473,326 Members | 2,102 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,326 software developers and data experts.

login

I'm having a bit of problem with a login script

<%
Dim sql
Dim len
Dim username, password
username = request.form("username")
password = request.form("pass")

sql = "Select * from Users where User_ID = '" & username & "' AND password =
'" & password & "';"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rs = Server.CreateObject("ADODB.Recordset")

rs.Open sql, adoCon
len = rs.recordcount
response.write len
%>

This outputs -1 regardless if I enter the correct username\password or not.
Wondering if my sql sentence is correct, not sure about the " and ' is
correct. Both User_ID and password are text fields in the database
Jul 19 '05 #1
4 2889
There are a number of issues with your code below that I notice.

1. When you have a column named "username" or "password" you should
[bracket] it so there are not issues with reserved SQL words.
2. Instead of selecting *, just select one column or even some arbitrary
data. If you need to pull in all the data for that user, name your columns
individually then.
3. Don't bother doing the createobject("adodb.recordset") thing.
4. For the -1 count, see here http://www.aspfaq.com/2193.

I suggest this code, assuming that all you want is to validate the login.
bUserLoggedIn = False
sUsername = Request.Form("username")
sPassword = Request.Form("password")

sUsername = Replace(sUsername, "'", "''")
sPassword = Replace(sUsername, "'", "''") ''or put this in a function

sSQL = "SELECT [id] FROM [User_ID] WHERE [Username]='" & sUsername & "' AND
[Password]='" & sPassword & "'"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rsLogin = adoCon.Execute(sSQL)
bUserLoggedIn = Not rsLogin.EOF
rsLogin.Close
Set rsLogin = Nothing
adoCon.Close
Set adoCon = Nothing

Ray at work

"bender online.no>" <laasunde@<remove> wrote in message
news:em**************@TK2MSFTNGP11.phx.gbl...
I'm having a bit of problem with a login script

<%
Dim sql
Dim len
Dim username, password
username = request.form("username")
password = request.form("pass")

sql = "Select * from Users where User_ID = '" & username & "' AND password = '" & password & "';"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rs = Server.CreateObject("ADODB.Recordset")

rs.Open sql, adoCon
len = rs.recordcount
response.write len
%>

This outputs -1 regardless if I enter the correct username\password or not. Wondering if my sql sentence is correct, not sure about the " and ' is
correct. Both User_ID and password are text fields in the database

Jul 19 '05 #2
If you actually "need" the recordcount then you need to use an appropriate
cursor.
If you just want to ensure you have a match for the combination than you can
do..

rs.Open sql, adoCon 'or better yet....Set rs=adoCon.Execute(sql)
if rs.EOF then
'there are no records, so no match
else
'there is a record, so it's a match
end if

You may want to change your sql to
"Select User_ID from Users where User_ID='" & username & "' AND password='"
& password & "'"

as using the * adds a bit of overhead.

You should ensure your users haven't passed in bad data.

Take a look at www.aspfaq.com

"bender online.no>" <laasunde@<remove> wrote in message
news:em**************@TK2MSFTNGP11.phx.gbl...
I'm having a bit of problem with a login script

<%
Dim sql
Dim len
Dim username, password
username = request.form("username")
password = request.form("pass")

sql = "Select * from Users where User_ID = '" & username & "' AND password = '" & password & "';"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rs = Server.CreateObject("ADODB.Recordset")

rs.Open sql, adoCon
len = rs.recordcount
response.write len
%>

This outputs -1 regardless if I enter the correct username\password or not. Wondering if my sql sentence is correct, not sure about the " and ' is
correct. Both User_ID and password are text fields in the database

Jul 19 '05 #3
recordcount will not work with the default cursor type you are using for the
recordset. However, instead of switching to a more expensive cursor, I have
two alternative suggestions. The one you choose depends on what you need to
use the data in the recordset for:

1. If all you need to do is determine if the user_ID/password (bad!
"password" is very likely to be a reserved word - I don't have time to look
it up right now to verify this, but I think you should rename this field)
exists, then simply do this:
sql = "Select count(*) from Users where User_ID = '" & username & _
"' AND password ='" & password & "';"
'for debugging:
response.write sql
....
rs.Open sql, adoCon,,,1
len = rs(0).value
rs.close
set rs=nothing
adoCon.close
set adoCon = nothing
response.write len

