Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
 All Forums
 Community Forums
 Code Support: ASP (Non-Forum Related)
 Syntax Error

Note: You must be registered in order to post a reply.
To register, click here. Registration is FREE!
Before posting, make sure you have read this topic!

Screensize:
UserName:
Password:
Format Mode:
Format: BoldItalicizedUnderlineStrikethrough Align LeftCenteredAlign Right Horizontal Rule Insert HyperlinkInsert EmailInsert Image Insert CodeInsert QuoteInsert List
   
Message:

* HTML is OFF
* Forum Code is ON
Smilies
Smile [:)] Big Smile [:D] Cool [8D] Blush [:I]
Tongue [:P] Evil [):] Wink [;)] Clown [:o)]
Black Eye [B)] Eight Ball [8] Frown [:(] Shy [8)]
Shocked [:0] Angry [:(!] Dead [xx(] Sleepy [|)]
Kisses [:X] Approve [^] Disapprove [V] Question [?]

 
   

T O P I C    R E V I E W
Carefree Posted - 30 April 2009 : 15:49:15
Here's some code for another password change project.

<%@ Language=VBScript%>
<%Response.Buffer = true%>
<!--#INCLUDE FILE="sha256.asp"-->
<%
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\db1.mdb"
if Request.Form("Change")="DoIt" then
	strSql="SELECT USERNAME, PASSWORD FROM TABLE1 WHERE USERNAME='" & REQUEST.FORM("USERNAME") & "'"
	set rsVerify=my_Conn.Execute(strSql)
	if not rsVerify.EOF then
		if sha256(Request.Form("oldpass"))<>rsVerify("password") then
			Response.Write	"Invalid password.<br>"
			Fini
		end if
	else
		Response.Write	"Unknown user."
		Fini
	end if
	rsVerify.Close
	set rsVerify=Nothing
	'	Change password
	if Request.Form("newpass")=Request.Form("newpass2") then
		strSql="UPDATE TABLE1 SET PASSWORD='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"
		my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
	else
		Response.Write	"Passwords do not match."
		Fini
	end if
end if
my_Conn.Close
set my_Conn=Nothing
Response.Write	"<form action=""password.asp"" method=""post"">" & vbNewLine & _
	"	<input name=""Change"" type=""hidden"" value=""DoIt"">" & vbNewLine & _
	"	<table width=""50%"" bgcolor=""limegreen"" border=""1"" align=""center"" cellspacing=""0"" cellpadding=""0"">" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Username: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""text"" name=""username"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Current Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""oldpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">New Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""newpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"		<tr valign=""middle"">" & vbNewLine & _
	"			<td width=""30%"" align=""right"" bgcolor=""skyblue"">Confirm New Password: " & vbNewLine & _
	"			</td>" & vbNewLine & _
	"			<td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
	"				<input type=""password"" name=""newpass2"" width=""50"" maxlength=""50"">" & vbNewLine & _
	"			</td>" & vbNewline & _
	"		</tr>" & vbNewLine & _
	"	</table>" & vbNewLine & _
	"	<p align=""center"">" & vbNewLine & _
	"		<input type=""submit"" value=""Submit"">" & vbNewLine & _
	"	</p>" & vbNewLine & _
	"</form>" & vbNewLine

Function Fini
	Response.Flush
	%>
	<meta http-equiv="refresh" content="3;url=password.asp">
	<%
End Function
%>


The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'
15   L A T E S T    R E P L I E S    (Newest First)
Carefree Posted - 05 October 2015 : 09:11:59
This is an OLD topic, but I was browsing and stumbled on this. Checked my restricted keyword mod and it turns out that "password" is restricted in Jet (not in Access). That's why it had the problem with the code.
ruirib Posted - 01 May 2009 : 14:49:30
It's a weird thing, cause it works from Access without it...
Carefree Posted - 01 May 2009 : 14:39:36
That fixed it, alright. Don't know why it isn't on any of the reserved word lists. Thanks.
Carefree Posted - 01 May 2009 : 14:26:10
I checked the list of reserved words, just in case, and it wasn't included. But if it fixes it, I'm all for it lol.
ruirib Posted - 01 May 2009 : 13:09:28
Enclose password in parenthesis:

     strSql="UPDATE TABLE1 SET [PASSWORD]='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"

It must be one "of them" reserved words...
Carefree Posted - 01 May 2009 : 11:47:10
I cannot find anything wrong. Here's a link to a sample db with just those few things in it. See if anyone can spot what I'm missing.
ruirib Posted - 01 May 2009 : 09:10:45
quote:
Originally posted by Carefree

This is a tiny Access 2000 DBase.

Have you tried to execute the SQL directly in Access, just to see what happens?
Shaggy Posted - 01 May 2009 : 09:09:29
Any weird characters in the username? Don't forget to sanitise that variable before unleashing your script on the masses

Carefree Posted - 01 May 2009 : 09:03:42
This is a tiny Access 2000 DBase.
ruirib Posted - 01 May 2009 : 08:55:08
What database is that?
Carefree Posted - 01 May 2009 : 08:30:47
I've been wrestling with this since yesterday. I can't see anything wrong with the code but apparently MS disagrees with me.
HuwR Posted - 01 May 2009 : 07:43:50
quote:
Originally posted by gary b

Remove double quotes from "newpass" and "Username"...



why? that is the correct way to access a form control
gary b Posted - 30 April 2009 : 21:51:05
Remove double quotes from "newpass" and "Username"...

Edit: Add 'and Username'
Carefree Posted - 30 April 2009 : 17:58:29
Syntax error in UPDATE statement
ruirib Posted - 30 April 2009 : 17:57:29
An ASP error or a SQL one?

Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.11 seconds. Powered By: Snitz Forums 2000 Version 3.4.07