Results 1 to 6 of 6
  1. #1
    Join Date
    Feb 2014
    Posts
    3

    Unanswered: Populating MS Access columns

    Hello

    I have a simple 'new user registration' form that inserts a username and password into a MS Access database.

    The table has five columns: username, password, strEmail, fusername, and fpassword. At the moment, only three of those columns are filled when the user presses the 'submit' button on the 'new user registration' form. I would like to populate the fusername and fpassword columns with exactly the same data as in the username and password columns respectively.

    My code now looks like this:

    Code:
    <%
    Dim username, password, confirmPassword, strEmail, conn, rs
    username = ""
    password = ""
    confirmPassword = ""
    strEmail = ""
    ErrorMessage = ""
    
    if request.form <> "" then
    username = Request.Form("username")
    password = Request.Form("password")
    confirmPassword = Request.Form("confirmPassword")
    strEmail = Request.Form("strEmail")
    .....................
    
    set rs = Server.CreateObject("ADODB.recordset")
        rs.Open "Select * FROM university WHERE strEmail = '" & strEmail & "'", conn
    
    sql="INSERT INTO university ([username], [password], strEmail) VALUES ('" & username & "','" & password & "', '" & strEmail & "')"
          
    conn.Execute(sql)
    ......................
    %>
    What would be the best way to achieve my aim, please?

    Thank you.

    Blueie

  2. #2
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Without more information about your problem, this is a design flaw and you should not do it.

    My answer might change if you explain more about your problem, but for now the best way to do what you've described so far is to only use the username and password columns. In other words, don't create or use the fusername or fpassword columns if they are only copies of existing columns.

    -PatP
    In theory, theory and practice are identical. In practice, theory and practice are unrelated.

  3. #3
    Join Date
    Feb 2014
    Posts
    3
    Hello Pat

    Many thanks for your reply.

    The idea of fusername and fpassword is that they would be used by another page by a user if that user had forgotten their log-in credentials. The user enters his email address, the script searches the database, and sends his username and/or password to that email address.

    My aim was to populate fusername and fpassword, and then investigate the idea of 'salt' and 'hash'.

    Would you simply abandon fusername and fpassword and, in the case of a forgotten username and/or password, ask the script to scan the database username and password columns only?

    Thanks.

    Blueie

  4. #4
    Join Date
    Feb 2014
    Posts
    3
    Hello Pat

    Thank you for your message.

    I thought I had replied a few days ago, but I can't see my reply here.

    The purpose of fusername and fpassword is that they are used by another page to send a forgotten username and/or password to the user, so I was keen to populate those columns.

    I could abandon that idea and simple use the existing username and password columns? Is that a better idea?

    Once I have overcome this little hurdle, I will investigate the idea of salt and hash.

    Thanks again for your reply.

    Blueie.

  5. #5
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    Hi Blueie. Unfortunately your post got sucked up by our filter so were not displaying as normal. I have freed them up now
    George
    Home | Blog

  6. #6
    Join Date
    Jan 2007
    Location
    UK
    Posts
    11,434
    Provided Answers: 10
    If the values in username and fusername are going to be the same then storing it twice is redundant.
    You say that you would search the fusername column in some circumstances but let me ask you this: why wouldn't you just search the username one in all cases?

    You mention salt and hash - this suggests you are not currently encrypting your passwords. Are you proposing to hash one (e.g. password) and leave the other in plaintext (e.g. fpassword)? Never store your passwords in plaintext.
    George
    Home | Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •