Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
globemast
Starting Member
32 Posts |
 Posted - 2003-03-08 : 13:14:19
|
| I am currently creating a small intranet for my company using ASP in VBScript..I have a login page and when the user logins based on the authentication i create a Session("User") which is assigned the username of the user..So far all are going well.The user enters the intranet's home page which is a frameset of 3 frame(left,right,top). On the right is an option for editing the personal profile of the users. The profile consists of Name,Address,Tel.... and are included in the table "People" on the SQL Server.When i create the recordset(using Visual InterDev) i enter the following SQL command: "select * from People where Username like '"& Session("User") & "'"so a to select the record for the specific user based on the session created earlier on login with its username.The problem is that i always get the 1st record in the table whatever i do..I am totaly lost...Can you please help me...Thank you very much.. |
|
|
ValterBorges
Master Smack Fu Yak Hacker
1429 Posts |
Posted - 2003-03-08 : 13:57:36
|
| Try"Select fieldx1,....,fieldxn from People where Username =" & _Replace(Session("User"),"'", "''")1.Normally better to specify the fields you need with special exceptions.2. Why use like when you can use Equal operator and improve performance. Once you have assigned the statement have your ASP script do a Response.Write SQLStatement to make sure you're passing in a proper value for Session("User"). |
 |
|
|
globemast
Starting Member
32 Posts |
Posted - 2003-03-09 : 12:06:53
|
| Because the SQL command is written inside the recordset in Visual InterDev i do not know how to Write the SQL command that was executed. Is the command above written correct? because it creates me error in SQL syntax |
|
|
|
ValterBorges
Master Smack Fu Yak Hacker
1429 Posts |
Posted - 2003-03-10 : 01:31:21
|
| It's an example of how you should write your sql statement.fieldx1...fieldxn are place holders for the columns in the People table that you want to return.I would suggest you look into ADO a little more especially at the command object and the ability to execute stored procedures and also moving your sql to stored procedures. The benefits are tremendous and you can start by searching this site for articles and the forums for posts concerning ADO command object and stored procedures. |
|
|
|
|
|
|
Error extracting correct data from SQL Tables