>>< % >> >>Dim de_usrnam, de_paswrd >>de_usrnam=ucase(trim(request.form("de_usrnam"))) >>de_paswrd=ucase(trim(request.form("de_pwrd"))) >> >>Dim ag_RS, ag_SQL, wheretogo, de_type >>de_type = "AGENT" >>Set ag_RS = Server.CreateObject("ADODB.Recordset") >> >>' Run the select command to verify the password >>ag_sql = "SELECT * FROM agpeople WHERE upper(p_code) = '" & de_usrnam & "' AND upper(p_string) ='" & de_paswrd &"' AND p_type ='" & de_type &"'" >>Set ag_RS = objConn.Execute(ag_sql) >> >>If NOT ag_RS.EOF Then >>>>' Suggested in place of the above...
>> >> SESSION("USERCODE") = ag_RS("p_code") >> SESSION("USERNAME") = ag_RS("p_name") >> >> ' get the agent name >> Dim ag3_SQL, ag3_RS, agentref >> agentref = ag_RS("p_mcode") >> ag3_SQL = "SELECT ref, name FROM KFSMA WHERE smau6 = 2 AND ref = '" & agentref & "'" >> >> Set ag3_RS = objConn4.Execute(ag3_SQL) >> >> If NOT ag3_RS.EOF Then >> SESSION("USERWORK") = ag3_RS("name") >> Else >> SESSION("USERWORK") = "NOT FOUND" >> End If >> >> >> ag3_RS.Close >> Set ag3_RS = Nothing >> >> ag_RS.Close >> Set ag_RS = Nothing >> >> objConn.Close >> Set objConn = Nothing >> >> response.redirect ("agent.asp") >> >>>>