Error with Dreamweaver User Authentication when using levels - sql

I am using Dreamweavers User Authentication, and since I have introduced the use of 'levels' it just keeps erroring
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Sybase][ODBC Driver][Adaptive Server Anywhere]Syntax error near 'group' on line 1
/coding/login.asp, line 29
My code is as follows
<%#LANGUAGE="VBSCRIPT" CODEPAGE="65001"%>
<!--#include file="Connections/Conn_PSCRM_Demo.asp" -->
<%
' *** Validate request to log in to this site.
MM_LoginAction = Request.ServerVariables("URL")
If Request.QueryString <> "" Then MM_LoginAction = MM_LoginAction + "?" + Server.HTMLEncode(Request.QueryString)
MM_valUsername = CStr(Request.Form("usercode"))
If MM_valUsername <> "" Then
Dim MM_fldUserAuthorization
Dim MM_redirectLoginSuccess
Dim MM_redirectLoginFailed
Dim MM_loginSQL
Dim MM_rsUser
Dim MM_rsUser_cmd
MM_fldUserAuthorization = "group"
MM_redirectLoginSuccess = "quote-search.asp"
MM_redirectLoginFailed = "no_access.asp"
MM_loginSQL = "SELECT usercode, epros_password"
If MM_fldUserAuthorization <> "" Then MM_loginSQL = MM_loginSQL & "," & MM_fldUserAuthorization
MM_loginSQL = MM_loginSQL & " FROM DBA.[user] WHERE usercode = ? AND epros_password = ?"
Set MM_rsUser_cmd = Server.CreateObject ("ADODB.Command")
MM_rsUser_cmd.ActiveConnection = MM_Conn_PSCRM_Demo_STRING
MM_rsUser_cmd.CommandText = MM_loginSQL
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param1", 200, 1, 255, MM_valUsername) ' adVarChar
MM_rsUser_cmd.Parameters.Append MM_rsUser_cmd.CreateParameter("param2", 200, 1, 255, Request.Form("password")) ' adVarChar
MM_rsUser_cmd.Prepared = true
Set MM_rsUser = MM_rsUser_cmd.Execute
If Not MM_rsUser.EOF Or Not MM_rsUser.BOF Then
' username and password match - this is a valid user
Session("MM_Username") = MM_valUsername
If (MM_fldUserAuthorization <> "") Then
Session("MM_UserAuthorization") = CStr(MM_rsUser.Fields.Item(MM_fldUserAuthorization).Value)
Else
Session("MM_UserAuthorization") = ""
End If
if CStr(Request.QueryString("accessdenied")) <> "" And true Then
MM_redirectLoginSuccess = Request.QueryString("accessdenied")
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginSuccess)
End If
MM_rsUser.Close
Response.Redirect(MM_redirectLoginFailed)
End If
%>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
<link href="css/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div>
<h1>Coding</h1>
<p>Enter your username and password below to login</p>
<form ACTION="<%=MM_LoginAction%>" METHOD="POST" id="coding_login" name="coding-login">
<table width="50%" border="0" cellspacing="2" cellpadding="2">
<tr>
<th scope="row">Username:</th>
<td><label for="usercode"></label>
<input name="usercode" type="text" required id="usercode" size="5" maxlength="3"></td>
</tr>
<tr>
<th scope="row">Password:</th>
<td><label for="password"></label>
<input name="password" type="password" id="password" size="10" maxlength="25" required></td>
</tr>
<tr>
<th scope="row"> </th>
<td><input type="submit" name="Login" id="Login" value="Login"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
Any help would be greatly accepted.

"group" is a reserved word in sybase (and I imagine many other database systems)
on line 16 try
MM_fldUserAuthorization = """group"""

Related

How to input a number on an Internet Explorer element?

I am trying to input a number on an IE element (input) from Excel VBA.
I am not a HTML developer, but there are some frame codes that might influence my problem.
This is what I have in VBA:
IE.Navigate "http://thisandthat/herewego.asp"
IE.Document.getElementsbyId("txt_cod_re_rh").Value = "aaaa"
Nothing happens.
I also tried to get the element ID or test if VBA could see it, but it looks like VBA cannot find it on the page (tried ID and class):
Set element = Document.getElementByclass("select_st")
ThisWorkbook.Sheets(1).Range("b1").Value = element
This is my HTML:
<SCRIPT LANGUAGE="VBS">
smthing
</SCRIPT>
<HTML>
<HEAD>
<link href="../css/standard.css" rel="stylesheet" type="text/css">
<script language="JavaScript" src="include/scripts.js"></script>
<script language="JavaScript">
function exibeRelatorierer(server) {
d = window.document.frmFilter;
var cod_VP = d.cbo_VP;
var cod_periodo = d.cbo_Periodoerer;
var cod_re_rh = d.txt_cod_re_rh;
if (cod_re_rh.value == '') {
cod_re_rh.value = "0";
}
if (cod_periodo.value == -1) {
alert("Select smthing.");
}else{
if (d.TC[0].checked) {
parent.frames['frmMain'].location = servidor234234 + "RPT_CPR01884_TS" + "&rc:Area=Toolbar&rc:LinkTarget=frmMain&rc:JavaScript=True&rs:ClearSession=true&rc:Parameters=false" + "&COD_VP=" + cod_VP.value + "&COD_PERIODO=" + cod_periodo.value + "&COD_RE_RH=" + cod_re_rh.value
} else {
parent.frames['frmMain'].location = servidor234234 + "RPT_CPR01884_CP" + "&rc:Area=Toolbar&rc:LinkTarget=frmMain&rc:JavaScript=True&rs:ClearSession=true&rc:Parameters=false" + "&COD_VP=" + cod_VP.value + "&COD_PERIODO=" + cod_periodo.value + "&COD_RE_RH=" + cod_re_rh.value
}
I believe this code above is messing me up trying to insert value to the txt_cod_re_rh.
I read something about a frame? Is this element on another frame? (No idea, really.)
This is the code where the input box is:
<form id="Form1" name="frmFiltro">
<table border="0" width="100%" cellpadding="0" cellspacing="0">
<tr class="table_bhoras1" height="50" align="center">
<td>Extração</td>
</tr>
</table>
<table id="Table3" cellSpacing="0" cellPadding="0" width="100%" border="0" class="titsemlink2">
<TR class="titsemlink2">
<td>
Inform number:
</td>
<td>
<input class="select_st" type="text" name="txt_cod_re_rh" id="txt_cod_re_rh" value="" />
</td>
</TR>
You have typos in your code. The methods .getElementsbyId or getElementByclass do not exist within the InternetExplorer document object in VBA.
You can try this via element id:
Set element = IE.Document.getElementById("txt_cod_re_rh")
element.value = "aaaa"
Or via classname:
Set element = IE.Document.getElementsByClassName("select_st")(0)
element.value = "aaaa"
Withou the full html is difficult to tell if it is inside an iframe or not.

ASP connecting to SQL Server database

<%
'declare the variables
Dim Recordset
Dim sql
dim Conn
Dim name1,email1,phone1,company1,title1
name1 = request.form("TxtName")
email1 = request.form("TxtEmail")
phone1 = request.form("TxtPhone")
company1 = request.form("TxtCompany")
title1 = request.form("TxtJob")
'create an instance of the ADO connection and recordset objects
Set Conn= Server.CreateObject("ADODB.Connection")
Set Recordset = Server.CreateObject("ADODB.Recordset")
'open the connection to the database
Conn.ConnectionString = "DSN=blah;User Id=...;Password=...;Database=...."
'Open the recordset object executing the SQL statement and return records
Recordset.Open
Conn.open
sql="INSERT INTO register (Name, email, phonenumber, company, title)"
sql=sql & "values ('"& name1 &"','"& email1 &"','"& phone1 &"','"& company1 &"','"& title1 &"')"
Conn.Execute(sql)
Conn.Close()
%>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sample Registration Page</title>
</head>
<body>
<form name"form" action="">
<table>
<tr>
<td>Full Name:</td>
<td>
<input name="TxtName" id="TxtName" type="text" />
</td>
</tr>
<tr>
<td>Email:</td>
<td>
<input name="TxtEmail" id="TxtEmail" type="text" />
</td>
</tr>
<tr>
<td>Phone:</td>
<td>
<input name="TxtPhone" id="TxTPhone" type="text" />
</td>
</tr>
<tr>
<td>Company:</td>
<td>
<input name="TxtCompany" id="TxtCompany" type="text" />
</td>
</tr>
<tr>
<td>Job Title:</td>
<td>
<input name="TxtJob" id="TxtJob" type="text" />
</td>
</table>
<input name="button" ID="Button1" value="submit" type="Submit" />
</form>
</body>
</html>
I get an error 500 message when I run this page, I have no idea where my mistake is.
I also did make the DSN connection with name called blah to my SQL Server.
I ran the ASP part alone and it works, however the database section is where my problem lies. I really appreciate any help since I'm relatively new to this.
First, you should activate the friendly display of errors on your web server in order to know exactly what and where the error is instead of the generic, say nothing Error 500 that you are getting at this moment.
Second, in the meantime, add a couple of Response.write followed by Response.Flush to see what's going and where; for example to display the result of the building of the sql string:
sql = ...
response.write sql & "<br>"
response.flush
Second, you try to open a Recordset with no associated Command object or sql query string; you cannot do that and in fact, you don't need any Recordset here because your have an Insert query, not a Select query.
Finally, using a DSN with ADODB is a bad idea. DSN are for ODBC and by using ODBC under ADODB, you are adding an old, useless layer to your data connection. You should instead use the latest native OLEDB provider for your SQL-Server. Search the web for Connection String and you will get a few web sites with full details on the available providers along with their connection strings.
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Sample Registration Page</title>
</head>
<body>
<form action="registration.asp" method="POST" name="form1">
<table>
<tr>
<td>Full Name:</td>
<td><input name="TxtName" id="TxtName" type="text" /></td>
</tr>
<tr>
<td>Email:</td>
<td><input name="TxtEmail" id="TxtEmail" type="text" /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input name="TxtPhone" id="TxTPhone" type="text" /></td>
</tr>
<tr>
<td>Company:</td>
<td><input name="TxtCompany" id="TxtCompany" type="text" /></td>
</tr>
<tr><td>Job Title:</td>
<td><input name="TxtJob" id="TxtJob" type="text" /></td>
</table>
<input name="button" ID="Button1" value="submit" type="Submit" />
</form>
</body>
</html>
<%
If Request.ServerVariables("REQUEST_METHOD") = "POST" then
Dim Conn, Rs, ConnString, SQL_Insert
Dim name1,email1,phone1,company1,title1
name1 = request.form("TxtName")
email1 = request.form("TxtEmail")
phone1 = request.form("TxtPhone")
company1 = request.form("TxtCompany")
title1 = request.form("TxtJob")
Set Conn= Server.CreateObject("ADODB.Connection")
ConnString = "DSN=blah;User Id=...;Password=...;Database=...."
Conn.Open ConnString
SQL_Insert="INSERT INTO register (Name, email, phonenumber, company, title)" & _
"values ('"& name1 &"','"& email1 &"','"& phone1 &"','"& company1 &"','"& title1 &"');"
Conn.Execute SQL_Insert
Conn.Close
Set Conn = Nothing
Set SQL_Insert = Nothing
End If
%>
As you are not retrieving any data from database there is no need of RecordSet.
copy and paste this code in a file & name it "registration.asp"
Don't forget to replace the connection string with the actual one
for tutotrial visit www.w3schools.com
hope this is helpful
A space char seems to be missing on the SQL.
sql = "INSERT INTO register (...)SPACE-MISSING-HERE"
sql = sql & "values (...)"
Conn.Execute(sql)
Conn.Close()

Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another

This is the search-process.asp file, I have a main page with a search box that links to this and uses search terms to search my database.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>UNIBOOK - Your facebook alternative - but with no adverts..!</title>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/unibookStyle.css" />
<%# Language=VBScript %>
<%
set conx=server.CreateObject("adodb.connection")
conx.Provider="Microsoft.ACE.OLEDB.12.0"
conx.Open Server.Mappath("db/unibookv2.mdb")
set userRs=server.CreateObject("adodb.recordset")
userRs.Open "SELECT * FROM ubuser WHERE usr_firstname LIKE '%" & request("searchinput") & "%' OR usr_lastname LIKE '%" & request("searchinput") & "%' ORDER BY '%" & request("orderlist") & "%' ",conx, adOpenkeyset, AdLockOptimistic
%>
<!-- #include FILE="include/header.asp") -->
<div id="container"><!-- start container -->
<h2>USER DATABASE</h2>
<!-- start of dynamic html page -->
<h2>ASP Search Results ordered by : <%=request("orderlist")%></h2>
<%="<b>Search string:</b> " & searchinput & "<br />"%>
<hr align="left" width="658" />
<%if NOT userRs.EOF Then%>
<!-- start of html table -->
<table border="0" width="758" cellspacing="0" cellpadding="3">
<!-- create the first (heading) row in standard HTML -->
<tr class="tableheading">
<td><b>Usr_id</b></td><td><b>firstname</b></td><td> <b>lastname</b></td><td> </td>
<td><b>Usr_id</b></td><td><b>firstname</b></td><td> <b>lastname</b></td><td> </td>
</tr>
<% counter=0 %>
<%Do While Not userRs.EOF
counter=counter+1
if ((counter mod 2)= 1) Then%>
<tr>
<td>
<%=userRs("usr_id") & " "%>
</td>
<td>
<%=userRs("usr_firstname") %>
</td>
<td>
<%=userRs("usr_lastname") %>
</td>
<%else%>
<td>
<!-- display the name of the mountain -->
<%=userRs("usr_id") & " "%>
</td>
<td>
<!-- some comment here -->
<%=userRs("usr_firstname") %>
</td>
<td>
<%=userRs("usr_lastname") %>
</td>
</tr>
<%end if%>
<%userRs.MoveNext
LOOP%>
</table>
<%else%>
<!-- remember to provide a message if the search is not successful -->
<h3>Sorry your search was unsuccessful, please retry</h3>
<%end if%>
<p> </p>
<hr align="left" width="658">
<input type="button" value="< Back to Search Page" OnClick="top.location='default.asp'">
<!-- #include FILE="include/sidebar.asp") -->
</div><!-- end main page content -->
<%
' tidy up any ASP objects used to free web server resources...
userRs.close
set userRs=nothing
set conx=nothing
%>
<!-- #include FILE="include/footer.asp") -->
</body>
</html>
I am getting this error and am not sure if it is the SQL or ASP
ADODB.Recordset error '800a0bb9'
Arguments are of the wrong type, are out of acceptable range, or are in conflict with one another.
/student/s0190204/part2/search-process.asp, line 17
Are you including the definitions for adOpenkeyset, AdLockOptimistic etc... Its usually in a file called adovbs.inc, but you could add them to other include files in your page..
An unterminated string constant can be caused by an apostrophe in the search input. That is one of the many problems that can be solved by using query parameters.

Can't seem to figure out why the InnerHTML statements are not working

I have been using a javascript editor and it works fine in it's built-in browser but when I try it in IE and Firefox it loads but then doesn't function.
The HTML is as follows:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<noscript>
<p>This page requires JavaScript. Please turn on JavaScript if your browser supports it and reload the page.</p>
</noscript>
<script type = "text/javascript" src="jscripts/pvar.js">
</script>
<title></title>
</head>
<body>
<form name="form1">
Version 2012.10.1.1a
<h2>
Panasas Sizing Form
</h2>
<br>
<table colspan='3' border='0'>
<tr>
<td align="left"> <input type="text" name="textq1" id="dtextq1" readonly="readonly" value="How will this be sized?" style="border: 0"/>
<select name="question1" id="dquestion1" value="" onfocus="this.style.background='khaki'" onblur="this.style.background='white'" onchange="setOptions1(document.form1.question1.options[document.form1.question1.selectedIndex].value)">
<Option value=""></option>
<Option value="Capacity">Capacity</option>
<Option value="Bandwidth">Bandwidth</option>
<Option value="Both">Both</option>
</select></td>
<tr>
<td align="left" id="q1c1"> </td>
<tr>
<td align="left" id="q2c1"> </td>
<tr>
<td align="left" id="q3c1"> </td>
<tr>
<td align="left" id="q4c1"> </td>
<tr>
<td align="left" id="q5c1"> </td>
<tr>
<td align="left" id="q6c1"> </td>
<tr>
<td align="left" id="q7c1"> </td>
</table>
</form>
</body>
</html>
The Javascript is as follows:
function setOptions1(chosen)
{
var label=document.getElementById;
var textbox1="";
var textbox2="";
if (chosen == "") {
label('q1c1').innerHTML="";
label('q2c1').innerHTML="";
label('q3c1').innerHTML="";
label('q4c1').innerHTML="";
label('q5c1').innerHTML="";
label('q6c1').innerHTML="";
label('q7c1').innerHTML="";
}
if (chosen == "Capacity") {
label('q1c1').innerHTML="How much capacity do you require?";
label('q1c1').appendChild(document.createTextNode(' '));
textbox1 = document.createElement('INPUT');
textbox1.type = 'text';
textbox1.value = 0;
textbox1.size = 2;
textbox1.maxLength = 4;
label('q1c1').appendChild(textbox1);
label('q1c1').appendChild(document.createTextNode(' '));
textbox2 = document.createElement('SELECT');
textbox2_option = document.createElement('option');
textbox2_option= new Option ('GB',1,true,false);
textbox2_option= new Option ('GiB',2,false,false);
textbox2.add(textbox2_option);
label('q1c1').appendChild(textbox2);
label('q2c1').innerHTML="Average File Size:";
label('q3c1').innerHTML="Network efficiency:";
label('q4c1').innerHTML="What price level?";
label('q5c1').innerHTML="Would you like to include an IB Router?";
label('q6c1').innerHTML="";
label('q7c1').innerHTML="";
}
if (chosen == "Bandwidth") {
label('q1c1').innerHTML="What are the bandwidth requirements?";
label('q2c1').innerHTML="Network efficiency:";
label('q3c1').innerHTML="Average File Size:";
label('q4c1').innerHTML="What price level?";
label('q5c1').innerHTML="Would you like to include an IB Router?";
label('q6c1').innerHTML="";
label('q7c1').innerHTML="";
}
if (chosen == "Both") {
label('q1c1').innerHTML="How much capacity do you require?";
label('q2c1').innerHTML="Average File Size:";
label('q3c1').innerHTML="What are the bandwidth requirements?";
label('q4c1').innerHTML="Network efficiency:";
label('q5c1').innerHTML="What price level?";
label('q6c1').innerHTML="Would you like to include an IB Router?";
label('q7c1').innerHTML="";
}
}//end function
The problem is this line:
var label=document.getElementById;
Replace it with
function label(s) {
return document.getElementById(s);
}
Host objects are picky -- they don't always like to be treated like regular function references.
BTW: I cut-and-pasted your code into a file than ran it through Google Chrome. The error message was an invalid invocation which let me down replacing the definition of label as my first debugging step.

