value is not showing under recordset.eof using parameterized query in vbscript

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • axiomlokesh
    New Member
    • Jul 2008
    • 4

    value is not showing under recordset.eof using parameterized query in vbscript

    I am creating one login validation page for my classic asp site(vbscript). as i want prevent my page from sql injection, i used parametrized queries in my page but i am unable to retrieve value after writing if "not recordset.eof" line. value is not passing. please help me to solve this issue. my code is below given.

    Code:
    <%
    Dim Objrs, objConn, objCmd, str
    
    Set objConn = Server.CreateObject("ADODB.Connection")
    Set objCmd  = Server.CreateObject("ADODB.Command")
    Set Objrs   = Server.CreateObject("ADODB.Recordset")
    
    objConn.open MM_connDUdirectory_STRING '(already created)
    
    Set objCmd.ActiveConnection = objConn
    
    str = "SELECT * FROM admin WHERE Ausr=? AND Apwd=?"
    
    objCmd.CommandText = str
    objCmd.CommandType = adCmdText
    
    dim objParam1, objParam2
    Set objParam1 = objCmd.CreateParameter("param1", adVarChar, adParamInput, len(StrUserName), "")
    objCmd.Parameters.Append objParam1
    objCmd.Parameters("param1") = StrUserName
    
    Set objParam2 = objCmd.CreateParameter("param2", adVarChar, adParamInput, len(StrPassword), "")
    objCmd.Parameters.Append objParam2
    objCmd.Parameters("param2") = StrPassword
    set objRS = objCmd.execute
    
    
    if objRS.EOF <> True and objRS.BOF <> True then
    if Objrs("Ausr") = objCmd.Parameters("param1") then
    response.Write(Objrs("Ausr"))
    'response.Write should show username but its showing blank
    end if
    end if
    %>
Working...