulnerable to hackers using sql injection: http://mvp.unixwiz.net/techtips/sql-injection.html http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23
The best way to defeat sql injection is to use parameters, either via saved
parameter queries (my preferred technique): http://www.google.com/groups?hl=en&l...TNGP12.phx.gbl http://groups.google.com/groups?hl=e...tngp13.phx.gbl http://groups-beta.google.com/group/...d322b882a604bd
or by using a Command object to pass parameters to a string containing ODBC
parameter markers: http://groups-beta.google.com/group/...e36562fee7804e
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
It is indeed the problem. I've change the field name and everything
goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks
for the advice.
but it is funny to think that the PHP version (also use Access thru
ODBC), didn't encounter the same problem.
Thanks again :D
an************@gmail.com wrote: It is indeed the problem. I've change the field name and everything
goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks
for the advice.
but it is funny to think that the PHP version (also use Access thru
ODBC), didn't encounter the same problem.
Does PHP use ADO?
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"
I guess not. PHP connects to Access via ODBC, so I think it lacks of
ADO functionality. (pardon me, I'm not so knowledgeable on ADO thingy)
So, maybe because of that PHP can use ADO's reseved words as field's
name, although it uses Access as database. Right?
Thanks for shed some lights here. (and sorry for top posting, won't
happen again :D)
Bob Barrows [MVP] wrote: an************@gmail.com wrote: It is indeed the problem. I've change the field name and everything
goes fine :D. pheww, thanks Bob, really appreciate it, and also thanks
for the advice.
but it is funny to think that the PHP version (also use Access thru
ODBC), didn't encounter the same problem.
Does PHP use ADO?
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" an************@gmail.com wrote: I guess not. PHP connects to Access via ODBC, so I think it lacks of
ADO functionality. (pardon me, I'm not so knowledgeable on ADO thingy)
You can find the ADO API Reference at msdn.microsoft.com/library
So, maybe because of that PHP can use ADO's reseved words as field's
name, although it uses Access as database. Right?
Sort of. ADO enforces a different set of reserved keywords than the set of
keywords enforced by ODBC on its own.
Thanks for shed some lights here. (and sorry for top posting, won't
happen again :D)
Not a problem for me.
--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Tony Clarke |
last post by:
Hi,
I'm trying to write a system thats used for about 50 clients that uses html
forms and php to log details. The problem is that when a client loads the
form page it's given a value which is...
|
by: skidvd |
last post by:
Hello:
I have just recently converted to using the InnoDB table type so that
I can enforce FOREIGN key constraints. I have been using MyISAM
tables (accessed via JDBC) successfully for some...
|
by: Leaf |
last post by:
Greetings,
I've been reading with interest the threads here on deadlocking, as I'm
finding my formerly happy app in a production environment suddenly
deadlocking left and right. It started...
|
by: kalamos |
last post by:
This statement fails
update ded_temp a
set a.balance = (select sum(b.ln_amt)
from ded_temp b
where a.cust_no = b.cust_no
and a.ded_type_cd = b.ded_type_cd
and a.chk_no = b.chk_no
group by...
|
by: Mike R |
last post by:
Hi,
I cant figure out how to do this....
for example:
Select name from mytab order by col1
could return
Mike
|
by: Nick Barr |
last post by:
Hi,
I am trying to gather stats about how many times a resource in our web
app is viewed, i.e. just a COUNT. There are potentially millions of
resources within the system.
I thought of two...
|
by: Ed L. |
last post by:
I think I'm seeing table-level lock contention in the following function
when I have many different concurrent callers, each with mutually distinct
values for $1. Is there a way to reimplement...
|
by: Lada 'Ray' Lostak |
last post by:
Hello there,
I am thinking how to solve another typical problem of online systems
with combination of thin client... Imagine simple case, 2 users are going to
edit 'same' datas. Both see on the...
|
by: Steve |
last post by:
ASP error number 13 - Type mismatch with SELECT...FOR UPDATE statement
I got ASP error number 13 when I use the SELECT...FOR UPDATE statement
as below.
However, if I use SELECT statement without...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
