Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts

    how to manipulate and validate strings

    Hi, I have just got through a login, relogin, displaydata, update, add and delete section for a web site, with a lot of help from this forum, but i did not use any validation on input and strings, not knowing how to do this i skipped it for later, now i get errors such as when the login fields are spelt correct but wrongly in uppercase i get an error, though a wrong entry in uppercase does not cause any problems...what i need to do is convert all to lowercase and perform a trim on all the text boxes on login, edit and add new...but i now find it difficult to insert these into my (very confusing) code...is it possible to put all these functions on an include file or something that i can easily call instead of going back into all the code?
    ska

  • #2
    Regular Coder
    Join Date
    Jan 2003
    Posts
    867
    Thanks
    4
    Thanked 8 Times in 8 Posts
    Probably. It just depends how your code is already written. Assuming you have something like:

    Code:
    strUsername=request.querystring("strUsername")
    You can change it to

    Code:
    strUsername=trim(lcase(request.querystring("strUsername")))
    There isn't much benefit to putting it in an include file though.

  • #3
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    what about using a page of javascript functions, is there any benefit in that?
    ska

  • #4
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i tried the above example but i couldnt get it to work...i had to try it here before the form data was matched to the database...so i tried declaring variables strings 1, 2 & 3 and did trim and lcase on these before selecting WHERE Fusername = String1 etc, but coul;d not get the syntax right on this...i also tried doing the trim and lcase funtions on the request.form in the sql statement but couldnt get this to work either...can some one advise please?

    below are versions of the two ways i tried and failed:

    stringx= trim(lcase(Request.Form("Tusername")))
    stringy= trim(lcase(Request.Form("Tuserpin")))
    stringz= trim(lcase(Request.Form("Tuserpassword")))


    strSQL = "SELECT Fid, Fusername, Fuserpin, Fuserpassword FROM tblLoginuser WHERE Fusername = " ' " & stringx & " ' " and Fuserpin= " ' " & stringy & " ' " and Fuserpassword= " ' " & stringz & " ' " "

    set rstLoginChecker=cnn.execute(strSQL)



    strSQL = "SELECT Fid, Fusername, Fuserpin, Fuserpassword FROM tblLoginuser WHERE Fusername = '" & Request.Form("Tusername") & "' and Fuserpin= '" & Request.Form("Tuserpin") & "' and Fuserpassword= '" & Request.Form("Tuserpassword") & "'"
    Last edited by skalag; 02-07-2003 at 09:29 PM.
    ska

  • #5
    Senior Coder
    Join Date
    Jun 2002
    Location
    41° 8' 52" N -95° 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Your explanation was a bit confusing... are you having trouble comparing strings because they aren't the same case? If so, then you can UCase() Them when you compare them:

    If UCase(somestring) <> UCase(someotherstring) Then
    ' Uh-oh, they don't match!
    End If



    If that doesn't help, let's start sorting through the specific errors one at a time.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #6
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    okay ill try and make sense, im posting username and password from htm page where it is then used to select matching username and password from database, i want to ensure that there are no unwanted spaces or characters or upper case chars in the data from the htm form before it is used in sql statement...
    in the post above i showed how i tried passing the form values to string variables and using the variables in the Sql statement but i keep getting syntax errors doing this...i dont know how to select 3 string variables from the database through a sql statement
    ska

  • #7
    Senior Coder
    Join Date
    Jun 2002
    Location
    41° 8' 52" N -95° 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Ok, well unwanted spaces, characters, etc. don't matter at all when you're requesting something using a SQL statement. Also, SQL is case-insensitive, so "WHAMMY" would still equal "whammy" as far as SQL is concerned.

    Either the username and password match, or they don't... it seems like you aren't really sure what the problem is, by your explanation.

    The only thing that will give you grief when requesting this information from SQL is the single quote - see this link for a full explanation:

    Single Quotes give me a syntax error!

    If that's not the problem (single quotes), then there is something wrong with your SQL Syntax. In these cases, it's best to do this:
    Code:
    MySQLStatement = "WHATEVER"
    Response.Write(MySQLStatement) : Response.End
    
    'Conn.Execute(MySQLStatement)
    That way, you can see exactly what's being processed.

