Jump to content

passing value between asp files


Guest oranged
 Share

Recommended Posts

Guest oranged

how to compare two data field!? i want to compare the data input by user and the data stored inside access database. Below is my coding: password=Request.Form("passwd")Set adoCon = Server.CreateObject("ADODB.Connection")adoCon.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("db1.mdb")Set rsGuestbook = Server.CreateObject("ADODB.Recordset")strSQL = "SELECT password FROM pass where password=passwd"rsGuestbook.Open strSQL, adoConSo next after the sql query execution, what coding should be done to identify either the password input by user is identical with password inside the database.

Link to comment
Share on other sites

The above sql statement is open to sql injection. A user could put

hello OR 1=1 --
and that statement would return true giving them access to your site. You need to be careful whne using variables directly in sql conditions.You are better off to select all the passwords and put them in an array. Then loop throught the array until you find a match.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...