Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Aug 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Syntax error in FROM clause?

    Hello,

    I'm new to ASP coding, although I have some limited experience with VB and VBA and they are very similar... but I cannot figure out what is wrong with my code.

    I'm getting the following error:

    Microsoft JET Database Engine error '80040e14'
    Syntax error in FROM clause.
    /avalonhomework/index.asp, line 48

    Line 48 is Set rst = Conn.Execute("SELECT * FROM password WHERE uname='" & unam & "'")

    I can't see anything wrong with my code... but here it is for you guys to take a look at...

    Code:
    <html>
    <head><title>Avalon Homework Management - Login</title></head>
    <body bgcolor="white" text="#DDDDDD" link="#6699CC" vlink="#3399CC" alink="#99CCFF">
    <%
    dim unam
    dim pword
    Dim rst
    Dim Conn
    unam = request.form("uname")
    pword = request.form("pw")
    %>
    <table border="0" width="100%" height="100%">
    <tr>
    <td align="center" valign="middle">
    <table align = "Center" border="1" bordercolor="#000000" bgcolor="#E0DEDF" width="400">
    <tr>
    <td align="center" bgcolor="#3D74EB">
    <strong><font face="arial, verdana, helvetica" size="3" color="White">Avalon Homework Management - Login</font></strong>
    </td>
    </tr>
    <tr height="40" valign="center">
    <td align="center">
    <form method="post" action="index.asp">
    <font face="arial, verdana, helvetica" size="2" color="Black">Username: <input type="text" name="uname" /></font>
    </td>
    </tr>
    <tr height="40" valign="center">
    <td align="center">
    <font face="arial, verdana, helvetica" size="2" color="Black">Password: <input type="password" name="pw" /></font>
    </td>
    </tr>
    <tr height="30" valign="center">
    <td align="center">
    <input type="submit" value="Submit" />
    </form>
    </td>
    </tr>
    </table>
    <%
    if isnull(unam)=false AND isnull(pword)=false then
     Set Conn = Server.CreateObject("ADODB.Connection")
     Conn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath("/avalonhomework/Db/Hwbe.mdb") & ";"
     Conn.Open
     Set rst = Conn.Execute("SELECT * FROM password WHERE uname='" & unam & "'")
     rst.movefirst
     if rst.recordcount = 0 then
        response.write("User '" & unam & "' not found! Please try again!")
     end if
     if rst.Fields("pw").Value = pword then
        response.redirect("splash.asp")
     else
     	response.write("Invalid Password! Please try again!")
     end if
     rst.Close
     Conn.Close
     set rst = nothing
     set conn = nothing
    end if   
    %>
    </td>
    </tr>
    </table>
    </body>
    </html>
    Thanks,

    Tam.
    Last edited by tcbuist; 08-31-2012 at 01:27 AM. Reason: resolved

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,919
    Thanks
    79
    Thanked 4,423 Times in 4,388 Posts
    PASSWORD is a reserved word. If you use it as a field or table name, you must then "escape" it in all queries that use it. Thus:
    Code:
     Set rst = Conn.Execute("SELECT * FROM [password] WHERE uname='" & unam & "'")
    The [...] tell the JET driver that it should NOT view the name as a reserved word.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #3
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,919
    Thanks
    79
    Thanked 4,423 Times in 4,388 Posts
    I should tell you that what you are doing is bad practice.

    You should never tell a possible hacker that they have discovered a valid user name, but with the wrong password. This just means that they can keep on using that user name while they then make thousands of attempts to crack the password.

    You should always give the SAME MESSAGE for bad username as you do for bad password, so that the hackers can't tell which was wrong.

    e.g., "The username or password you entered is invalid". Tell them nothing more.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #4
    New to the CF scene
    Join Date
    Aug 2012
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you, Old Pedant.

    Such a silly little error, hah! I wish ASP had better error messages.

    Also, I've worked my code up to remove the password warning and joined the two IF statements with an OR to check for username and password together and then display a single "username or password" error message, thanks for the tip.

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,919
    Thanks
    79
    Thanked 4,423 Times in 4,388 Posts
    Ummmm...that's not an ASP error message. That's an Access/JET error message. ASP can't do anything with it except pass it on. (That being said, yeah, ASP error messages are arcane at times. But trust me, that's nothing compared to JavaScript error messages.)
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •