I have no clue what"s wrong

The code below does not assign any value to "checkpassword" no matter what
values are passed to the function. I have used Response.Write on all the
values including the "user" table values and all values are valid. I have no
clue what's wrong. Can someone provide some help?

FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )

sqlString = "SELECT user_id, user_email, user_password FROM users " &_

"WHERE user_email='" & useremail & "'"

SET RS = Con.Execute( sqlString )

IF RS.EOF THEN

checkpassword = - 1

ELSEIF RS( "user_password" ) = "" THEN

checkpassword = - 2

ELSEIF RS( "user_password" ) <> password THEN

checkpassword = - 3

ELSEIF RS( "user_password" ) = password THEN

checkpassword = RS( "user_id" )

ELSE

END IF

END FUNCTION

Re: I have no clue what"s wrong

First thing to do is work out where you code is falling to. If you do not
have a debugger, we can use Response.Write() statements.

Also, removed the extraneous spaces between your values and your negative
(-) symbols
Lastly - don't forget to clean up your objects before exiting the routine

Function checkpassword(byVal useremail, byVal password, byRef Con)

Dim sqlString
Dim objRS

sqlString = _
"SELECT user_id, user_password "
"FROM users " &_
"WHERE user_email='" & useremail & "'"

Set objRS = Con.Execute( sqlString )

If objRS.EOF then

checkpassword = -1
Response.Write("-1
")

ElseIf objRS( "user_password" ) = "" then

checkpassword = -2
Response.Write("-2
")

ElseIf objRS("user_password" ) <> password then

checkpassword = -3
Response.Write("-3
")

ElseIf objRS( "user_password" ) = password then

checkpassword = RS( "user_id" )
Response.Write("-4
")

Else

Response.Write("-5
")

End If

objRS.Close
Set objRS = Nothing

End Function


Cheeers
Ken

wrote in message
news:e8szuQNsEHA.2664@TK2MSFTNGP12.phx.gbl...
> The code below does not assign any value to "checkpassword" no matter what
> values are passed to the function. I have used Response.Write on all the
> values including the "user" table values and all values are valid. I have
> no clue what's wrong. Can someone provide some help?
>
> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )
>
> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>
> "WHERE user_email='" & useremail & "'"
>
> SET RS = Con.Execute( sqlString )
>
> IF RS.EOF THEN
>
> checkpassword = - 1
>
> ELSEIF RS( "user_password" ) = "" THEN
>
> checkpassword = - 2
>
> ELSEIF RS( "user_password" ) <> password THEN
>
> checkpassword = - 3
>
> ELSEIF RS( "user_password" ) = password THEN
>
> checkpassword = RS( "user_id" )
>
> ELSE
>
> END IF
>
> END FUNCTION
>
>

Re: I have no clue what"s wrong

Typo in my code:

"SELECT user_id, user_password "

should be

"SELECT user_id, user_password " & _

Cheers
Ken

"Ken Schaefer" wrote in message
news:uKF9o5NsEHA.2252@TK2MSFTNGP11.phx.gbl...
> First thing to do is work out where you code is falling to. If you do not
> have a debugger, we can use Response.Write() statements.
>
> Also, removed the extraneous spaces between your values and your negative
> (-) symbols
> Lastly - don't forget to clean up your objects before exiting the routine
>
> Function checkpassword(byVal useremail, byVal password, byRef Con)
>
> Dim sqlString
> Dim objRS
>
> sqlString = _
> "SELECT user_id, user_password "
> "FROM users " &_
> "WHERE user_email='" & useremail & "'"
>
> Set objRS = Con.Execute( sqlString )
>
> If objRS.EOF then
>
> checkpassword = -1
> Response.Write("-1
")
>
> ElseIf objRS( "user_password" ) = "" then
>
> checkpassword = -2
> Response.Write("-2
")
>
> ElseIf objRS("user_password" ) <> password then
>
> checkpassword = -3
> Response.Write("-3
")
>
> ElseIf objRS( "user_password" ) = password then
>
> checkpassword = RS( "user_id" )
> Response.Write("-4
")
>
> Else
>
> Response.Write("-5
")
>
> End If
>
> objRS.Close
> Set objRS = Nothing
>
> End Function
>
>
> Cheeers
> Ken
>
> wrote in message
> news:e8szuQNsEHA.2664@TK2MSFTNGP12.phx.gbl...
>> The code below does not assign any value to "checkpassword" no matter
>> what values are passed to the function. I have used Response.Write on all
>> the values including the "user" table values and all values are valid. I
>> have no clue what's wrong. Can someone provide some help?
>>
>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )
>>
>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>>
>> "WHERE user_email='" & useremail & "'"
>>
>> SET RS = Con.Execute( sqlString )
>>
>> IF RS.EOF THEN
>>
>> checkpassword = - 1
>>
>> ELSEIF RS( "user_password" ) = "" THEN
>>
>> checkpassword = - 2
>>
>> ELSEIF RS( "user_password" ) <> password THEN
>>
>> checkpassword = - 3
>>
>> ELSEIF RS( "user_password" ) = password THEN
>>
>> checkpassword = RS( "user_id" )
>>
>> ELSE
>>
>> END IF
>>
>> END FUNCTION
>>
>>
>
>

Re: I have no clue what"s wrong

I have made all the changes you suggested in the following code:

FUNCTION checkpassword(byVal useremail,byVal password,byRef Con)

Dim sqlString

Dim RSuser

sqlString = "SELECT user_id, user_email, user_password FROM users " &_

"WHERE user_email='" & useremail & "'"

SET RSuser = Con.Execute( sqlString )

Response.Write "user_id = "

Response.Write RSuser( "user_id" )

Response.Write "user_email = "

Response.Write RSuser( "user_email" )

Response.Write "user_password = "

Response.Write RSuser( "user_password" )

Response.Write "useremail = "

Response.Write useremail

Response.Write "password = "

Response.Write password

IF RSuser.EOF THEN

checkpassword = -1

ELSEIF RSuser( "user_password" ) = "" THEN

checkpassword = -2

ELSEIF RSuser( "user_password" ) <> password THEN

checkpassword = -3

ELSEIF RSuser( "user_password" ) = password THEN

checkpassword = RSuser( "user_id" )

ELSE

END IF

RSuser.Close

SET RSuser = Nothing

END FUNCTION

Here is the program that calls "checkpassword":



<%

' Get Login Information

useremail = TRIM( Request.Form( "useremail" ) )

password = TRIM( Request.Form( "password" ) )

' Open Database Connection

Set Con = Server.CreateObject( "ADODB.Connection" )

Con.Open "accessDSN"

' Get User ID

userID = checkpassword(useremail, password, Con)

Response.Write "userID = "

Response.Write userID

Response.End

%>

There is still no value assigned to "checkpassword"



"Ken Schaefer" wrote in message
news:%23U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl...
> Typo in my code:
>
> "SELECT user_id, user_password "
>
> should be
>
> "SELECT user_id, user_password " & _
>
> Cheers
> Ken
>
> "Ken Schaefer" wrote in message
> news:uKF9o5NsEHA.2252@TK2MSFTNGP11.phx.gbl...
>> First thing to do is work out where you code is falling to. If you do not
>> have a debugger, we can use Response.Write() statements.
>>
>> Also, removed the extraneous spaces between your values and your negative
>> (-) symbols
>> Lastly - don't forget to clean up your objects before exiting the routine
>>
>> Function checkpassword(byVal useremail, byVal password, byRef Con)
>>
>> Dim sqlString
>> Dim objRS
>>
>> sqlString = _
>> "SELECT user_id, user_password "
>> "FROM users " &_
>> "WHERE user_email='" & useremail & "'"
>>
>> Set objRS = Con.Execute( sqlString )
>>
>> If objRS.EOF then
>>
>> checkpassword = -1
>> Response.Write("-1
")
>>
>> ElseIf objRS( "user_password" ) = "" then
>>
>> checkpassword = -2
>> Response.Write("-2
")
>>
>> ElseIf objRS("user_password" ) <> password then
>>
>> checkpassword = -3
>> Response.Write("-3
")
>>
>> ElseIf objRS( "user_password" ) = password then
>>
>> checkpassword = RS( "user_id" )
>> Response.Write("-4
")
>>
>> Else
>>
>> Response.Write("-5
")
>>
>> End If
>>
>> objRS.Close
>> Set objRS = Nothing
>>
>> End Function
>>
>>
>> Cheeers
>> Ken
>>
>> wrote in message
>> news:e8szuQNsEHA.2664@TK2MSFTNGP12.phx.gbl...
>>> The code below does not assign any value to "checkpassword" no matter
>>> what values are passed to the function. I have used Response.Write on
>>> all the values including the "user" table values and all values are
>>> valid. I have no clue what's wrong. Can someone provide some help?
>>>
>>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )
>>>
>>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>>>
>>> "WHERE user_email='" & useremail & "'"
>>>
>>> SET RS = Con.Execute( sqlString )
>>>
>>> IF RS.EOF THEN
>>>
>>> checkpassword = - 1
>>>
>>> ELSEIF RS( "user_password" ) = "" THEN
>>>
>>> checkpassword = - 2
>>>
>>> ELSEIF RS( "user_password" ) <> password THEN
>>>
>>> checkpassword = - 3
>>>
>>> ELSEIF RS( "user_password" ) = password THEN
>>>
>>> checkpassword = RS( "user_id" )
>>>
>>> ELSE
>>>
>>> END IF
>>>
>>> END FUNCTION
>>>
>>>
>>
>>
>
>

Re: I have no clue what"s wrong

You made none of the relevant changes.

Please look at the code I supplied again. Notice that I put in a number of
Response.Write() statements inside each of the possible conditions? You need
to find out where the code is falling to. For example, if your code matches
none of your conditions, it's going to fall to your empty ELSE clause, and
no value will be assigned to checkpassword.

Please use the code I supplied and check the resulting output you see on the
screen. Please do not post here saying that you have implemented the
recommended changes if you haven't.

Thankyou

Cheers
Ken

wrote in message
news:uRXK3LZsEHA.1272@TK2MSFTNGP12.phx.gbl...
>I have made all the changes you suggested in the following code:
>
> FUNCTION checkpassword(byVal useremail,byVal password,byRef Con)
>
> Dim sqlString
>
> Dim RSuser
>
> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>
> "WHERE user_email='" & useremail & "'"
>
> SET RSuser = Con.Execute( sqlString )
>
> Response.Write "user_id = "
>
> Response.Write RSuser( "user_id" )
>
> Response.Write "user_email = "
>
> Response.Write RSuser( "user_email" )
>
> Response.Write "user_password = "
>
> Response.Write RSuser( "user_password" )
>
> Response.Write "useremail = "
>
> Response.Write useremail
>
> Response.Write "password = "
>
> Response.Write password
>
> IF RSuser.EOF THEN
>
> checkpassword = -1
>
> ELSEIF RSuser( "user_password" ) = "" THEN
>
> checkpassword = -2
>
> ELSEIF RSuser( "user_password" ) <> password THEN
>
> checkpassword = -3
>
> ELSEIF RSuser( "user_password" ) = password THEN
>
> checkpassword = RSuser( "user_id" )
>
> ELSE
>
> END IF
>
> RSuser.Close
>
> SET RSuser = Nothing
>
> END FUNCTION
>
> Here is the program that calls "checkpassword":
>
>
>
> <%
>
> ' Get Login Information
>
> useremail = TRIM( Request.Form( "useremail" ) )
>
> password = TRIM( Request.Form( "password" ) )
>
> ' Open Database Connection
>
> Set Con = Server.CreateObject( "ADODB.Connection" )
>
> Con.Open "accessDSN"
>
> ' Get User ID
>
> userID = checkpassword(useremail, password, Con)
>
> Response.Write "userID = "
>
> Response.Write userID
>
> Response.End
>
> %>
>
> There is still no value assigned to "checkpassword"
>
>
>
> "Ken Schaefer" wrote in message
> news:%23U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl...
>> Typo in my code:
>>
>> "SELECT user_id, user_password "
>>
>> should be
>>
>> "SELECT user_id, user_password " & _
>>
>> Cheers
>> Ken
>>
>> "Ken Schaefer" wrote in message
>> news:uKF9o5NsEHA.2252@TK2MSFTNGP11.phx.gbl...
>>> First thing to do is work out where you code is falling to. If you do
>>> not have a debugger, we can use Response.Write() statements.
>>>
>>> Also, removed the extraneous spaces between your values and your
>>> negative (-) symbols
>>> Lastly - don't forget to clean up your objects before exiting the
>>> routine
>>>
>>> Function checkpassword(byVal useremail, byVal password, byRef Con)
>>>
>>> Dim sqlString
>>> Dim objRS
>>>
>>> sqlString = _
>>> "SELECT user_id, user_password "
>>> "FROM users " &_
>>> "WHERE user_email='" & useremail & "'"
>>>
>>> Set objRS = Con.Execute( sqlString )
>>>
>>> If objRS.EOF then
>>>
>>> checkpassword = -1
>>> Response.Write("-1
")
>>>
>>> ElseIf objRS( "user_password" ) = "" then
>>>
>>> checkpassword = -2
>>> Response.Write("-2
")
>>>
>>> ElseIf objRS("user_password" ) <> password then
>>>
>>> checkpassword = -3
>>> Response.Write("-3
")
>>>
>>> ElseIf objRS( "user_password" ) = password then
>>>
>>> checkpassword = RS( "user_id" )
>>> Response.Write("-4
")
>>>
>>> Else
>>>
>>> Response.Write("-5
")
>>>
>>> End If
>>>
>>> objRS.Close
>>> Set objRS = Nothing
>>>
>>> End Function
>>>
>>>
>>> Cheeers
>>> Ken
>>>
>>> wrote in message
>>> news:e8szuQNsEHA.2664@TK2MSFTNGP12.phx.gbl...
>>>> The code below does not assign any value to "checkpassword" no matter
>>>> what values are passed to the function. I have used Response.Write on
>>>> all the values including the "user" table values and all values are
>>>> valid. I have no clue what's wrong. Can someone provide some help?
>>>>
>>>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )
>>>>
>>>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>>>>
>>>> "WHERE user_email='" & useremail & "'"
>>>>
>>>> SET RS = Con.Execute( sqlString )
>>>>
>>>> IF RS.EOF THEN
>>>>
>>>> checkpassword = - 1
>>>>
>>>> ELSEIF RS( "user_password" ) = "" THEN
>>>>
>>>> checkpassword = - 2
>>>>
>>>> ELSEIF RS( "user_password" ) <> password THEN
>>>>
>>>> checkpassword = - 3
>>>>
>>>> ELSEIF RS( "user_password" ) = password THEN
>>>>
>>>> checkpassword = RS( "user_id" )
>>>>
>>>> ELSE
>>>>
>>>> END IF
>>>>
>>>> END FUNCTION
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Re: I have no clue what"s wrong

this is not related to your original problem (see Ken's responses) but any
time you build a SQL statement from user input you need to allow for the
possibility of embedded single quotes to avoid SQL Injection attacks.

WHERE user_email='" & Replace(useremail,"'","''") & ...

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com


wrote in message
news:uRXK3LZsEHA.1272@TK2MSFTNGP12.phx.gbl...
> I have made all the changes you suggested in the following code:
>
> FUNCTION checkpassword(byVal useremail,byVal password,byRef Con)
>
> Dim sqlString
>
> Dim RSuser
>
> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
>
> "WHERE user_email='" & useremail & "'"
>
> SET RSuser = Con.Execute( sqlString )
>
> Response.Write "user_id = "
>
> Response.Write RSuser( "user_id" )
>
> Response.Write "user_email = "
>
> Response.Write RSuser( "user_email" )
>
> Response.Write "user_password = "
>
> Response.Write RSuser( "user_password" )
>
> Response.Write "useremail = "
>
> Response.Write useremail
>
> Response.Write "password = "
>
> Response.Write password
>
> IF RSuser.EOF THEN
>
> checkpassword = -1
>
> ELSEIF RSuser( "user_password" ) = "" THEN
>
> checkpassword = -2
>
> ELSEIF RSuser( "user_password" ) <> password THEN
>
> checkpassword = -3
>
> ELSEIF RSuser( "user_password" ) = password THEN
>
> checkpassword = RSuser( "user_id" )
>
> ELSE
>
> END IF
>
> RSuser.Close
>
> SET RSuser = Nothing
>
> END FUNCTION
>
> Here is the program that calls "checkpassword":
>
>
>
> <%
>
> ' Get Login Information
>
> useremail = TRIM( Request.Form( "useremail" ) )
>
> password = TRIM( Request.Form( "password" ) )
>
> ' Open Database Connection
>
> Set Con = Server.CreateObject( "ADODB.Connection" )
>
> Con.Open "accessDSN"
>
> ' Get User ID
>
> userID = checkpassword(useremail, password, Con)
>
> Response.Write "userID = "
>
> Response.Write userID
>
> Response.End
>
> %>
>
> There is still no value assigned to "checkpassword"
>
>
>
> "Ken Schaefer" wrote in message
> news:%23U94whOsEHA.2316@TK2MSFTNGP12.phx.gbl...
> > Typo in my code:
> >
> > "SELECT user_id, user_password "
> >
> > should be
> >
> > "SELECT user_id, user_password " & _
> >
> > Cheers
> > Ken
> >
> > "Ken Schaefer" wrote in message
> > news:uKF9o5NsEHA.2252@TK2MSFTNGP11.phx.gbl...
> >> First thing to do is work out where you code is falling to. If you do
not
> >> have a debugger, we can use Response.Write() statements.
> >>
> >> Also, removed the extraneous spaces between your values and your
negative
> >> (-) symbols
> >> Lastly - don't forget to clean up your objects before exiting the
routine
> >>
> >> Function checkpassword(byVal useremail, byVal password, byRef Con)
> >>
> >> Dim sqlString
> >> Dim objRS
> >>
> >> sqlString = _
> >> "SELECT user_id, user_password "
> >> "FROM users " &_
> >> "WHERE user_email='" & useremail & "'"
> >>
> >> Set objRS = Con.Execute( sqlString )
> >>
> >> If objRS.EOF then
> >>
> >> checkpassword = -1
> >> Response.Write("-1
")
> >>
> >> ElseIf objRS( "user_password" ) = "" then
> >>
> >> checkpassword = -2
> >> Response.Write("-2
")
> >>
> >> ElseIf objRS("user_password" ) <> password then
> >>
> >> checkpassword = -3
> >> Response.Write("-3
")
> >>
> >> ElseIf objRS( "user_password" ) = password then
> >>
> >> checkpassword = RS( "user_id" )
> >> Response.Write("-4
")
> >>
> >> Else
> >>
> >> Response.Write("-5
")
> >>
> >> End If
> >>
> >> objRS.Close
> >> Set objRS = Nothing
> >>
> >> End Function
> >>
> >>
> >> Cheeers
> >> Ken
> >>
> >> wrote in message
> >> news:e8szuQNsEHA.2664@TK2MSFTNGP12.phx.gbl...
> >>> The code below does not assign any value to "checkpassword" no matter
> >>> what values are passed to the function. I have used Response.Write on
> >>> all the values including the "user" table values and all values are
> >>> valid. I have no clue what's wrong. Can someone provide some help?
> >>>
> >>> FUNCTION checkpassword( byVal useremail, byVal password, byRef Con )
> >>>
> >>> sqlString = "SELECT user_id, user_email, user_password FROM users " &_
> >>>
> >>> "WHERE user_email='" & useremail & "'"
> >>>
> >>> SET RS = Con.Execute( sqlString )
> >>>
> >>> IF RS.EOF THEN
> >>>
> >>> checkpassword = - 1
> >>>
> >>> ELSEIF RS( "user_password" ) = "" THEN
> >>>
> >>> checkpassword = - 2
> >>>
> >>> ELSEIF RS( "user_password" ) <> password THEN
> >>>
> >>> checkpassword = - 3
> >>>
> >>> ELSEIF RS( "user_password" ) = password THEN
> >>>
> >>> checkpassword = RS( "user_id" )
> >>>
> >>> ELSE
> >>>
> >>> END IF
> >>>
> >>> END FUNCTION
> >>>
> >>>
> >>
> >>
> >
> >
>
>