Syntax Error
Snitz™ Forums 2000https://forum.snitz.com/forumTopic/Posts/68597?pagenum=1
05 November 2025, 02:40
Topic
Carefree
Syntax Error
30 April 2009, 15:49
Syntax Error
30 April 2009, 15:49
Here's some code for another password change project.
The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'
Code:
<%@ Language=VBScript%>
<%Response.Buffer = true%>
<!--#INCLUDE FILE="sha256.asp"-->
<%
set my_Conn = Server.CreateObject("ADODB.Connection")
my_Conn.Open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:\db1.mdb"
if Request.Form("Change")="DoIt" then
strSql="SELECT USERNAME, PASSWORD FROM TABLE1 WHERE USERNAME='" & REQUEST.FORM("USERNAME") & "'"
set rsVerify=my_Conn.Execute(strSql)
if not rsVerify.EOF then
if sha256(Request.Form("oldpass"))<>rsVerify("password") then
Response.Write "Invalid password.<br>"
Fini
end if
else
Response.Write "Unknown user."
Fini
end if
rsVerify.Close
set rsVerify=Nothing
' Change password
if Request.Form("newpass")=Request.Form("newpass2") then
strSql="UPDATE TABLE1 SET PASSWORD='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"
my_Conn.Execute (strSql),,adCmdText + adExecuteNoRecords
else
Response.Write "Passwords do not match."
Fini
end if
end if
my_Conn.Close
set my_Conn=Nothing
Response.Write "<form action=""password.asp"" method=""post"">" & vbNewLine & _
" <input name=""Change"" type=""hidden"" value=""DoIt"">" & vbNewLine & _
" <table width=""50%"" bgcolor=""limegreen"" border=""1"" align=""center"" cellspacing=""0"" cellpadding=""0"">" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Username: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""text"" name=""username"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Current Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""oldpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">New Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""newpass"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" <tr valign=""middle"">" & vbNewLine & _
" <td width=""30%"" align=""right"" bgcolor=""skyblue"">Confirm New Password: " & vbNewLine & _
" </td>" & vbNewLine & _
" <td width=""70%"" align=""left"" bgcolor=""white"">" & vbNewLine & _
" <input type=""password"" name=""newpass2"" width=""50"" maxlength=""50"">" & vbNewLine & _
" </td>" & vbNewline & _
" </tr>" & vbNewLine & _
" </table>" & vbNewLine & _
" <p align=""center"">" & vbNewLine & _
" <input type=""submit"" value=""Submit"">" & vbNewLine & _
" </p>" & vbNewLine & _
"</form>" & vbNewLine
Function Fini
Response.Flush
%>
<meta http-equiv="refresh" content="3;url=password.asp">
<%
End Function
%>
The line in red is giving me a syntax error. Here's a sample output:
UPDATE TABLE1 SET PASSWORD='59830ebc3a4184110566bf1a290d08473dfdcbd492ce498b14cd1a5e2fa2e441' WHERE USERNAME='test1'
Replies ...
ruirib
30 April 2009, 17:57
30 April 2009, 17:57
An ASP error or a SQL one?
Carefree
30 April 2009, 17:58
30 April 2009, 17:58
Syntax error in UPDATE statement
gary b
30 April 2009, 21:51
30 April 2009, 21:51
Remove double quotes from "newpass" and "Username"...
Edit: Add 'and Username'
Edit: Add 'and Username'
HuwR
01 May 2009, 07:43
why? that is the correct way to access a form control
01 May 2009, 07:43
Originally posted by gary b
Remove double quotes from "newpass" and "Username"...
why? that is the correct way to access a form control
Carefree
01 May 2009, 08:30
01 May 2009, 08:30
I've been wrestling with this since yesterday. I can't see anything wrong with the code but apparently MS disagrees with me.
ruirib
01 May 2009, 08:55
01 May 2009, 08:55
What database is that?
Carefree
01 May 2009, 09:03
01 May 2009, 09:03
This is a tiny Access 2000 DBase.
Shaggy
01 May 2009, 09:09
01 May 2009, 09:09
Any weird characters in the username? Don't forget to sanitise that variable before unleashing your script on the masses 
ruirib
01 May 2009, 09:10
01 May 2009, 09:10
Originally posted by CarefreeHave you tried to execute the SQL directly in Access, just to see what happens?
This is a tiny Access 2000 DBase.
Carefree
01 May 2009, 11:47
01 May 2009, 11:47
I cannot find anything wrong. Here's a link to a sample db with just those few things in it. See if anyone can spot what I'm missing.
ruirib
01 May 2009, 13:09
01 May 2009, 13:09
Enclose password in parenthesis:
It must be one "of them" reserved words...
Code:
strSql="UPDATE TABLE1 SET [PASSWORD]='"& sha256(Request.Form("newpass")) & "' WHERE USERNAME='" & Request.Form("UserName") & "'"
Carefree
01 May 2009, 14:26
01 May 2009, 14:26
I checked the list of reserved words, just in case, and it wasn't included. But if it fixes it, I'm all for it lol.
Carefree
01 May 2009, 14:39
01 May 2009, 14:39
That fixed it, alright. Don't know why it isn't on any of the reserved word lists. Thanks.
ruirib
01 May 2009, 14:49
01 May 2009, 14:49
It's a weird thing, cause it works from Access without it...
Carefree
05 October 2015, 09:11
05 October 2015, 09:11
This is an OLD topic, but I was browsing and stumbled on this. Checked my restricted keyword mod and it turns out that "password" is restricted in Jet (not in Access). That's why it had the problem with the code.