"rs is nothing" doesn't seem to work

Discussion in 'ASP General' started by Avlan, Jan 10, 2006.

  1. Avlan

    Avlan Guest

    Hi,

    I'm pretty new with ASP-coding, but I got a simple login working. I let
    the user enter a username and password and through a SQL-statement I
    check if there is a corresponding password in the database (Yes I know,
    not very good security but for the moment it's enough). Problem is that
    when I enter a false user/password, I want the code to redirect to
    another .asp-page which states the user is not valid. Problem lies
    within the statement "if rsMOS is nothing then response.redirect
    "VWGloginAgain.asp" ". Somehow, the code does not return 'nothing' but
    something else.

    How do I figure out what it returns? Or, how can I make sure it returns
    a 'nothing' when no such password is found in the database?

    Here's my code snippet ('usr' and 'ww' are defined earlier; furthermore
    I've left out the redirects, but I've tested the first
    if-then-conditions and they work fine... Just the 'nothing' does not
    work):

    <%
    dim dsn
    dim conn
    dim rsMOS
    dim strSQL

    dsn="dsn=VWG"

    set Conn = Server.CreateObject("ADODB.connection")
    Set rsMOS = Server.CreateObject("ADODB.Recordset")
    Conn.Open dsn
    strSQL = "SELECT usr FROM VWGusr WHERE pw='"&ww&"'"
    rsMOS.Open strSQL,Conn

    if (not rsMOS is nothing) and (Not (rsMOS.BOF And rsMOS.EOF)) and usr
    = "admin" then
    response.write("User is admin<br>")
    end if

    if (not rsMOS is nothing) and (Not (rsMOS.BOF And rsMOS.EOF)) Then
    response.write("User is present in DB<br>")
    end if

    if rsMOS is nothing Then
    response.write("Usernot present, should redirect to
    VWGloginAgain...<br>")
    end if

    rsMOS.close
    set rsMOS = nothing
    conn.close
    set conn = nothing

    %>
     
    Avlan, Jan 10, 2006
    #1
    1. Advertising

  2. Avlan wrote:
    > Hi,
    >
    > I'm pretty new with ASP-coding, but I got a simple login working. I
    > let the user enter a username and password and through a
    > SQL-statement I check if there is a corresponding password in the
    > database (Yes I know, not very good security but for the moment it's
    > enough). Problem is that when I enter a false user/password, I want
    > the code to redirect to another .asp-page which states the user is
    > not valid. Problem lies within the statement "if rsMOS is nothing
    > then response.redirect "VWGloginAgain.asp" ". Somehow, the code does
    > not return 'nothing' but something else.


    rsMOS will probably not be "nothing". Its EOF property will be true if it
    did not receive any records from the sql statement you used. The only thing
    you need to check for is EOF

    Bob Barrows

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
     
    Bob Barrows [MVP], Jan 10, 2006
    #2
    1. Advertising

  3. Avlan

    Avlan Guest

    Thx, that did the trick. :)
     
    Avlan, Jan 10, 2006
    #3
  4. Avlan

    Guest

    >I'm pretty new with ASP-coding, but I got a simple login working. I let
    >the user enter a username and password and through a SQL-statement I
    >check if there is a corresponding password in the database (Yes I know,
    >not very good security but for the moment it's enough).


    Seems like normal login security to me unless of course you want the
    login page to use SSL and thus start with https:// instead of http://
    and that of course would require a certificate.

    And for a related link:

    Classic ASP Design Tips - Login Page
    http://www.bullschmidt.com/devtip-loginpage.asp

    Best regards,
    J. Paul Schmidt, Freelance Web and Database Developer
    http://www.Bullschmidt.com
    Access Database Sample, Web Database Sample, ASP Design Tips
     
    , Jan 10, 2006
    #4
  5. Avlan

    Avlan Guest

    Well it WOULD be normal security if I would actually check the
    username-password combination... At this point I only check the if the
    submitted password is in the DB, regardless of username ;-)
     
    Avlan, Jan 11, 2006
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bill Green

    &nbsp; in a ListItem doesn't seem to work

    Bill Green, Feb 6, 2004, in forum: ASP .Net
    Replies:
    2
    Views:
    434
    vMike
    Feb 7, 2004
  2. Garrett
    Replies:
    4
    Views:
    4,840
    Garrett
    Dec 2, 2004
  3. tshad
    Replies:
    3
    Views:
    528
    MWells
    Jan 26, 2005
  4. Wiseguy
    Replies:
    2
    Views:
    340
    Jonathan Turkanis
    Jan 18, 2004
  5. Devin Jeanpierre
    Replies:
    2
    Views:
    511
    Devin Jeanpierre
    Feb 14, 2012
Loading...

Share This Page