ASP syntax--Please help me

Discussion in 'C#' started by computerzworld, Apr 25, 2007.

0
  1. #1
    I have made one ASP form after login form. This form validates username and password which are entered on the login form and these username and password are stored in SQL server database. I want to compare these two values means the value entered in login form and the value which are in the database. I am giving the code along with this message. Please tell me what's the error in it? Thanks in advance.

    code:
    <%
    set cn = Server.CreateObject("ADODB.Connection")
    set rs = server.CreateObject("ADODB.Recordset")

    cn.Open "Provider=MSDASQL.1;Password=sa;Persist Security Info=True;User ID=sa;Data Source=con_elec"


    rs.open "select * from login",cn, 1,2
    While rs.EOF = False
    uname1=rs.Fields(0)
    pass1=rs.Fields(1)
    Response.Write uname1
    Response.Write pass1
    rs.MoveNext

    Dim str,str1
    str=Request("uname")
    str1=Request("pass")
    session("user")=uname

    If(str= "&uname1&" and str1="&pass1&") Then
    Response.Redirect("http://localhost/asp/uadmin.asp")
    Else
    Response.Write("Invalid username or password")
    End IF
    %>
    <%Wend
    rs.Close
    cn.Close
    Set rs = Nothing
    Set cn = Nothing
    %>
     
    computerzworld, Apr 25, 2007 IP
  2. VishalVasani

    VishalVasani Peon

    Messages:
    560
    Likes Received:
    7
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Hello ,


    The If condition is wrong.... It should be

    If(trim(str)= trim(uname1) and trim(str1)=trim(pass1)) Then

    check it on your end....
     
    VishalVasani, Apr 25, 2007 IP
  3. Aztral

    Aztral Well-Known Member

    Messages:
    344
    Likes Received:
    15
    Best Answers:
    0
    Trophy Points:
    125
    #3
    How about
    <%
    function TestLogin( szUser, szPassword)
    set cn = Server.CreateObject("ADODB.Connection")
    set rs = server.CreateObject("ADODB.Recordset")
    cn.Open "Provider=MSDASQL.1;Password=sa;Persist Security Info=True;User ID=sa;Data Source=con_elec"

    rs.open "select * from login WHERE username ='" & szUser & "' AND password = '" & szPassword & "';",cn, 1,2

    If rs.EOF = true AND rs.BOF = true then
    TestLogin= false
    Else
    TestLogin= true
    End If

    'rs.Close 'not needed. closing the connection closes any open rs...unless you create a disconnected rs :)
    cn.Close
    Set rs = Nothing
    Set cn = Nothing

    end function

    If TestLogin( Request("uname"), Request("pass") ) Then
    Session("user")=Request("uname") 'only set session var IF login is ok
    Response.Redirect("http://localhost/asp/uadmin.asp")
    Else
    Session("user")= "" ' clear out the session var just to be safe
    Response.Write("Invalid username or password")' or redirect to a "wrong login" page
    End IF
    %>
     
    Aztral, May 17, 2007 IP