< % Dim de_usrnam, de_paswrd de_usrnam=ucase(trim(request.form("de_usrnam"))) de_paswrd=ucase(trim(request.form("de_pwrd"))) Dim ag_RS, ag_SQL, wheretogo, de_type de_type = "AGENT" Set ag_RS = Server.CreateObject("ADODB.Recordset") ' Run the select command to verify the password ag_sql = "SELECT * FROM agpeople WHERE upper(p_code) = '" & de_usrnam & "' AND upper(p_string) ='" & de_paswrd &"' AND p_type ='" & de_type &"'" Set ag_RS = objConn.Execute(ag_sql) If NOT ag_RS.EOF Then' Suggested in place of the above...
SESSION("USERCODE") = ag_RS("p_code") SESSION("USERNAME") = ag_RS("p_name") ' get the agent name Dim ag3_SQL, ag3_RS, agentref agentref = ag_RS("p_mcode") ag3_SQL = "SELECT ref, name FROM KFSMA WHERE smau6 = 2 AND ref = '" & agentref & "'" Set ag3_RS = objConn4.Execute(ag3_SQL) If NOT ag3_RS.EOF Then SESSION("USERWORK") = ag3_RS("name") Else SESSION("USERWORK") = "NOT FOUND" End If ag3_RS.Close Set ag3_RS = Nothing ag_RS.Close Set ag_RS = Nothing objConn.Close Set objConn = Nothing response.redirect ("agent.asp")Tom