The Forum has been Updated
The code has been upgraded to the latest .NET core version. Please check instructions in the Community Announcements about migrating your account.
Here's some code for another password change project.
The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'
Code:
<%@ Language=VBScript%>
<%Response.Buffer = true%>
<!--#INCLUDE FILE="sha256.asp"-->
<%
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\db1.mdb"
if Request.Form("Change")="DoIt" then
strSql="SELECT USERNAME, PASSWORD FROM TABLE1 WHERE USERNAME='" & REQUEST.FORM("USERNAME") & "'"
set rsVerify=my_Conn.Execute(strSql)
if not rsVerify.EOF then
if sha256(Request.Form("oldpass"))<>rsVerify("password") then
Response.Write "Invalid password.<br>"
Fini
end if
else
Response.Write "Unknown user."
Fini
end if
rsVerify.Close
set rsVerify=Nothing
' Change password
if Request.Form("newpass")=Request.Form("newpass2") then
strSql="UPDATE TABLE1 SET PASSWORD='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
else
Response.Write "Passwords do not match."
Fini
end if
end if
my_Conn.Close
set my_Conn=Nothing
Response.Write "<form action=""password.asp"" method=""post"">" & vbNewLine & _
" <input name=""Change"" type=""hidden"" value=""DoIt"">" & vbNewLine & _
" <table width=""50%"" bgcolor=""limegreen"" border=""1"" align=""center"" cellspacing=""0"" cellpadding=""0"">" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Username: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""text"" name=""username"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Current Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""oldpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">New Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""newpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Confirm New Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""newpass2"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" <p align=""center"">" & vbNewLine & _
" <input type=""submit"" value=""Submit"">" & vbNewLine & _
" </p>" & vbNewLine & _
"</form>" & vbNewLine
Function Fini
Response.Flush
%>
<meta http-equiv="refresh" content="3;url=password.asp">
<%
End Function
%>
The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'
Posted
An ASP error or a SQL one?
Posted
Syntax error in UPDATE statement
Posted
Remove double quotes from "newpass" and "Username"...
Edit: Add 'and Username'
Edit: Add 'and Username'
Posted
Originally posted by gary b
Remove double quotes from "newpass" and "Username"...
why? that is the correct way to access a form control
Posted
I've been wrestling with this since yesterday. I can't see anything wrong with the code but apparently MS disagrees with me.
