954,600 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
1 Year Ago
0

ASP SQL Query From HTML Input

Hi

I am php coder and new to asp.

I am trying to build a simple login page using asp and the db connection works fine. When the user submit the form and at the sql query section i am getting the following error
"Microsoft OLE DB Provider for ODBC Drivers error '80040e14'"

How do i fix this ? Hope to find some solution here. Thanks in advance...

<%

if Request("btnLogin")="Login" then


'‘-------------------------------------------Get Form Fields--------------------------------‘
txtUsername = request.form("Username")
txtPassword = request.form("Password")

'‘--------------------------------------------Connect to Database-------------------------‘
Dim Conn, sqlstr
Set Conn = Server.Createobject("ADODB.Connection")
Conn.Open "Driver={SQL Server};Server=ACER-PC\SQLEXPRESS;Database=UCTI;UID=sa;PWD=123;"

'‘-------------------------------------------SQL Statement---------------------------------‘
sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName= txtUsername  AND LastName =  txtPassword"

set rs = Conn.execute(sqlstr)

'‘-----------------------------------------Check if user exists---------------------------------‘
If rs.bof and rs.eof Then
response.Write("Access denied")
Else

Session("username") = txtUsername 

Status = rs("Status")

    if Status = "Admin" then
    response.Redirect("welcome.asp")
    end if

    if Status = "Lecturer" then
    response.Redirect("welcome.asp")
    end if

    if Status = "External" then
    response.Redirect("welcome.asp")
    end if

End If





end if
%>


<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM ACTION="login.asp" METHOD="post">
<TABLE BORDER="0">
<TR>
<TD VALIGN="Top">Username:</TD>
<TD VALIGN="Top"><INPUT TYPE="text" NAME="Username"></TD>
</TR>
<TR>
<TD VALIGN="Top">Password:</TD>
<TD VALIGN="Top"><INPUT TYPE="password" NAME="Password"></TD>
</TR>
<TR>
<TD VALIGN="Top"></TD>
<TD VALIGN="Top"><INPUT TYPE="submit" VALUE="Login" name="btnLogin"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
ariffin246
Newbie Poster
12 posts since Aug 2009
Reputation Points: 29
Solved Threads: 0
 
1 Year Ago
Show Comments
1

I believe it has something to do with inserting or updating a record with a NULL value. Check out this article, http://tutorials.aspfaq.com/8000xxxxx-errors/why-do-i-get-80040e14-errors.html .

cfwebdeveloper
Junior Poster in Training
78 posts since May 2011
Reputation Points: 19
Solved Threads: 8
 
1 Year Ago
0
I believe it has something to do with inserting or updating a record with a NULL value. Check out this article, http://tutorials.aspfaq.com/8000xxxxx-errors/why-do-i-get-80040e14-errors.html .


Thanks. I tried looking at it and modified my code from

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName=txtUsername AND LastName = txtPassword "


to

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName=  '" + txtUsername +"'   AND LastName = '"+ txtPassword"' "


I am still getting the error and unable to check the database and let the user login.

ariffin246
Newbie Poster
12 posts since Aug 2009
Reputation Points: 29
Solved Threads: 0
 
1 Year Ago
0

Solved It By Using The Following Query

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName= '" & txtUsername& "' AND LastName= '"&txtPassword&"' "


Thanks To Those Who Had Helped Me Solving The Problem

ariffin246
Newbie Poster
12 posts since Aug 2009
Reputation Points: 29
Solved Threads: 0
 
1 Year Ago
0

Yeah, I forgot you have to use & and not + in asp.net. Glad you got it ;)

cfwebdeveloper
Junior Poster in Training
78 posts since May 2011
Reputation Points: 19
Solved Threads: 8
 
11 Months Ago
0

suggestion: avoid using such sql statements, use stored procedures OR ensure that the there are sufficient checks to avoid sql injection attacks - e.g. in txtusername and txtpassword. The way your code has been written, it leaves quite a few options for a mediocre hacker to insert some malicious sql - at worst you might end up with all data deleted or tables dropped.

jfarrugia
Junior Poster
113 posts since May 2011
Reputation Points: 17
Solved Threads: 17
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed