ASP Error Handling (conn.Open) (ADODB.Connection)

I have an ASP file (shown below) which I call from an HTM page to query a
database table. It works correctly if I pass it the correct connection
string. I am trying to make it fail with a proper error message if I change
the UserID value in my connection string to a non-existing user (as an
example). Therefore, it should fail on the conn.Open line and give me some
sort of connection error message in Err.Description. But I get an "Operation
is not allowed when the object is closed" message which sounds like it is
coming from a line which runs after the conn.Open line. I tried commenting
everything between the conn.Open line and conn.Close line and I still receive
the same message. If I comment out the conn.Close line, the ASP file fails
all together on the xml.Send() line in the HTM page.

I tried to put an [if Err.Number <> 0 then] line right after the conn.Open
line, but the ASP file fails altogether when I do that.

Any ideas which line is producing the error message and how I can get a
proper error message from the conn.Open line?

Thanks,
Bill

-----------------------------------------------------------
// THIS IS PART OF MY WebLogin.htm FILE USING JAVASCRIPT.

var xml = new ActiveXObject("Microsoft.XMLHTTP");
xml.Open( "GET", "WebLogin.asp", false );
xml.setRequestHeader('ConnectionString', sConnect);
xml.setRequestHeader('Username', f.LogNamTbx.value);
xml.setRequestHeader('Password', f.PasswdTbx.value);
xml.setRequestHeader('TablePrefix', sTablePrefix);
xml.Send();
try {eval(xml.responseText);}
catch(e){if(e instanceof Error) {alert("Error encountered when evaluating
the [WebLogin.asp] page. Error message: " + e.message)}}

if (f.Result2.value != "")
alert("Error: " + f.Result2.value);

-----------------------------------------------------------

<%
' THIS IS MY WebLogin.asp FILE USING VBSCRIPT.

' Turn On Error Handling
On Error Resume Next

dim sUser
dim sPwd
dim conn
dim rs
dim success
dim sTblPrefix
dim sConn
dim FName
dim LName
dim sEmail
dim errormsg

errormsg = ""
success = false

sConn = Request.ServerVariables("HTTP_ConnectionString")
sUser = Request.ServerVariables("HTTP_Username")
sPwd = Request.ServerVariables("HTTP_Password")
sTblPrefix = Request.ServerVariables("HTTP_TablePrefix")

Set conn = Server.CreateObject("ADODB.Connection")
conn.Open sConn

Set rs = conn.Execute("SELECT First_Name, Last_Name, Email, Password FROM "
& sTblPrefix & "CT_LOGON_NAMES WHERE Name = '" & sUser & "'")
if not rs.eof then
if rs("Password") = sPwd then
success = true
FName = rs("First_Name")
LName = rs("Last_Name")
sEmail = rs("Email")
end if
rs.close
end if

conn.Close
Set conn = Nothing

' Error Handler
if Err.Number <> 0 then
success = false
'errormsg = Err.Number & " - " & Err.Source & " - " & Err.Line & " - " &
Err.Description
errormsg = Err.Number & " - " & Err.Source & " - " & Err.Description
end if

%>
var ele;
ele = document.getElementById("Result");
ele.value = "<%=success%>";
ele = document.getElementById("Result2");
ele.value = "<%=errormsg%>";
ele = document.getElementById("FirstName");
ele.value = "<%=FName%>";
ele = document.getElementById("LastName");
ele.value = "<%=LName%>";
ele = document.getElementById("RequestorsEmailAddress");
ele.value = "<%=sEmail%>";

Re: ASP Error Handling (conn.Open) (ADODB.Connection)

"Bill Anagnostos" wrote in
message news:D2826B45-8EA9-4C1C-A665-FE9126EFB1A9@microsoft.com...
> I have an ASP file (shown below) which I call from an HTM page to query a
> database table. It works correctly if I pass it the correct connection
> string. I am trying to make it fail with a proper error message if I
change
> the UserID value in my connection string to a non-existing user (as an
> example). Therefore, it should fail on the conn.Open line and give me
some
> sort of connection error message in Err.Description. But I get an
"Operation
> is not allowed when the object is closed" message which sounds like it is
> coming from a line which runs after the conn.Open line. I tried
commenting
> everything between the conn.Open line and conn.Close line and I still
receive
> the same message. If I comment out the conn.Close line, the ASP file
fails
> all together on the xml.Send() line in the HTM page.
>
> I tried to put an [if Err.Number <> 0 then] line right after the conn.Open
> line, but the ASP file fails altogether when I do that.
>
> Any ideas which line is producing the error message and how I can get a
> proper error message from the conn.Open line?
>
> Thanks,
> Bill
>
> -----------------------------------------------------------
> // THIS IS PART OF MY WebLogin.htm FILE USING JAVASCRIPT.
>
> var xml = new ActiveXObject("Microsoft.XMLHTTP");
> xml.Open( "GET", "WebLogin.asp", false );
> xml.setRequestHeader('ConnectionString', sConnect);
> xml.setRequestHeader('Username', f.LogNamTbx.value);
> xml.setRequestHeader('Password', f.PasswdTbx.value);
> xml.setRequestHeader('TablePrefix', sTablePrefix);
> xml.Send();
> try {eval(xml.responseText);}
> catch(e){if(e instanceof Error) {alert("Error encountered when evaluating
> the [WebLogin.asp] page. Error message: " + e.message)}}
>
> if (f.Result2.value != "")
> alert("Error: " + f.Result2.value);
>
> -----------------------------------------------------------
>
> <%
> ' THIS IS MY WebLogin.asp FILE USING VBSCRIPT.
>
> ' Turn On Error Handling
> On Error Resume Next
>
> dim sUser
> dim sPwd
> dim conn
> dim rs
> dim success
> dim sTblPrefix
> dim sConn
> dim FName
> dim LName
> dim sEmail
> dim errormsg
>
> errormsg = ""
> success = false
>
> sConn = Request.ServerVariables("HTTP_ConnectionString")
> sUser = Request.ServerVariables("HTTP_Username")
> sPwd = Request.ServerVariables("HTTP_Password")
> sTblPrefix = Request.ServerVariables("HTTP_TablePrefix")
>
> Set conn = Server.CreateObject("ADODB.Connection")
> conn.Open sConn
>
> Set rs = conn.Execute("SELECT First_Name, Last_Name, Email, Password FROM
"
> & sTblPrefix & "CT_LOGON_NAMES WHERE Name = '" & sUser & "'")
> if not rs.eof then
> if rs("Password") = sPwd then
> success = true
> FName = rs("First_Name")
> LName = rs("Last_Name")
> sEmail = rs("Email")
> end if
> rs.close
> end if
>
> conn.Close
> Set conn = Nothing
>
> ' Error Handler
> if Err.Number <> 0 then
> success = false
> 'errormsg = Err.Number & " - " & Err.Source & " - " & Err.Line & " - " &
> Err.Description
> errormsg = Err.Number & " - " & Err.Source & " - " & Err.Description
> end if
>
> %>
> var ele;
> ele = document.getElementById("Result");
> ele.value = "<%=success%>";
> ele = document.getElementById("Result2");
> ele.value = "<%=errormsg%>";
> ele = document.getElementById("FirstName");
> ele.value = "<%=FName%>";
> ele = document.getElementById("LastName");
> ele.value = "<%=LName%>";
> ele = document.getElementById("RequestorsEmailAddress");
> ele.value = "<%=sEmail%>";
>


I really don't know where to start ??

Sending a connection string over http to a server?
Creation of HTTP headers with arbitary names?
Evaluating JScript in response rather simply sending back XML?
Please tell me you intend to send this over HTTPS at least?
" ASP file fails altogether "? Huh??

It's quite insane.

