Hi,
ace16vitamine wrote: ↑Wed Feb 05, 2020 10:51 pm
This is working with my simple script:
UserID: 1234
Passwort: 1234
And this is not working:
UserID: 1234
Passwort: 1234
a
So, your script works if "passwort" is a number, and fails if it's a string.
What's the difference between numbers & strings when thrown at a DB as data? Right, strings must be quoted. Let's have a look at your code:
ace16vitamine wrote: ↑Wed Feb 05, 2020 10:51 pm
Code: Select all
put "SELECT passwort from T_USER where UserID like " & username_client into sql_daten_User
You see? No quote. The db thinks you give it a number, but actually it's a string. The db chokes.
Would you do what's recommended over and over (the dreaded error checking!) you could see it actually. Modify your switch:
Code: Select all
switch
case sql_daten_User_ergebnis begins with "revdberr"
answer error "The DB returned an error:" & CR & sql_daten_User_ergebnis & \
CR & CR & "Your query string was:" & CR & sql_daten_User
exit to top
break
case sql_daten_User_ergebnis is username_passwort
put "user_valid" into user_validation
break
case sql_daten_User_ergebnis is not username_passwort
put "user_invalid" into user_validation
break
end switch
Add this to each & every database query! You must know when a query fails, and you must know why. You need to know the reason the DB gives (often enough not really helpful ...) and you need to know what string was actually thrown at the DB. Only then do you have a chance to correct mistakes.
In this case ("passwort" is a string) your statement should look like this:
Code: Select all
SELECT passwort from T_USER where UserID = '1234a';
You compare passwords for exact matches (=), not for partial matches (LIKE). And when you want a LIKE to work, you use placeholders (LIKE '123$').
And: assuming "username_client" really contains the password, not what the name suggests ...
To construct it, you do:
Code: Select all
put "SELECT passwort from T_USER where UserID = " & swote(username_client) into sql_daten_User
For this above to work, and for saving much hard-to-read concatenations, you always have 2 functions in your message path (stack script, library stack ...):
Code: Select all
function swote what -- what => 'what'
return "'" & what & "'"
end swote
function kwote what -- what => "what"
return quote & what & quote
end kwote
Hope this helps. Have fun!