Jump to content
Xtreme .Net Talk

Recommended Posts

Posted (edited)

I am trying to test form authentication in asp.net using xml file but I got this error

"Syntax error: Missing operand after '@farid' operator.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

 

Exception Details: System.Data.SyntaxErrorException: Syntax error: Missing operand after '@farid' operator.

 

Source Error:

 

 

Line 36: Users = ds.tables(0)

Line 37: Dim Matches() as DataRow

Line 38: Matches = Users.Select(cmd)

Line 39: If Matches.length >0 Then

Line 40: Dim row as DataRow

 

 

Source File: c:\inetpub\wwwroot\asp\login.aspx Line: 38

"

 

the login.aspx page code

<%@ Import Namespace="System.XML" %>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Web.Security" %>
<%@ Import Namespace="System.Data.SqlClient" %>
<%@ Import Namespace="System.Data.OleDB" %>
<%@ Import Namespace="System.Data" %>
<%@ Page Language="vb" debug="True"%>
<HTML>
<HEAD>
<TITLE>Session 13 Cookie Authentication </TITLE>
<SCRIPT LANGUAGE="VB" RUNAT="Server">
Sub btnLogin_Click(ByVal Sender As Object, ByVal E As EventArgs)
Select Case ValidateUserXML(txtusername.text,txtpassword.text)
Case "Success"
FormsAuthentication.RedirectFromLoginPage (txtusername.text,chkPersistForms.Checked)
Case "PasswordFailed"
lblMessage.Text = "Sorry your password verification for the user " & txtusername.text &" failed."
Case "NoSuchUser"
Response.Redirect("adduser/adduser.aspx?username=" & txtusername.text)
End Select
End Sub
Sub btnAddNewUser_Click(ByVal Sender As Object, ByVal E As EventArgs)
Response.Redirect("adduser/adduser.aspx?username=Enter User Name")
End Sub
Function ValidateUserXML(ByVal username as String, ByVal password as String) as String
Dim cmd as String
cmd = "UserEmail=�" & username & "�"
Dim ds as New DataSet
Dim fs as new FileStream(Server.MapPath("users.xml"),FileMode.Open,FileAccess.Read)
Dim reader as new StreamReader(fs)
Dim pass as string
Dim user as string
ds.ReadXml(reader)
fs.Close()
Dim users as DataTable
Users = ds.tables(0)
Dim Matches() as DataRow 
Matches = Users.Select(cmd)
If Matches.length >0 Then
Dim row as DataRow
row = matches(0)
pass = row.item("UserPassword")
user = row.item("userEmail")
if pass = password then
Return "Success"
else
Return "PasswordFailed"
end if
Else
Return "NoSuchUser"
End If
End Function
</SCRIPT>
</HEAD>
<BODY>
<FORM ID="WebForm1" METHOD="postPOST" RUNAT="server">
<P>
<STRONG>Session 13 Forms Authentication</STRONG>
</P>
<P>
Please enter your username and password information below and then select
the Login Button.
</P>
<P>
<ASP:LABEL ID="lblMessage" RUNAT="SERVER"></ASP:LABEL>
</P>
<P>
Email
<ASP:TEXTBOX ID="txtUserName" RUNAT="SERVER" TOOLTIP="Please enter your
Username here"></ASP:TEXTBOX>
</P>
<P>
Password
<ASP:TEXTBOX ID="txtPassword" RUNAT="SERVER" TEXTMODE="Password"
TOOLTIP="Please enter your password here."></ASP:TEXTBOX>
</P>
<P>
<ASP:CHECKBOX ID="chkPersistForms" RUNAT="SERVER" TEXT="Select to Persist
Cookies"></ASP:CHECKBOX>
</P>
<P>
<ASP:BUTTON ID="btnLogin" RUNAT="SERVER" TEXT="Login"
ONCLICK="btnLogin_Click"></ASP:BUTTON>
<ASP:BUTTON ID="btnAddUser" RUNAT="SERVER" TEXT="Add New User"
ONCLICK="btnAddNewUser_Click"></ASP:BUTTON>
</P>
</FORM>
</BODY>
</HTML>

the user.xml

" <?xml version="1.0" encoding="iso-8859-1"?>

 

<Users>

 

<User>

<UserEmail>joe@smith.com</UserEmail>

<UserPassword>jsmith</UserPassword>

</User>

 

<User>

<UserEmail>farid@farid.com</UserEmail>

<UserPassword>farid</UserPassword>

</User>

 

</Users> "

 

the config file

"<?xml version="1.0" encoding="utf-8" ?>

<configuration>

<system.Web>

<authentication mode="Forms">

<forms name="CookieFormApplication" loginUrl="login.aspx" />

</authentication>

<authorization>

<deny users="?" />

</authorization>

<sessionState mode="InProc" cookieless="false" timeout="20"/>

</system.Web>

</configuration>"

 

can anyone help ?????????

Edited by Robby
Posted

:eek:

 

You should probably clean up your code so those who are trying to help can read it. :)

 

Anyway, obviously there's an error with the emails when using @. It seems like it's treating it as a stored procedure variable and wants you to set something to it (ie; @farid = 32)

 

How to fix this, I don't know exactly. I'm having a hard time sifting through your code so I can't give any real suggestions.

 

From what I've grasped by quickly glancing over, you should use a replace on your cmd string before using it so it can use the @ appropriately. Something like this;

 

cmd = cmd.Replace("@", "' + '@' + '")

 

The replacement for @ would be ' + '@' + '

Hopefully it will bypass the stored procedure error and just use it as regular string concatenation.

Gamer extraordinaire. Programmer wannabe.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...