By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,162 Members | 1,061 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,162 IT Pros & Developers. It's quick & easy.

value is not showing under recordset.eof using parameterized query in vbscript

P: 4
I am creating one login validation page for my classic asp site(vbscript). as i want prevent my page from sql injection, i used parametrized queries in my page but i am unable to retrieve value after writing if "not recordset.eof" line. value is not passing. please help me to solve this issue. my code is below given.

Expand|Select|Wrap|Line Numbers
  1. <%
  2. Dim Objrs, objConn, objCmd, str
  3.  
  4. Set objConn = Server.CreateObject("ADODB.Connection")
  5. Set objCmd  = Server.CreateObject("ADODB.Command")
  6. Set Objrs   = Server.CreateObject("ADODB.Recordset")
  7.  
  8. objConn.open MM_connDUdirectory_STRING '(already created)
  9.  
  10. Set objCmd.ActiveConnection = objConn
  11.  
  12. str = "SELECT * FROM admin WHERE Ausr=? AND Apwd=?"
  13.  
  14. objCmd.CommandText = str
  15. objCmd.CommandType = adCmdText
  16.  
  17. dim objParam1, objParam2
  18. Set objParam1 = objCmd.CreateParameter("param1", adVarChar, adParamInput, len(StrUserName), "")
  19. objCmd.Parameters.Append objParam1
  20. objCmd.Parameters("param1") = StrUserName
  21.  
  22. Set objParam2 = objCmd.CreateParameter("param2", adVarChar, adParamInput, len(StrPassword), "")
  23. objCmd.Parameters.Append objParam2
  24. objCmd.Parameters("param2") = StrPassword
  25. set objRS = objCmd.execute
  26.  
  27.  
  28. if objRS.EOF <> True and objRS.BOF <> True then
  29. if Objrs("Ausr") = objCmd.Parameters("param1") then
  30. response.Write(Objrs("Ausr"))
  31. 'response.Write should show username but its showing blank
  32. end if
  33. end if
  34. %>
  35.  
Aug 1 '14 #1
Share this question for a faster answer!
Share on Google+

Post your reply

Sign in to post your reply or Sign up for a free account.