ADODB Connection

[Daiv]

I have the following code, and It WAS working until I rnamed a variable. now
when I run it i get the following error:

"Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E10)
[Microsoft][ODBC Microsoft Access Driver] Too few parameters. Expected 1."


Here is the code. Any Ideas?

'Dimension variables
Dim adoCon 'Holds the Database Connection Object
Dim rsUsers 'Holds the recordset for the records in the database
Dim rsUserInfo 'Holds the recordset for the records in the database
Dim strSQL 'Holds the SQL query to query the database

'Create an ADO connection object
Set adoCon = Server.CreateObject("ADODB.Connection")

'Set an active connection to the Connection object using DSN connection
adoCon.Open "DSN=rbs"

'Create an ADO recordset object
Set rsUsers = Server.CreateObject("ADODB.Recordset")

'Initialise the strSQL variable with an SQL statement to query the database
strSQL = "SELECT FTPUsers.UserName, FTPUsers.Quota, FTPUsers.Password FROM
FTPUsers;"

'Open the recordset with the SQL query
rsUsers.Open strSQL, adoCon <----- this is the line it bums out on.

Thanks!

 

[Brendan Reynolds]

Are you sure about those field names? When a SQL statement contains a field
name that the database engine can not find in the table, it is assumed to be
a parameter name, and that error message is returned when the database
engine notices that no value has been assigned to the 'parameter'.

 

[Tim Ferguson]

'Initialise the strSQL variable with an SQL statement to query the
database strSQL = "SELECT FTPUsers.UserName, FTPUsers.Quota,
FTPUsers.Password FROM FTPUsers;"

As Brendan says, it's almost certainly a misspelled column name, What was
the variable you "mamed" anyway[1]?

Another point: it's really not a good idea to pass passwords over the
network in clear text. Try doing something like

SELECT UserName, Quota, SOMEKINDOFHASH(Password)
FROM FTPUsers

and _always_ restrict the data with a

WHERE UserName = 'Eric'

or even better, only pass the attempt from the user

SELECT Quota
FROM FTPUsers
WHERE UserName = 'Eric'
AND SOMEKINDOFHASH(Password) = '13a498af1200bc23'

All the best


Tim F

[1] Maiming of variables is considered bad practice, and likely to come
under the control of the Protection of Vulnerable Programming Objects
legislation very soon...

 

[Daiv]

Thanks for the ideas. It was a misnamed column, I forogt i made another
change and expected all the tables to be consistent, they weren't.

As far as the restrictions, This script is designed to transfer the
complete set of info asked for from an access DB on a machine, being used
eexclusively by a third party program, and shipped into a mySQL DB for use on
a website. that prevents me from having to open ports into the computer
running the program, and makes it more secure. Also makes sure that there
isn't a chance that someone can mess up the original mdb file.

I will look into the hash thing though. it's a good idea.

Daiv.

'Initialise the strSQL variable with an SQL statement to query the
database strSQL = "SELECT FTPUsers.UserName, FTPUsers.Quota,
FTPUsers.Password FROM FTPUsers;"

As Brendan says, it's almost certainly a misspelled column name, What was
the variable you "mamed" anyway[1]?

Another point: it's really not a good idea to pass passwords over the
network in clear text. Try doing something like

SELECT UserName, Quota, SOMEKINDOFHASH(Password)
FROM FTPUsers

and _always_ restrict the data with a

WHERE UserName = 'Eric'

or even better, only pass the attempt from the user

SELECT Quota
FROM FTPUsers
WHERE UserName = 'Eric'
AND SOMEKINDOFHASH(Password) = '13a498af1200bc23'

All the best


Tim F

[1] Maiming of variables is considered bad practice, and likely to come
under the control of the Protection of Vulnerable Programming Objects
legislation very soon...