<%@ Language="VBScript" %> <% Option Explicit %> <% 'declare your variables Dim userName, password, customerId, rs , customerName Dim sSQL, returnString 'Receiving values from Form, assign the values entered to variables userName = Replace(Request("userName"),"'","''") password = Replace(Request("password"),"'","''") 'declare SQL statement that will query the database sSQL = "doLogin " sSQL = sSQL + " @userName = '" + userName + "'" sSQL = sSQL + " ,@userPassword = '" + password + "'" Set rs = Server.CreateObject("ADODB.Recordset") 'Open the connection to the database connection.Open(sConnString) 'response.write "sql is " & sSQL rs.open sSQL, connection While Not rs.EOF customerId = rs("customerId") customerName = rs("customerName") rs.MoveNext Wend 'response.write "sql is " & sSQL 'Done. Close the connection object rs.close Set rs = Nothing connection.Close Set connection = Nothing if (customerId > 0) then 'response.write("Welcome " & customerName & vbcrlf) 'response.write "You are now logged in!
Click here to go to your links page
" Session("customerId") = customerId Session("customerName") = customerName response.redirect "customerHome.asp" else 'response.write("Sorry - your username or password are incorrect") response.redirect "customer.asp?returnMessage=Sorry - your username or password are incorrect" end if %>