2.If you need to do something with the data in the recordset, then first of
all, you should explicitly name the fields that you want to return from the
table instead of using "select *" and then use getrows to stuff the data
from the recordset into an array, allowing you to immediately close your
recordset and connection (a good thing for scalability), and to use this
code to determine the number of records ... actually, I assume there's only
one record per user, so recordcount is not needed in this case either: all
you really need to do is determine if the query returned any records. You
can test the EOF property ro figure this out:

rs.Open sql, adoCon,,,1
if not rs.EOF then
ar = rs.getrows
end if
rs.close
set rs = nothing
adoCon.close
set adoCon = nothing
if isarray(ar) then
for iRow = 0 to ubound(ar,2)
for iCol = 0 to ubound(ar,1)
response.write ar(iCol, iRow) & "; "
next
response.write "<BR>"
next
else
response.write "No records were returned"
end if

HTH,
Bob Barrows
I'm having a bit of problem with a login script

<%
Dim sql
Dim len
Dim username, password
username = request.form("username")
password = request.form("pass")

sql = "Select * from Users where User_ID = '" & username & "' AND
password = '" & password & "';"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rs = Server.CreateObject("ADODB.Recordset")

rs.Open sql, adoCon
len = rs.recordcount
response.write len
%>

This outputs -1 regardless if I enter the correct username\password
or not. Wondering if my sql sentence is correct, not sure about the "
and ' is correct. Both User_ID and password are text fields in the
database

Jul 19 '05 #4
With RS
.CursorLocation = adUseServer
.Open QSL, adoCon
len = .RecordCount
End With

Meindert
I'm having a bit of problem with a login script

<%
Dim sql
Dim len
Dim username, password
username = request.form("username")
password = request.form("pass")

sql = "Select * from Users where User_ID = '" & username & "' AND password = '" & password & "';"

set adoCon = server.CreateObject ("adodb.connection")
adoCon.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" &_
Server.MapPath("something.mdb") & ";Persist Security Info=False"

Set rs = Server.CreateObject("ADODB.Recordset")

rs.Open sql, adoCon
len = rs.recordcount
response.write len
%>

This outputs -1 regardless if I enter the correct username\password or not. Wondering if my sql sentence is correct, not sure about the " and ' is
correct. Both User_ID and password are text fields in the database

Jul 19 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

3
by: koolyio | last post by:
Hey, could you please tell me what is wrong with my login script. I just started learning php. CODE: login.php <? session_start(); header("Cache-Control: private"); ?>
5
by: Simon | last post by:
Hi, I have a Login.php page that logs the user in and out. I has two forms within the page, (depending on what we are trying to do), either one to log in or out. The form calls itself using a...
1
by: Tom Jones | last post by:
Hi, I am using the HttpWebRequest and HttpWebResponse classes to pull information from a web server on the internet. I have an account on one of the webservers that I need to log into...
2
by: Beginner | last post by:
I know this is an old question, but searching all over the internet plus several MS security conferences, still haven't got a straight anwser. Basically, the login.aspx is on one dedicated server...
4
by: nicholas | last post by:
Hi, Got an asp.net application and I use the "forms" authentication mode defined in the web.config file. Everything works fine. But now I would like to add a second, different login page for...
2
by: IdleBrain | last post by:
Hello All: I used a Login control to authenticate a user to login. The problem is that when I login with good username & password, the login view would say that the login was successful. But...
6
by: AppleBag | last post by:
I'm having the worst time trying to login to myspace through code. Can someone tell me how to do this? Please try it yourself before replying, only because I have asked this a couple of times in...
4
tolkienarda
by: tolkienarda | last post by:
Hi all I work for a small webdesign company and we have remote hosting. i built a mysql database with phpmyadmin on the server. i then downloaded and modified a php login page. i am continuing to...
3
by: satishknight | last post by:
Hi, Can some one tell me how to change the validation sequence for the code pasted below, actually what I want it when any one enters the wrong login information (already registered users) then it...
13
by: Apostle | last post by:
Hi all, after thinking for sometimes, I thought it will be great opportunity to learn if I will start from scratch and build my own register/login system. Here is the thread that I will be posting...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
1
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.