Change Security stops my app from working

This topic is locked

Change Security stops my app from working	5/7/2009 12:36:40 PM
ASPRunnerPro General questions
Stu author I have a Security Log-in page where the ID passed and used to limit the records to those belonging to the customer works just fine. I pass a Company code that is universal to all branches of that company. I can drill down to any child data with no problem I take the same app and want to make a version where an Engineer can log-in and see ALL Companies on our database and go to a relevant Company and drill down. All I did was change the security mode from "Users can see and edit their own data only" to "Users can see and edit other users data". I log-on to the app with this single change. I can see a list of ALL Branches in my database. When I press any link to drill down to child data I get:- "Microsoft OLE DB Provider for SQL Server (0x80040E14) Cannot use empty object or column names. Use a single space if necessary. /EngineersPortal_14/include/CompanyAddressCodeValid_masterlist.asp, line 47" Here is the code in that Include module [codebox]<% function DisplayMasterTableInfo_CompanyAddressCodeValid(params) oldTableName=strTableName strTableName="dbo.CompanyAddressCodeValid" detailtable=params("detailtable") set keys=params("keys") dim xt set xt = new XTempl sqlHead="SELECT seq, [Root Company], [Location Code], Company, ad, [Work Phone] " sqlFrom="FROM dbo.CompanyAddressCodeValid " sqlWhere="" sqlTail="" where="" if detailtable="dbo.WebFaultLog" then where=where & GetFullFieldName("Location Code","") & "=" & make_db_value("Location Code",keys(1-1),"","") elseif detailtable="MaintenanceContacts" then where=where & GetFullFieldName("Location Code","") & "=" & make_db_value("Location Code",keys(1-1),"","") elseif detailtable="dbo.Fault Reports" then where=where & GetFullFieldName("Location Code","") & "=" & make_dbvalue("Location Code",keys(1-1),"","") end if if where="" then strTableName=oldTableName exit function end if str = SecuritySQL("Search") if len(str)>0 then where = where & " and " & str sstrWhere=whereAdd(sqlWhere,where) if sstrWhere<> "" then _ sstrWhere=" where " & sstrWhere & " " strSQL= sqlHead & sqlFrom & sstrWhere & sqlTail LogInfo(strSQL) dbConnection="" db_connect() Set rsm = server.CreateObject("ADODB.Recordset") Set rss = server.CreateObject("ADODB.Recordset") rsm.Open strSQL,dbConnection,1,2 keylink="" keylink=keylink & "&key1=" & my_htmlspecialchars(SafeURLEncode(dbvalue(rsm("seq")))) [/codebox] Line 47 is rsm.Open strSQL,dbConnection,1,2 My guess is that this code is referencing the master Key to provide to the detail record. But why would it not work EVENE if in "ALL Branches" mode I am selecting the same Branch as I have in Limited View mode where the limiting key is provided explicitly by the Login sequence? Using v 6.1 766 Regards, Stu

Mark as Solved Mark as not solved


	Stu author 5/8/2009
	Solved it! I reloaded build 766 into a new directory and my app worked as expected. I then changed commonfunctions.asp to include the Sendmail code to make Server 2008 iis work. Then it gave the same error. So, I added the new code as a 100% substitute for the CDONTS code and it worked again! Must have messed something up in changing the code Regards, Stu I have a Security Log-in page where the ID passed and used to limit the records to those belonging to the customer works just fine. I pass a Company code that is universal to all branches of that company. I can drill down to any child data with no problem I take the same app and want to make a version where an Engineer can log-in and see ALL Companies on our database and go to a relevant Company and drill down. All I did was change the security mode from "Users can see and edit their own data only" to "Users can see and edit other users data". I log-on to the app with this single change. I can see a list of ALL Branches in my database. When I press any link to drill down to child data I get:- "Microsoft OLE DB Provider for SQL Server (0x80040E14) Cannot use empty object or column names. Use a single space if necessary. /EngineersPortal_14/include/CompanyAddressCodeValid_masterlist.asp, line 47" Here is the code in that Include module [codebox]<% function DisplayMasterTableInfo_CompanyAddressCodeValid(params) oldTableName=strTableName strTableName="dbo.CompanyAddressCodeValid" detailtable=params("detailtable") set keys=params("keys") dim xt set xt = new XTempl sqlHead="SELECT seq, [Root Company], [Location Code], Company, ad, [Work Phone] " sqlFrom="FROM dbo.CompanyAddressCodeValid " sqlWhere="" sqlTail="" where="" if detailtable="dbo.WebFaultLog" then where=where & GetFullFieldName("Location Code","") & "=" & make_db_value("Location Code",keys(1-1),"","") elseif detailtable="MaintenanceContacts" then where=where & GetFullFieldName("Location Code","") & "=" & make_db_value("Location Code",keys(1-1),"","") elseif detailtable="dbo.Fault Reports" then where=where & GetFullFieldName("Location Code","") & "=" & make_dbvalue("Location Code",keys(1-1),"","") end if if where="" then strTableName=oldTableName exit function end if str = SecuritySQL("Search") if len(str)>0 then where = where & " and " & str sstrWhere=whereAdd(sqlWhere,where) if sstrWhere<> "" then _ sstrWhere=" where " & sstrWhere & " " strSQL= sqlHead & sqlFrom & sstrWhere & sqlTail LogInfo(strSQL) dbConnection="" db_connect() Set rsm = server.CreateObject("ADODB.Recordset") Set rss = server.CreateObject("ADODB.Recordset") rsm.Open strSQL,dbConnection,1,2 keylink="" keylink=keylink & "&key1=" & my_htmlspecialchars(SafeURLEncode(dbvalue(rsm("seq")))) [/codebox] Line 47 is rsm.Open strSQL,dbConnection,1,2 My guess is that this code is referencing the master Key to provide to the detail record. But why would it not work EVENE if in "ALL Branches" mode I am selecting the same Branch as I have in Limited View mode where the limiting key is provided explicitly by the Login sequence? Using v 6.1 766 Regards, Stu

Mark as Solved Reply