Member Avatar for ariffin246

Hi

I am php coder and new to asp.

I am trying to build a simple login page using asp and the db connection works fine. When the user submit the form and at the sql query section i am getting the following error
"Microsoft OLE DB Provider for ODBC Drivers error '80040e14'"

How do i fix this ? Hope to find some solution here. Thanks in advance...

<%

if Request("btnLogin")="Login" then


'‘-------------------------------------------Get Form Fields--------------------------------‘
txtUsername = request.form("Username")
txtPassword = request.form("Password")

'‘--------------------------------------------Connect to Database-------------------------‘
Dim Conn, sqlstr
Set Conn = Server.Createobject("ADODB.Connection")
Conn.Open "Driver={SQL Server};Server=ACER-PC\SQLEXPRESS;Database=UCTI;UID=sa;PWD=123;"

'‘-------------------------------------------SQL Statement---------------------------------‘
sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName= txtUsername  AND LastName =  txtPassword"

set rs = Conn.execute(sqlstr)

'‘-----------------------------------------Check if user exists---------------------------------‘
If rs.bof and rs.eof Then
response.Write("Access denied")
Else

Session("username") = txtUsername 

Status = rs("Status")

    if Status = "Admin" then
    response.Redirect("welcome.asp")
    end if

    if Status = "Lecturer" then
    response.Redirect("welcome.asp")
    end if

    if Status = "External" then
    response.Redirect("welcome.asp")
    end if

End If





end if
%>


<HTML>
<HEAD>
<TITLE>Login</TITLE>
</HEAD>
<BODY>
<FORM ACTION="login.asp" METHOD="post">
<TABLE BORDER="0">
<TR>
<TD VALIGN="Top">Username:</TD>
<TD VALIGN="Top"><INPUT TYPE="text" NAME="Username"></TD>
</TR>
<TR>
<TD VALIGN="Top">Password:</TD>
<TD VALIGN="Top"><INPUT TYPE="password" NAME="Password"></TD>
</TR>
<TR>
<TD VALIGN="Top"></TD>
<TD VALIGN="Top"><INPUT TYPE="submit" VALUE="Login" name="btnLogin"></TD>
</TR>
</TABLE>
</FORM>
</BODY>
</HTML>
  • 3 Contributors
  • 5 Replies
  • 347 Views
  • 4 Weeks Discussion Span
  • Latest Post Latest Post by jfarrugia
Member Avatar for ariffin246

I believe it has something to do with inserting or updating a record with a NULL value. Check out this article, http://tutorials.aspfaq.com/8000xxxxx-errors/why-do-i-get-80040e14-errors.html.

Thanks. I tried looking at it and modified my code from

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName=txtUsername AND LastName = txtPassword "

to

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName=  '" + txtUsername +"'   AND LastName = '"+ txtPassword"' "

I am still getting the error and unable to check the database and let the user login.

Member Avatar for ariffin246

Solved It By Using The Following Query

sqlstr = "SELECT FirstName,LastName,Status FROM Student WHERE FirstName= '" & txtUsername& "' AND LastName= '"&txtPassword&"' "

Thanks To Those Who Had Helped Me Solving The Problem

Member Avatar for cfwebdeveloper

Yeah, I forgot you have to use & and not + in asp.net. Glad you got it ;)

Member Avatar for jfarrugia

suggestion: avoid using such sql statements, use stored procedures OR ensure that the there are sufficient checks to avoid sql injection attacks - e.g. in txtusername and txtpassword. The way your code has been written, it leaves quite a few options for a mediocre hacker to insert some malicious sql - at worst you might end up with all data deleted or tables dropped.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.