E
Eugene Anthony
Is this method of validation for password and username considered to be
secured. In my previous post I was given a solution that uses command
object and the values are parsed by parameters. But the solution only
worked well for insert and delete, but not select.
<%
if Request.QueryString("Action") = 1 then
username = Trim(request.form("username"))
password = Trim(request.form("password"))
if username <> "" and password <> "" then
set conn = server.CreateObject("ADODB.Connection")
conn.connectionstring = "Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=" & Server.MapPath("/db/upload/stelladb.mdb") & ";"
conn.open
set rs = server.CreateObject("ADODB.Recordset")
sql = "SELECT Count(*) FROM Account WHERE username='" &
username & "' AND password='" & password & "'"
rs.open sql,conn,3,3
if rs.Fields(0) = 1 then
session("boolean") = "true"
response.redirect "main.asp"
else
session("boolean") = "false"
response.write "<center><font class='error'>Error: Invalid
Authentication</font></center><br><br>"
end if
conn.close
Set conn = nothing
end if
end if
%>
Eugene Anthony
secured. In my previous post I was given a solution that uses command
object and the values are parsed by parameters. But the solution only
worked well for insert and delete, but not select.
<%
if Request.QueryString("Action") = 1 then
username = Trim(request.form("username"))
password = Trim(request.form("password"))
if username <> "" and password <> "" then
set conn = server.CreateObject("ADODB.Connection")
conn.connectionstring = "Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=" & Server.MapPath("/db/upload/stelladb.mdb") & ";"
conn.open
set rs = server.CreateObject("ADODB.Recordset")
sql = "SELECT Count(*) FROM Account WHERE username='" &
username & "' AND password='" & password & "'"
rs.open sql,conn,3,3
if rs.Fields(0) = 1 then
session("boolean") = "true"
response.redirect "main.asp"
else
session("boolean") = "false"
response.write "<center><font class='error'>Error: Invalid
Authentication</font></center><br><br>"
end if
conn.close
Set conn = nothing
end if
end if
%>
Eugene Anthony