Help (on the database access and asp) I made the website of the trails are : C:\Inetpub\wwwroot\gjczxt-1.html (. Asp) Calling code of the pages, there are : "FORM name=FrontPage_Form3 Onsubmit= "return FrontPage_Form3_Validator (this)" Action=/login.asp method=post> But there is a problem when it opened login.asp page Can not open the browser Login page in the Call Lane code : <% Dim relational, pwd Uid=Request.Form ( "id") Pwd=Request.Form ( "pwd")          %> <% Dim exec Exec= "select * from tblusr where usrid= '" &id& "' and usrpwd= '" &pwd& "'" Set conn=server.CreateObject ( "ADODB.connection") Conn.open "driver={Microsoft Access Driver (*.mdb) };dbq=" &server.MapPath ( "C:\Inetpub\wwwroot\datashujuku\db1.mdb") Set rs=server.CreateObject ( "ADOB.recordset") Rs.open exec, conn If not rs.eof then %> Which C:\Inetpub\wwwroot\datashujuku\db1.mdb ") is the direct road access database storage I would like to ask you what is wrong predecessors caused not directly open the Login page browser Thank you

"FORM name=FrontPage_Form3 Onsubmit= "return FrontPage_Form3_Validator (this)" Action=login.asp method=post> Moreover, there are loopholes in your landing procedures User names and passwords are written 'or' the '=' will be landing into

Why is there such a problem? 'Or' '=' write! Into how this can be avoided?

Filter ' "and other special characters.

To give an example? Replace (request.form ( "abc"), " '" "' '")?

[ Closed window ]