how to create login using .asp

Question

need guide in using asp to connect & get data from sql server 2000 , im very new to .asp and im trying to make a login

i have ajax that send data

$('#loginID').click(function(){ 

    var userID = $("#userId").val();
    var passID = $("#passwordId").val();


     $.ajax({
      type: "GET",  
      url: "http://103.29.214.230:82/smscenter/login.asp",
      data: {
        username: userID,
        password: passID,
      },
      success: function (response) {
        console.log(response);

      }
      });

    });

the idea is to get a response from the login.asp (echo data;) which later i will json it and return it, but im confuse how will i fetch this data using the .asp

saw this example http://www.w3schools.com/aspnet/showaspx.asp?filename=demo_dbconn_repeater

how should i modify that scirpt to call my db server something like

dim con, Rs
set con=server.CreateObject("adodb.connection")
con.Open "Provider=sqloledb;SERVER=localhost;DATABASE=database_name;UID=login_ID ;PWD=login_password;"
set Rs=server.CreateObject("adodb.recordset")

any example/guide will be appreciated

EDIT modify my script in this link How to get the return value .asp to ajax

@Runshax Because many companies have legacy systems they need to maintain. This question really infuriates me when ever I see it and I don't see any point to it. — user692942, May 20 '14 at 15:53
@RoryMcCrossan yea the system is outdated, but im just following the company order, plus this asp is used for a connection in hardware/engine they already have, which im not sure how they do it in vb6, mostly im on the web development side — Runshax, May 21 '14 at 02:17

score 1 · Answer 1 · edited May 20 '14 at 15:50

1

Not sure what you're looking for but let's see if this can bring you in the right direction.

In my example a assume you have a table "users" with fields username and password

so what you wan't to do is to make you ASP file look something like this

<%
dim userName, password
username = trim(request.querystring("username"))
password = trim(request.querystring("password"))

' do a little SQL injection prevention
username = replace(username,"'","")
password = replace(password,"'","")

' You already have the connection open using the con 
set rs = con.execute("select * from users where username='"&username&"' and password='"&password&"')
if not (rs.eof or rs.bof) then ' match found
  ' Do you own code for what to happen now, user is successfully logged in
else
  response.write "Login failed"
end if 
%>

edited May 20 '14 at 15:50

user692942

16,398
7
76
175

answered May 20 '14 at 13:00

ClarkBirkelund

33
6

Seriously *"little SQL injection prevention"*. Here's an idea use "parametrised queries" - look at the `ADODB.Command` object. See [Some tips and tricks here](http://stackoverflow.com/a/21944948/692942). Also you're code is broke - missing `"` after `"&password&"'` to close the string. – user692942 May 20 '14 at 15:46
@Lankymart thanks for the tips and trick, also i will try to see if there is another alternative solution to my problem – Runshax May 21 '14 at 02:21

how to create login using .asp

1 Answers1