Home....
Developer Network >> Other Programming >> Scripting - Server Side

using asp to write login page

I haven't written asp for many years and i almost forgot all the script...

i have tried to write a login function using asp and mysql and get some errors...hope someone can help.

login.asp

<form id="form1" name="form1" method="post" action="check.asp">
<p>Login</p>
<table width="312" border="1">
<tr>
<td width="47">Login</td>
<td width="249">
<label>
<input type="text" name="username"/>
</label>

</td>
</tr>
<tr>
<td>Password</td>
<td>
<label>
<input name="pwd" type="password" maxlength="10" />
</label>

</td>
</tr>
<tr>
<td> </td>
<td><label>
<input type="submit" name="submit" value="Submit" />
<input type="reset" name="reset" value="Reset" />
</label></td>
</tr>
</table>
<p> </p>
</form>

check.asp

<body>
<%

Dim Conn, cStr, sql, RS, username, pwd
username = Request.Form("username")
pwd = Request.Form("pwd")
Set Conn = Server.CreateObject("ADODB.Connection")
sConnection = "DRIVER={MySQL ODBC 3.51 Driver}; SERVER=localhost; DATABASE=home; UID=user;PASSWORD=111111; OPTION=3"

Conn.Open(cStr)
sql = "select username from tbl_users where loginName = '" & username & " and password = '" & pwd & "'"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
'Error_Msg = "Login Failed. Try Again."
response.redirect "login.asp"
Else
Session("LoggedIn") = "true"
Response.Redirect "menu.asp"
End If

%>

</body>

The error is sth like
must get ';'
check.asp, line 12, column 4
Dim Conn, cStr, sql, RS, username, pwd;
--^

Thank you
[2118 byte] By [dummyagain] at [2007-11-20 4:20:08]
«« Can all API Subs, be declared as Functions?
»» Confused with strings
# 1 Re: using asp to write login page
can you post the exact error message?
the error message line of code contains the ";" character while the code does not..
the code looks fine to me.

by the way..your code is not secure and SQL injection attacks can occur.
you better use command objects with parameterized queries.
hspc at 2007-11-10 3:56:50 >
# 2 Re: using asp to write login page
I am wondering if it's because of the server problem. I am using xp pro IIS which is version 5.1 to test the asp pages... I am wondering if it's the source of problem...

thank you for your advice, I will improve the code after solving this problem.

Thank you
dummyagain at 2007-11-10 3:57:47 >
# 3 Re: using asp to write login page
There are few things wrong with the code here. You should not be using CSTR as a variable name as it is a function name already present in VBScript.

Another thing is that you are saving connection string in sConnection, however while opening the connection you are using cStr as connection string.

Take a look at the bold part of your code Dim Conn, cStr, sql, RS, username, pwd
username = Request.Form("username")
pwd = Request.Form("pwd")
Set Conn = Server.CreateObject("ADODB.Connection")
sConnection = "DRIVER={MySQL ODBC 3.51 Driver}; SERVER=localhost; DATABASE=home; UID=user;PASSWORD=111111; OPTION=3"

Conn.Open(cStr)
sql = "select username from tbl_users where loginName = '" & username & " and password = '" & pwd & "'"
Set RS = Conn.Execute(sql)
If RS.BOF And RS.EOF Then
'Error_Msg = "Login Failed. Try Again."
response.redirect "login.asp"
Else
Session("LoggedIn") = "true"
Response.Redirect "menu.asp"
End If


And lastly you are missing a single quote in your query sql = "select username from tbl_users where loginName = '" & username & "' and password = '" & pwd & "'"
Instead of using direct queries use parametrized queries as suggested above.
Shuja Ali at 2007-11-10 3:58:46 >
Other Programming
Scripting - Server Side

Other Programming

All Classified

Other Programming New Topic

Other Programming Hot Topic