    P.S. for strings, you have to do something like:

    "SELECT * FROM tablename WHERE mystring = '" & mystring & "'"
    Last edited by whammy; 02-08-2003 at 12:35 AM.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #8
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    okay here i am again, i think you are right Whammy, im not sure at all what im doing, i did a little bit of vb a couple of years ago, small examples manipulating text etc...but its a lot more daunting trying to put all those bits together in one web application, where theres plenty more i have never done...basically im at the stage now where i finally have connections ok, display, add, deelete, and update all sorted but with no error trapping, validation etc and i thought i should do some trim and lcase and ensuring text boxes have data entered etc... i do have a problem on the login form though, as i mentioned earlier, a wrong pasword/username in ucase or lcase is redirected to relogin, but a correct pass/user in ucase when it should be lcase leads to a server asp error page...this is what i really dont understand and i thought it was necessary to convert all text boxes to lcase to prevent this error occurring....i also wanted to do lcase, trim and ensure data was entered on the login page where it looks easier, before trying on the edit and addnew pages where it looks more complicated.
    ska

  • #9
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    thanks Whammy, the syntax for the sql statement works as you showed:
    ' " & stringx & " '

    i tried many versions of this inc:

    " ' " & stringx & " ' "
    " ' " & (stringx) & " ' "
    " ' " & ("stringx") & " ' "
    ' & stringx & '
    " & stringx & "
    " & (stringx) & "
    & ("stringx") &

    i tried every combo i could think of,
    thanks a lot again guys for the help, ive got it to work at last, thats one potential error avoided , only how many more to go???
    Last edited by skalag; 02-08-2003 at 06:29 PM.
    ska

  • #10
    Senior Coder
    Join Date
    Jun 2002
    Location
    41° 8' 52" N -95° 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Not sure what's happening with the case-sensitivity, can you post the relevant code?
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #11
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    OK WHAMMY, im sorry for the state of this and youll probably understand why i get lost when you see it, i took long and unnecessary ways to get things done and havent removed anything i feel is redundant, not yet anyway, i am planning to go back and rewrite when i have got this alll finished, hopefully it will look more like the excellently displayed (neat, readable) code from members on this forum...

    login page: (HTML tags removed)

    code:
    ---------------------------------------------------------------------------

    <form name="form" method="post" action="asp/Logincheck.asp

    <input type="password" name="Tusername" size="20" maxlength="8">

    <input type="password" name="Tuserpin" maxlength="4" size="20">

    <input type="password" name="Tuserpassword" maxlength="8" size="20">

    <input type="reset" name="reset" value="Cancel">

    <input type="submit" name="Submit" value="Submit">

    ---------------------------------------------------------------------------
    code:

    ok...simple enuff

    logincheck.asp: (this is the version that now trims and converts to lower case with no errors)


    code:
    ---------------------------------------------------------------------------
    <OBJECT RUNAT=SERVER ID=cnn PROGID="ADODB.Connection"></OBJECT>

    <%
    cnn.Open Application("ConnectionString")
    dim strSQL , rstLoginChecker


    'retrieve input from (re)login form and Trim and convert to lower case in variable strings x, y, z
    'use variable strings to query the database

    stringx= trim(lcase(Request.Form("Tusername")))
    stringy= trim(lcase(Request.Form("Tuserpin")))
    stringz= trim(lcase(Request.Form("Tuserpassword")))



    strSQL="SELECT Fid, Fusername, Fuserpin, Fuserpassword FROM tblLoginuser WHERE Fusername = '" & stringx & "' AND Fuserpin = '" & stringy & "' AND Fuserpassword = '" & stringz & "'"

    set rstLoginChecker=cnn.execute(strSQL)


    if rstLoginChecker.EOF or rstLoginChecker.BOF then
    response.redirect ("/MEMBERS/relogin.htm")

    else
    while not rstLoginChecker.EOF

    'used to pass value to displaydata.asp page
    'why index and loguser?

    dim INDEX
    INDEX = rstLoginChecker("Fusername")
    response.cookies("loguser") = INDEX

