I am developing a very simple little app online that is giving me 2 main areas of trouble. Basically, all this app does is take information from a form and put it into an access db which is located on a web server (it also sends out an email to the admin when the form is submitted, but that is working fine). So there is one page that is the form and it is pointed at a second page that does the insert to the db, sends the email and then displays a Thank You message. I set up a ODBC connection on the web server to the database that seems to be working fine ( I can run a SELECT query against it and get info out of it - I put one dummy record in the db just for testing).
I'm having 2 main problems as follows:
Permissions - the sys admin is hesitant to open up the folder that contains the DB (and nothing else) to allow for write/read control to the anonymous internet user account. Just to test it, he did and I was able to run the query on the page (although I had problems with inserting - see problem 2 below). The sys admin suggested that I "use different credentials" to access this db in this folder and set up a separate user account/password for this purpose on this folder. 2 questions:
1.) how dangerous is it to allow read/write access for the anonymous internet user account?
2. what kind of code (.asp) could I use to access the DB using the separate user account the sys admin set up?
Insert to the DB not working - When I do run this page, it seems to run fine, with seemingly no errors, but when I do a SELECT query against it, none of the data is there. here is the code I am using:
I notice that there is a .ldb that seems to stay open in that folder, even when I do a objConn.Close, and I don't seem to be able to delete this off the server.
Any ideas on how to solve these problems? Any help on any of the above greatly appreciated.
Sincerely
johnmr
*
I'm having 2 main problems as follows:
Permissions - the sys admin is hesitant to open up the folder that contains the DB (and nothing else) to allow for write/read control to the anonymous internet user account. Just to test it, he did and I was able to run the query on the page (although I had problems with inserting - see problem 2 below). The sys admin suggested that I "use different credentials" to access this db in this folder and set up a separate user account/password for this purpose on this folder. 2 questions:
1.) how dangerous is it to allow read/write access for the anonymous internet user account?
2. what kind of code (.asp) could I use to access the DB using the separate user account the sys admin set up?
Insert to the DB not working - When I do run this page, it seems to run fine, with seemingly no errors, but when I do a SELECT query against it, none of the data is there. here is the code I am using:
Code:
<%
Dim objConn
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = "DSN=RVU_contact_db"
objConn.Mode = 3
objConn.Open
strSQL = "insert into `contacts`(first_name,last_name,email,phone,address,city,state,zip,subject,message,department) " _
& "values ('" & request.form("first_name") & "','" & request.form("last_name") & "','" & request.Form("email") & "','" & request.form("phone") & "','" & request.form("address") & "','" & request.Form("city") & "','" & request.form("state") & "','" & request.form("zip") & "','" & request.Form("subject") & "','" & request.form("message") & "','" & request.form("department") & "')"
objConn.execute strSQL
objConn.Close
%>I notice that there is a .ldb that seems to stay open in that folder, even when I do a objConn.Close, and I don't seem to be able to delete this off the server.
Any ideas on how to solve these problems? Any help on any of the above greatly appreciated.
Sincerely
johnmr
*
