Please take a look at two connection strings, One to Access database and the other to SQL Server database.
The connection to Access database worked flawlessly until we recently changed hosting companies and moved to godaddy.com
They provided us with the connection string to SQL Server database.
Since then, we are unable to succecssfully connect to SQL Server. We kept getting 500 (internal error).
I tried contacting them and they kept telling us nobody else is having the same problem which I find very hard to believe.
Can you please see if you can find anything that I might be missing?
Many thanks to you all.
''# Access DB Connection String
<%
Dim objConn, objRS
''# Set objConn = Server.CreateObject("ADODB.Connection")
''# objConn.Open "DSN=ship"
Set objConn=Server.CreateObject("ADODB.Connection")
objConn.Open "PROVIDER=Microsoft.Jet.OLEDB.4.0;" & _
"DATA SOURCE=" & server.mappath("admin\scart.mdb")
Set objRS = objConn.Execute("SELECT * FROM logins WHERE Username = '" & Request.Form("txtUsername") & "' AND password = '" & Request.Form("TxtPassword") & "' ")
If Not objRS.EOF Then
If objRS(1) = Request.Form("txtPassword") Then
Session.Contents("access_level") = objRS(2)
Session.Contents("ID") = objRS(3) ''#ID column
Session("username") = objRS("USERNAME")
Session("password") = objRS("password")
Response.Redirect "setup.asp"
Else
Response.Write "Sorry, but the password that you entered is incorrect. <a href='setup.asp'>Try again</a>"
End If
Else
Response.Write "Sorry, but the username that you entered does not exist. <a href='setup.asp'>Try again</a>"
End If
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
%>
<%
''# SQL Server connection string
Dim objConn, objRS
Dim qry, connectstr
Dim db_name, db_username, db_userpassword
Dim db_server
db_server = "MyServer name"
db_name = "nyDBName"
db_username = "MyUsername"
db_userpassword = "MyPassword"
connectstr = "Driver={SQL Server};SERVER=" & db_server & ";DATABASE=" & db_name & ";UID=" & db_username & ";PWD=" & db_userpassword
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.Open connectstr
SQL = "SELECT * FROM logins WHERE Username = '" & Request.Form("txtUsername") & "' AND password = '" & Request.Form("TxtPassword") & "' "
response.write sql
response.end
Set objRS = objConn.Execute(SQL)
If Not objRS.EOF Then
If objRS(1) = Request.Form("txtPassword") Then
Session.Contents("access_level") = objRS(2)
Session.Contents("ID") = objRS(3) ''# ID column
Session("username") = objRS("USERNAME")
Session("password") = objRS("password")
Response.Redirect "setup.asp"
Else
Response.Write "Sorry, but the password that you entered is incorrect. <a href='setup.asp'>Try again</a>"
End If
Else
Response.Write "Sorry, but the username that you entered does not exist. <a href='setup.asp'>Try again</a>"
End If
objRS.Close
Set objRS = Nothing
objConn.Close
Set objConn = Nothing
%>
From your question, it’s not very clear whether you want to connect to the access/mdb or the sqlserver.
But anyway, one of the two articles below will cover you.
http://support.godaddy.com/help/article/259
http://support.godaddy.com/help/256/connecting-to-a-microsoft-sql-server-database-using-aspado
However, since in the code snippet you have shared with us, the userinput (Request.Form(“txtUsername”) is directly placed into the SQL statement without any sanitization, it’s a matter of days that your database may be subjected to a big time SQL-Injection.
From this perspective, I can tell that you are lucky that you were not able to connect.
First and foremost, sanitize your userinput. Sanitization is a big sujbject.
But try these as an immediate solution.
After fixing the code as above, then and only then, you should worry about fixing the original connection issue. So, pead about SQL Injection, and while you are at it, also read XSS ( Cross-Site-Scripting )
And make sure, every coder in your company read it and understand what these two things are. You will be glad you did. Or you guys will be in a miserable state sooner or later.
Good luck…