Checking database

Results 1 to 2 of 2

Thread: Checking database

  1. #1
    Join Date
    Dec 1969

    Default Checking database

    Ok i cannot see what is wrong with this code below. It always returns me to unauthorised.htm and i don&#039;t know why.<BR><BR>&#060;%<BR>&#039;Dimension variables<BR>Dim oConn &#039;Database Connection Variable<BR>Dim sConnString &#039;Holds the Database driver and the path and name of the database<BR>Dim rsCheckUser &#039;Database Recordset Variable<BR>Dim strSQL &#039;Database query sring<BR>Dim strUserName &#039;Holds the user name<BR><BR>&#039;Initalise the strUserName variable<BR>strUserName = Request.Form("UsernameText")<BR><BR>&#039;Create a connection odject<BR>Set oConn = Server.CreateObject("ADODB.Connection")<BR> <BR>&#039;Database connection info and driver<BR>sConnString = "DRIVER={Microsoft Access Driver (*.mdb)};" & _ <BR> "DBQ=" & Server.MapPath("forum.mdb") & ";"<BR><BR>&#039;Set an active connection to the Connection object<BR>oConn.Open(sConnString)<BR><BR>&#039;Cre ate a recordset object<BR>Set rsCheckUser = Server.CreateObject("ADODB.Recordset")<BR><BR>&#03 9;Initalise the strSQL variable with an SQL statement to query the database<BR>strSQL = "SELECT normalusers.password FROM normalusers WHERE normalusers.username =&#039;" & strUserName & "&#039;"<BR><BR>&#039;Query the database<BR>rsCheckUser.Open strSQL, sConnString<BR><BR>&#039;If the recordset finds a record for the username entered then read in the password for the user<BR>If NOT rsCheckUser.EOF Then<BR> <BR> &#039;Read in the password for the user from the database<BR> If (Request.Form("PasswordText")) = rsCheckUser("password") Then<BR> <BR> &#039;If the password is correct then set the session variable to True<BR> Session("blnIsUserGood") = True<BR> <BR> &#039;Close Objects before redirecting<BR> Set oConn = Nothing<BR> Set sConnString = Nothing<BR> Set rsCheckUser = Nothing<BR> <BR> &#039;Redirect to the authorised user page and send the users name<BR> Response.Redirect"main.htm"<BR> End If<BR>End If<BR> <BR>&#039;Close Objects<BR>Set oConn = Nothing<BR>Set sConnString = Nothing<BR>Set rsCheckUser = Nothing<BR> <BR>&#039;If the script is still running then the user must not be authorised<BR>Session("blnIsUserGood") = False<BR><BR>&#039;Redirect to the unautorised user page<BR>Response.Redirect"unauthorised.htm"<BR>%&# 062;<BR><BR>the path to the database is correct because i have used that exact same code for the register function and that adds users to the database pefectly.

  2. #2
    Join Date
    Dec 1969

    Default RE: Checking database

    just do some debugging. print your variables to the screen to ensure what you&#039;re comparing is actually what you&#039;re supposed to be comparing. by the way, what&#039;s wrong with<BR><BR>"SELECT userID FROM tblUsers WHERE userName = &#039;whatever&#039; AND userPassword = &#039;whatever&#039;"<BR><BR>?<BR><BR>What exactly is the point of comparing it in the VBScript, when you could skip a step by comparing it in the SQL?<BR><BR>j<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts