where clause

[mmarkym]

In this statement I'm getting back all recordsets instead of the ones called for. I've tried different quote options but still won't work

strUserName = request.form("user")

strPass = request.form("pass")


strQ = "Select user, pass from loginMinuteman where user = 'strUserName' and pass = 'strPass'

 

[FesterSXS]

try this instead...

strQ = "Select user, pass from loginMinuteman where user = '" & strUserName & "' and pass = '" & strPass & "';"

Tony

http://www.SpiraxSarco.com

 

[mmarkym]

I tried that with no luck. ???????

 

[jen89]

do a response.write on your strQ and post it here, please

 

[Kendel]

You might need to use Trim function:

strUserName = Trim(request.form("user"))
strPass = Trim(request.form("pass"))

strQ = "Select user, pass from loginMinuteman where Trim(user) = '" & strUserName & "' and Trim(pass) = '" & strPass & "'

 

[mmarkym]

Using the trim function got the same results and the response.write produced this-
Select user, pass from loginMinuteman where Trim(user) = 'name' and Trim(pass) = 'pass'

 

[Chopstik]

See if this will help:

strQ = "SELECT user, pass FROM loginMinuteman WHERE user = '" & Trim(strUserName) & "' AND pass = '" & Trim(strPass) & "'"

Incidentally, if you response.write your two variables, what are they? Based on the last post you have, it looks like your user variable = name and your password = pass. Is that what you are trying to return?

Also, the Trim() function simply removes spaces from the beginning or end of a variable, so am not sure if this is indeed what you are trying to accomplish.

------------------------------------------------------------------------------------------------------------------------
"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair."
--Dou

 

[mmarkym]

using response.write on the variables with rr as the input gets this output
rr rr

response.write on the select statement gets this output

SELECT user, pass FROM loginMinuteman WHERE user = 'rr' AND pass = 'rr'

 

[amorous]

try this too:

strQ = "Select user, pass from loginMinuteman where (user = '"&strUserName&"') and (pass ='"&strPass&"')"

shouldnt make much difference but give a shot.

VJ

 

[jen89]

One more thing - if you are using Oracle, it's case sensative. You would need to say

Upper(User) = "' Upper(strUserName) & "' "

I'm not sure if Upper() is the right VB script function, it might be toUpper() or something like that. If this applies to you, I'll let you check out the exact syntax

 

[Chopstik]

With the last result of your response.write statement that returned the following:

SELECT user, pass FROM loginMinuteman WHERE user = 'rr' AND pass = 'rr'

You can now copy and paste that into Query Analyzer, or whatever the equivalent is for the database that you are using, to ensure that it works. If it fails, then tweak it until you can get it to work and then you can change your ASP code accordingly.

If it works, then there is something else going on that will require further study.

------------------------------------------------------------------------------------------------------------------------
"The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at or repair."
--Dou