How to check if the ResultSet is empty?

<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%#page import="java.sql.*"%><%#page import = "java.sql.ResultSet" %>
<%#page import = "java.sql.Connection" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Getting Database Connection</title>
</head>
<body>
<%
ResultSet result = null ;
Connection connection1 = null;
try
{
String driverName1 = "oracle.jdbc.driver.OracleDriver";
Class.forName(driverName1);
String serverName = "localhost";
String portNumber = "1521";
String sid = "XE";
String url = "jdbc:oracle:thin:#" + serverName + ":" + portNumber + ":" + sid;
String username = "SYSTEM";
String password = "password";
connection1 = DriverManager.getConnection(url, username, password);
out.println(connection1.isClosed());
String Name = request.getParameter("name");
String Age = request.getParameter("age");
int AgeConvert = Integer.parseInt(Age);
String ADR = request.getParameter("address");
String sqlInsert = " INSERT INTO ADDRESS (NAME,AGE,ADR) VALUES ('" + Name + "' , " + AgeConvert + ", '" + ADR +"')";
Statement stm = connection1.createStatement();
stm.execute(sqlInsert);
out.println(" User Created");
}
catch(Exception e )
{
out.println("User not created");
e.printStackTrace();
}
%>
<table>
<tr>
<td> <b>To search the User Please enter the name in the below box </b> </td>
</tr>
<tr>
<td> Name </td>
<td> <input type = "text" name ="userName" /> </td>
</tr>
<tr>
<td> <input type ="submit" value = "Search" /></td>
</tr>
</table>
<% ResultSet results = null ;
String userNameToBeSearched = request.getParameter("userName");
String sqlselect = " SELECT * FROM ADDRESS WHERE NAME ='"+userNameToBeSearched+"'";
Statement stm2 = connection1.createStatement();
results = stm2.execute(sqlselect);
**// getting error in this loop it says can convert boolean to ResultSet please help me**
if (results.next()) {
do {
%>
<TABLE BORDER="1">
<TR>
<TH>Name</TH>
<TH>Age</TH>
<TH>Address</TH>
</TR>
<TR>
<TD> <%= results.getString(1) %> </TD>
<TD> <%= results.getInt(2) %> </TD>
<TD> <%= results.getString(3) %> </TD>
</TR>
</TABLE>
<%
} while (results.next());
} else
{
out.println("User not found");
}
%>
</body>
</html>
if(!resultSet.isBeforeFirst()){
System.out.println("resultset contin no rows");
}
isBeforeFirst() returns true if the cursor is before the first row; false if the cursor is at any other position or the result set contains no rows
try stm2.exexuteQuery()
This will grab the result set
ResultSet.next() returns false if no more rows are found, otherwise true.
Would it not work doing:
if(!resultSet.next()){
System.out.println("Rows not found");
}
.next() will go through the rows and validate if there is any row.