Help with authentication

Results 1 to 2 of 2

Thread: Help with authentication

  1. #1
    Corin Guest

    Default Help with authentication

    My Code:<BR><BR>&#060;%<BR>&#039Read in the password and username from the form<BR>Dim strUserName, strPassword<BR>strUserName = Request.form("txtName")<BR>strPassword = Request.form("txtPassword")<BR><BR>&#039Establish a database connection...<BR>Session("DatabasePath") = "c:/InetPub/wwwroot/ieg/fpdb/ieg.mdb"<BR><BR>Dim conn<BR> Set conn = Server.CreateObject("ADODB.Connection")<BR> conn.Open "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Session("DatabasePath") & ";"<BR><BR>Dim rs<BR> Set rs = Server.CreateObject("ADODB.Recordset")<BR><BR>&#03 9Run your SQL query<BR>Dim strSQL<BR>strSQL = "SELECT * FROM tblUsers WHERE userID =" & strUserName & " AND password =" & strPassword<BR>rs.Open strSQL, Conn<BR><BR>Response.Write (rs("userID"))<BR>Response.Write (strUserName)<BR><BR><BR>&#039Run the query... (Conn is the name of the database connection)<BR>&#039Dim rs<BR>Set rs = Conn.Execute(strSQL)<BR><BR>&#039If the recordset is not empty, the user is validated<BR>If Not rs.EOF Then<BR> &#039We need to set bolAuthenticated as True!<BR> Session("bolAuthenticated") = True<BR><BR> &#039Send the user to the URL they came from<BR> Response.Redirect Request.form("URL")<BR>Else<BR> &#039The user was not validated...<BR> &#039Take them to a page which tells them they were not validated...<BR> Response.Redirect "/ieg/security/invalid.asp"<BR>End If<BR><BR>%&#062; <BR><BR>Internet Explorers response<BR><BR>Microsoft OLE DB Provider for ODBC Drivers error &#039 80040e10&#039 <BR><BR>[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 2. <BR><BR>/ieg/security/validate.asp, line 21 <BR><BR>Apparently something is wrong with my SQL statement, the parameters are passed from the previous page, the db connection passes the right parameters but it fails. Help!

  2. #2
    Mark Guest

    Default RE: Help with authentication

    The variables (strUserName and strPassword) in your SQL Statement are TEXT Strings. Text Strings in SQL Statements must be enclosed with single quotes if database Field Names (userid and password) are also text strings.<BR>e.g.<BR>strSQL = "SELECT * FROM tblUsers WHERE userID =&#039" & strUserName & "&#039 AND password =&#039" & strPassword & "&#039 "<BR><BR>Of course, if the UserName and Password fields in your database are not text strings (numbers, integers, boolean, dates, etc.), then you must omit the single quotes.<BR><BR>I hope this helps.<BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts