Here is the statement in question:
rsValidatePassword.setSQLText("SELECT CandidateContactInfo.* " _
& "FROM CandidateContactInfo " _
& "WHERE UserName='" & Request.QueryString("txtUserName"
& "'OR UserName='" & session("UserName" _
& "' AND Password='" & Request.QueryString("txtPassword" & "'OR Password='" & session("Password" & "'"
I intended to be able to offer two options for each username and password. Instead, the OR seems to be being applied to the password too, so that if the user enters just the username or just the password or the wrong password, the record comes up anyway.
What do I have to do to allow the username to be either from the querystring or the session variable and the password to be either from the querystring or the session variable but requiring both the correct username and password.
I hope that wasn't too wordy. Thanks for any help.
rsValidatePassword.setSQLText("SELECT CandidateContactInfo.* " _
& "FROM CandidateContactInfo " _
& "WHERE UserName='" & Request.QueryString("txtUserName"
& "'OR UserName='" & session("UserName" _& "' AND Password='" & Request.QueryString("txtPassword"
& "'OR Password='" & session("Password" & "'"I intended to be able to offer two options for each username and password. Instead, the OR seems to be being applied to the password too, so that if the user enters just the username or just the password or the wrong password, the record comes up anyway.
What do I have to do to allow the username to be either from the querystring or the session variable and the password to be either from the querystring or the session variable but requiring both the correct username and password.
I hope that wasn't too wordy. Thanks for any help.