OK - I'm amazed. I typed ' or ''=' into my user/pass fields, and I've hacked my own website! That easy. 8o
I've now changed my SQL statement to the following - and using this replace method, I'm eliminating the user being able to use single quotes and hack my database.
strSQL = "select...
wow - thanks Scotty. I had no idea hacking was that easy. I'll be reading up on this for sure. Starting with this article... http://www.4guysfromrolla.com/webtech/061902-1.shtml
To answer your question mirtheil, I fixed it by building the email check into the error messages.
emailExists = 0
rs.MoveFirst
Do while not rs.eof
if rs("email") = request.form("email") then
emailExists = 1
end if
rs.MoveNext
loop
if emailExists = 1 then
StrError = StrError &...
OK - I've tried - can anyone tell me what's wrong with my code? Please!!
set dBaseConn = Server.CreateObject("adodb.connection")
set rs = server.createobject("adodb.recordset")
strConn = "Provider=Microsoft.JET.OLEDB.4.0; Data Source = " & dBasePath & ";"
dBaseConn.open strConn
strSQL =...
you mean on the server the website resides on, within the datacenter? (i.e. you're saying you just don't believe it's the actual datacenter at fault, right? just some firewall settings, perhaps, on that particular server?)
hmm - so I'm not the only one. Stephen, where would you even begin to resolve an issue like this? My ISP says it's out of their control. If it's not in their control, who IS in control?
...this website. I believe that is me.
www.oaktecstore.com - can everyone pull up this website but me?
I've had the most frustrating chat session with Roadrunner. I seem to be the only person that cannot see this website. They can, other friends can, my clients can. I cannot, and...
OK, it seems the problem was actually that 'id' was case sensitive. In the database it was 'ID'. Changing the SQL statement to
SELECT * FROM Content where ID=10
fixed the whole thing. Shame on me for writing sloppy case insensitive code.
<%
dBasePath = Server.MapPath("access_db/filename.mdb")
%>
What's stumped me more than anything is that sometimes the site works, sometimes not. I just don't get it... :( I have been "trying" to do some dubugging here though with response.write. Just can't interpret what I've found, but...
I am not a proficient asp programmer, though I (usually) get by. But today I have a problem. Any help would be GREATLY appreciated.
I have a simple website linking to an access database. The script works fine on my local machine. And it works fine on my regular host. However, I have uploaded...