    'password checker and redirect valid login

    IF trim(lcase(Request.Form("Tusername"))) = rstLoginChecker("Fusername") AND trim(lcase(Request.Form("Tuserpassword"))) = rstLoginChecker("Fuserpassword") AND trim(lcase(Request.Form("Tuserpin"))) = rstLoginChecker("Fuserpin") Then

    Response.redirect("/MEMBERS/asp/welcome.asp")
    Else
    Response.redirect("relogin.htm")
    End IF
    rs.MoveNext
    Wend

    OnError response.Redirect ("relogin.htm")

    END IF
    set strSQl=nothing
    cnn.close
    %>
    ---------------------------------------------------------------------------
    code:

    this next bit was the original logincheck page that gave an error, when all three text fields were filled with characters such as /?'#, it still does crash on this, though i dont think i could prevent it anyway and its such an unlikely occurrence....i hope...
    ...also if username, pin number and password were all 'pass'
    then data entered in text boxes performed thus:
    pass, pass, pass, went to logged in
    PASS, pass, pass, loginfailed redirect to relogin
    PASS, PASS, PASS, produced 404 page not found
    PUSS, PUSS, PUSS, loginfailed redirect to relogin

    code:
    ---------------------------------------------------------------------------

    <OBJECT RUNAT=SERVER ID=cnn PROGID="ADODB.Connection">
    </OBJECT>

    <%
    cnn.Open Application("ConnectionString")
    dim strSQL , rstLoginChecker

    strSQL = "SELECT Fid, Fusername, Fuserpin, Fuserpassword FROM tblLoginuser WHERE Fusername = '" & Request.Form("Tusername") & "' and Fuserpin= '" & Request.Form("Tuserpin") & "' and Fuserpassword= '" & Request.Form("Tuserpassword") & "'"

    set rstLoginChecker=cnn.execute(strSQL)


    if rstLoginChecker.EOF or rstLoginChecker.BOF then
    response.redirect ("/MEMBERS/relogin.htm")

    else
    while not rstLoginChecker.EOF


    dim INDEX
    INDEX = rstLoginChecker("Fusername")
    response.cookies("loguser") = INDEX

    If Request.Form("Tusername") = rstLoginChecker("Fusername") AND Request.Form("Tuserpassword") = rstLoginChecker("Fuserpassword") AND Request.Form("Tuserpin") = rstLoginChecker("Fuserpin") Then

    Response.redirect("/MEMBERS/asp/welcome.asp")
    Else
    Response.redirect("relogin.htm")
    End If
    rs.MoveNext
    Wend

    OnError response.Redirect ("relogin.htm")
    end if

    set strSQl=nothing
    cnn.close
    %>

    ---------------------------------------------------------------------------
    code:
    ska

  • #12
    Senior Coder
    Join Date
    Jun 2002
    Location
    41° 8' 52" N -95° 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    This is the problem:

    IF trim(lcase(Request.Form("Tusername"))) = rstLoginChecker("Fusername") AND trim(lcase(Request.Form("Tuserpassword"))) = rstLoginChecker("Fuserpassword") AND trim(lcase(Request.Form("Tuserpin"))) = rstLoginChecker("Fuserpin") Then


    You don't need that, since you already checked in the SQL statement to see if they were all equal.

    If it's NOT rs.EOF, then a match was found, and they have successfully logged in. All you need to do in that case is redirect them. It will probably work if you just delete the part above.
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #13
    New Coder
    Join Date
    Jan 2003
    Location
    N. Ireland
    Posts
    79
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks again whammy, its cleaned up the code a lot and works a treat...
    ska

  • #14
    Senior Coder
    Join Date
    Jun 2002
    Location
    41° 8' 52" N -95° 53' 31" W
    Posts
    3,660
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Former ASP Forum Moderator - I'm back!

    If you can teach yourself how to learn, you can learn anything. ;)

  • #15
    Supreme Master coder! glenngv's Avatar
    Join Date
    Jun 2002
    Location
    Philippines
    Posts
    11,037
    Thanks
    0
    Thanked 250 Times in 246 Posts
    IMHO, I think you should not trim and lowercase the password entered by the user. For security reasons, password should be case-sensitive. You should accept whatever the user entered in the password field, no trimming, no lowercasing.


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •