Ok The following code doesnt seem to let me go to page 2 when valed email is given

<% Sub PReset() '''''''''''''''''''''''''''''''''' %>
<head><title>Password Reset Page</title></head>

<body>
<% Call ConfirmEmail()%>
<form name="PReset" action="Login.asp?PReset=1" method="post">
<input type="hidden" name="submitnumber" value="<% = submitnumber %>" />
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="28%">&nbsp;</td>
<td width="42%">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tr>
<td width="100%" colspan="2"><P Class=Text><b>Enter email address below<br />Your password will be reset and emailed to you</b></p></td>
</tr>
<tr>
<td width="100%" colspan="2">&nbsp;</td>
</tr>
<tr>
<td width="50%"><p align=right>Email Address:</p></td>
<td width="50%"><input id="email" maxlength="100" size="23" name="email" value="<% = Server.HTMLEncode(email) %>"></td>
</tr>
<tr>
<td width="100%" align="center" colspan="2"><% If submitnumber > 1 AND ValidEmail(email) = False Then Response.Write("<span style=""color:#cc0000""> * Invalid Email Address * </span>")%><% If emailfound = False Then Response.Write("<span style=""color:#cc0000""> * Your email address was not found in our members database. * </span>")%></td>
</tr>
</table>
</td>
<td width="34%">&nbsp;</td>
</tr>
<tr>
<td width="28%">&nbsp;</td>
<td width="42%" align="center"><br /><input type="submit" value="Submit" /><br /><br /><a href="mailto:ResetPassword@lycosidea.com">Forgotten your Email Address</a></td>
<td width="34%">&nbsp;</td>
</tr>
</table>
</form>
</body>
<% End Sub ''''''''''''''''''''''''''''''''''''''' %>

<%
Sub ConfirmEmail() ''''''''''''''''''''''''''''
Dim ConfirmQuery
ConfirmQuery = "SELECT email FROM members WHERE email = '" & SQLFormat(email) & "'"
Set RS = Conn.Execute(ConfirmQuery)
If RS.EOF = true then
emailfound = False ' The email was not found, they still need to register
Else
If NOT rs.EOF Then
Response.Redirect("Login.asp?Preset=2")
End If
End If
End Sub ''''''''''''''''''''''''''''''''''''''''''
%>

What's "SQLFormat"?

The first thing to do with debugging database stuff, is to response.write your SQL string. Have a look at what, exactly, the database is getting. Then you can work out why it's - in 90% of cases - not returning any rows.

A quick note though - this seems a little... OTT?


If RS.EOF = true then
emailfound = False ' The email was not found, they still need to register
Else
If NOT rs.EOF Then
Response.Redirect("Login.asp?Preset=2")
End If
End If


You could shorten to:


If rs.EOF then
emailfound = False ' The email was not found, they still need to register
Else
Response.Redirect("Login.asp?Preset=2")
End If

Ok SQLFormat is

Function SQLFormat(byVal str)
If IsNull(str) Then str = ""
SQLFormat = Replace(str,"'","''")
End Function


Whats OTT stand for?

I don't quite see the use of that function. It only does the replace. So using
Replace(email,"'","''")
would have the same result.

You should check ig the email is empty, before building the sql statement. Like

ConfirmQuery = "SELECT email FROM members"

if Len(email) > 0 then
ConfirmQuery = ConfirmQuery + " WHERE email ='" + Replace(email,"'","''") + "'"
end if


And after the select, use Spudhead shorter version. (but the first line probably needs to be
If rs.EOF=True then

And close the recordset and connection and release all resources. Like

RS.Close
RS=nothing

conn.Close
set conn = nothing

That function is handy (or a similar one) when you are writing a lot of fields to a database that potentially have single quotes in them from user input...

that way you can just "wrap" it... like

"INSERT INTO DATABASE (blah1,blah2,blah3) VALUES ('" & SQLSafe(blah1) & "','" & SQLSafe(blah2) & "','" & SQLSafe(blah3) & "'"

Instead of having to replace each one in the string on the fly... that's what a function is for!!! You definitely don't want to replace the values at any other time, as it would corrupt the data... i.e.:

Shawn O'Brien

might become:

Shawn O''Brien

or

Shawn O''''''''''''Brien

otherwise... and trust me, I've seen plenty of examples of people NOT doing that right... ;)

P.S. Make sure to follow the other advice here though... I don't write to a database AT ALL unless every variables has succeeded in passing my validation requirements.