As to your specific question. First change the normal response to be XML.
Then add a custom 500.100 error page for WebLogin.asp to generate XML that
contains the error info you want to display. Get Javascript at the other
end to use the resulting XML to make the appropriate changes to the document
or display a message.

While you are at it store the connection string on the Server and encode the
rest of the info you need in XML. Use POST to send this xml to the
WebLogin.asp and stop mucking about with HTTP headers.

Don't contactenate data sent from the client into a SQL string (Google SQL
Injection Attacks).

Hopefully you intend to use HTTPS to for this exhange. If not don't send
password in the clear use a hash instead. (Google Javascript SHA1 and
Nonce)

Anthony.

Re: ASP Error Handling (conn.Open) (ADODB.Connection)

"Anthony Jones" wrote:

>
> "Bill Anagnostos" wrote in
> message news:D2826B45-8EA9-4C1C-A665-FE9126EFB1A9@microsoft.com...
> > I have an ASP file (shown below) which I call from an HTM page to query a
> > database table. It works correctly if I pass it the correct connection
> > string. I am trying to make it fail with a proper error message if I
> change
> > the UserID value in my connection string to a non-existing user (as an
> > example). Therefore, it should fail on the conn.Open line and give me
> some
> > sort of connection error message in Err.Description. But I get an
> "Operation
> > is not allowed when the object is closed" message which sounds like it is
> > coming from a line which runs after the conn.Open line. I tried
> commenting
> > everything between the conn.Open line and conn.Close line and I still
> receive
> > the same message. If I comment out the conn.Close line, the ASP file
> fails
> > all together on the xml.Send() line in the HTM page.
> >
> > I tried to put an [if Err.Number <> 0 then] line right after the conn.Open
> > line, but the ASP file fails altogether when I do that.
> >
> > Any ideas which line is producing the error message and how I can get a
> > proper error message from the conn.Open line?
> >
> > Thanks,
> > Bill
> >
> > -----------------------------------------------------------
> > // THIS IS PART OF MY WebLogin.htm FILE USING JAVASCRIPT.
> >
> > var xml = new ActiveXObject("Microsoft.XMLHTTP");
> > xml.Open( "GET", "WebLogin.asp", false );
> > xml.setRequestHeader('ConnectionString', sConnect);
> > xml.setRequestHeader('Username', f.LogNamTbx.value);
> > xml.setRequestHeader('Password', f.PasswdTbx.value);
> > xml.setRequestHeader('TablePrefix', sTablePrefix);
> > xml.Send();
> > try {eval(xml.responseText);}
> > catch(e){if(e instanceof Error) {alert("Error encountered when evaluating
> > the [WebLogin.asp] page. Error message: " + e.message)}}
> >
> > if (f.Result2.value != "")
> > alert("Error: " + f.Result2.value);
> >
> > -----------------------------------------------------------
> >
> > <%
> > ' THIS IS MY WebLogin.asp FILE USING VBSCRIPT.
> >
> > ' Turn On Error Handling
> > On Error Resume Next
> >
> > dim sUser
> > dim sPwd
> > dim conn
> > dim rs
> > dim success
> > dim sTblPrefix
> > dim sConn
> > dim FName
> > dim LName
> > dim sEmail
> > dim errormsg
> >
> > errormsg = ""
> > success = false
> >
> > sConn = Request.ServerVariables("HTTP_ConnectionString")
> > sUser = Request.ServerVariables("HTTP_Username")
> > sPwd = Request.ServerVariables("HTTP_Password")
> > sTblPrefix = Request.ServerVariables("HTTP_TablePrefix")
> >
> > Set conn = Server.CreateObject("ADODB.Connection")
> > conn.Open sConn
> >
> > Set rs = conn.Execute("SELECT First_Name, Last_Name, Email, Password FROM
> "
> > & sTblPrefix & "CT_LOGON_NAMES WHERE Name = '" & sUser & "'")
> > if not rs.eof then
> > if rs("Password") = sPwd then
> > success = true
> > FName = rs("First_Name")
> > LName = rs("Last_Name")
> > sEmail = rs("Email")
> > end if
> > rs.close
> > end if
> >
> > conn.Close
> > Set conn = Nothing
> >
> > ' Error Handler
> > if Err.Number <> 0 then
> > success = false
> > 'errormsg = Err.Number & " - " & Err.Source & " - " & Err.Line & " - " &
> > Err.Description
> > errormsg = Err.Number & " - " & Err.Source & " - " & Err.Description
> > end if
> >
> > %>
> > var ele;
> > ele = document.getElementById("Result");
> > ele.value = "<%=success%>";
> > ele = document.getElementById("Result2");
> > ele.value = "<%=errormsg%>";
> > ele = document.getElementById("FirstName");
> > ele.value = "<%=FName%>";
> > ele = document.getElementById("LastName");
> > ele.value = "<%=LName%>";
> > ele = document.getElementById("RequestorsEmailAddress");
> > ele.value = "<%=sEmail%>";
> >
>
>
> I really don't know where to start ??
>
> Sending a connection string over http to a server?
> Creation of HTTP headers with arbitary names?
> Evaluating JScript in response rather simply sending back XML?
> Please tell me you intend to send this over HTTPS at least?
> " ASP file fails altogether "? Huh??
>
> It's quite insane.
>
> As to your specific question. First change the normal response to be XML.
> Then add a custom 500.100 error page for WebLogin.asp to generate XML that
> contains the error info you want to display. Get Javascript at the other
> end to use the resulting XML to make the appropriate changes to the document
> or display a message.
>
> While you are at it store the connection string on the Server and encode the
> rest of the info you need in XML. Use POST to send this xml to the
> WebLogin.asp and stop mucking about with HTTP headers.
>
> Don't contactenate data sent from the client into a SQL string (Google SQL
> Injection Attacks).
>
> Hopefully you intend to use HTTPS to for this exhange. If not don't send
> password in the clear use a hash instead. (Google Javascript SHA1 and
> Nonce)
>
> Anthony.
>
>
>
>


Anthony,

Thank you for the SQL Injection Attacks, SHA1, and Nonce info. It will be
very helpful in the near future.

This solution is a temporary solution until we build a more robust proper
application. It will also run within a company's intranet and will not
receive too much traffic. I will soon after add some of your suggestions.
Thanks.

I was more concerned with retrieving the initial error code from the first
line that caused an error instead of from a line below this first line. I
added an [if Err.Number <> 0] right after the conn.Open line (as seen below)
and I am now receiving the proper error code number and source from the first
error. Yesterday for some reason this [if Err.Number <> 0] statement was not
working properly when I placed it there.

I found out that a client of mine was not using the correct Provider in
their connection string by Googling [Err.Number = 3706]. I confirmed it on
my test server by putting in an invalid Provider name and received the same
3706 error.

QUESTION:
=======
Now my question is why does Err.Description not work? If I uncomment that
line, then the asp file does not compile and I receive an error on the
xml.Send() line in my javascript HTM file.

Thanks,
Bill

------------------
dim gotError
gotError = 0

Set conn = Server.CreateObject("ADODB.Connection")
conn.Open sConn
if Err.Number <> 0 and gotError = 0 then
gotError = 1
success = false
errormsg = "Err.Number = " & Err.Number & ", "
errormsg = errormsg & "Err.Source = " & Err.Source & ", "
'errormsg = errormsg & "Err.Description = " & Err.Description
end if

Set rs = conn.Execute("SELECT First_Name, Last_Name, Email, Password FROM "
& sTblPrefix & "CT_LOGON_NAMES WHERE Name = '" & sUser & "'")
if Err.Number <> 0 and gotError = 0 then
gotError = 1
success = false
errormsg = "Err.Number = " & Err.Number & ", "
errormsg = errormsg & "Err.Source = " & Err.Source & ", "
'errormsg = errormsg & "Err.Description = " & Err.Description
end if

if not rs.eof then
.....
.....