Caroleb Caroleb - 1 year ago 54
SQL Question

double where statement in SQL and ASP

I am a little lost on how to incorporate TWO Where in my sql statement in my asp.
I am trying to get the userID and password entered previously and compare it with what I have in my database created on SQL:

I think my problem comes from my double quotation and single quotation.
UserID is a number in my database and Password is a short text.

var mycon = new ActiveXObject("ADODB.Connection");
var myrec = new ActiveXObject("ADODB.Recordset");
mycon.Open("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\\Users\\Omnivox.mdb");
var txtpassword = Request.QueryString("txtpassword");
var txtuserID = parseInt (Request.QueryString("txtuserID"));
var sql;
sql = "SELECT * FROM UserOmnivox WHERE UserID=" +txtuserID "AND UserPassword="'+txtpassword';
myrec.Open(sql, mycon);

thank you

Answer Source

If you'd done any kind of basic debugging, like LOOKING at the query string you're generating, you'd have seen this:

sql = "SELECT [..snip..] UserID=" +txtuserID "AND UserPassword="'+txtpassword
                                             ^^--- no space
                                              ^--- missing +

which produces

SELECT .... UserID=1234AND userPassword
                      ^^---syntax error, no such field '1234AND'

And then, yes, your quotes are wrong too

sql = "SELECT ... UserID=" +txtuserID "AND UserPassword="'+txtpassword
      ^------------------^-- one string
                                      ^-----------------^-- another string

It should be

sql = "SELECT * FROM UserOmnivox WHERE UserID=" +txtuserID + " AND UserPassword='" + txtpassword + "';";