tags:

views:

252

answers:

2
Q: 

Check if email exists

Hi,

I have a classic ASP page with some code to check if an email exists in the table as follows;

<%
    '' //Check the submitted email against existing ones in the database
    set CmdCheckEmail = server.CreateObject("ADODB.Command")
    CmdCheckEmail.ActiveConnection = MM_dbconn_STRING
    CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'"
    Response.Write(CmdCheckEmail.CommandText)
    CmdCheckEmail.CommandType = 1
    CmdCheckEmail.CommandTimeout = 0
    CmdCheckEmail.Prepared = true
    CmdCheckEmail.Execute()

    countEmail = CmdCheckEmail("CountEmail")

    set CmdCheckEmail = nothing
    conn.close
    set conn = nothing

    If(countEmail >= 1) Then
     Message = Message & "<p>This email address has already been referred.</p>"
    End If
%>

However, the page is reporting the following error;

SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '[email protected]'

ADODB.Command error '800a0cc1'

Item cannot be found in the collection corresponding to the requested name or ordinal.

/default2.asp, line 19

Line 19 is as follows;

countEmail = CmdCheckEmail("CountEmail")

The email does exist in the table and the table simply has the following columns; ReferredEmail and ReferredCode

I wondered if anyone might be able to shed any light on this error?

Thank you.

A: 

Note sure what database you are using but try changing your sql to:

SELECT COUNT(ReferredEmail) AS CountEmail FROM TenantReferral WHERE ReferredEmail = '[email protected]'

Then change

CmdCheckEmail.Execute()    
countEmail = CmdCheckEmail("CountEmail")

to

set rs = CmdCheckEmail.Execute()
countEmail = rs("CountEmail")

Also, you have a SQL injection issue with that query. You should be using parameterized queries.

RedFilter  2009-09-24 11:42:00
@Orbman - I'm using an MSSQL database, but still reporting the same error whether using 'CountEmail' or CountEmail :(
Neil Bradley  2009-09-24 11:44:27
You are using the cmd object incorrectly, see my edit.
RedFilter  2009-09-24 11:48:30
Thanks Orbman. I'm now getting an Object required: 'conn'/default2.asp, line 20 error.
Neil Bradley  2009-09-24 11:53:31
You need to read up on ADO rather than copy and paste. You must create and open a connection object, passing it the connection string for your database.
RedFilter  2009-09-24 11:55:44
See http://www.w3schools.com/ADO/ado_ref_connection.asp and http://www.connectionstrings.com/.
RedFilter  2009-09-24 11:58:53
Hi. I have my database connection string stored in a connection include referenced by the MM_dbconn_STRING.
Neil Bradley  2009-09-24 12:02:41
A: 

CmdCheckEmail("CountEmail") tries to access the default member of the Command object, which is the parameters collection. However, you don't want to access a parameter but a field of the resulting recordset.

Try this (not tested):

Set rs=CmdCheckEmail.Execute()

countEmail = rs("CountEmail")

Apart from that, beware: This line:

CmdCheckEmail.CommandText = "SELECT COUNT(ReferredEmail) AS 'CountEmail' FROM TenantReferral WHERE ReferredEmail = '" & Request("Email") & "'"

is vulnerable to an SQL injection attack.

Never embed literal strings into SQL statement; use parameters instead. (In this case, you would do that using the Command.Parameters collection.)

Martin B  2009-09-24 11:45:43

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP