Results 1 to 5 of 5

Thread: Query MS Access database

  1. 03-08-2003, 02:21 AM #1
    andreas
    andreas is offline Registered User
    Join Date
    Mar 2003
    Posts
    8

    Query MS Access database

    Hello,

    I'm trying to query am MS Access database from .vbs file
    This file will run by an sms gateway when a message is received.
    The following is a sample that is provided by the sms software:

    ===sample.vbs==================
    'This sample SMSReceive script simply returns the message to the sender

    set Args = Wscript.Arguments

    'Get details of received message
    PhoneNumber = Args(0)
    MessageText = Args(1)
    Handset = Args(2)

    'Create ActiveSMS COM Object
    Set ActiveSMS = WScript.CreateObject("Intellisoftware.ActiveSMS")

    'TODO : Add your code here for Info-on-demained service (e.g. Query database etc)

    'Send message back to sender
    ActiveSMS.ActiveHandset = Handset
    ActiveSMS.SendMessage PhoneNumber, MessageText, 0
    =======================================

    Now add my code as shown below:


    ========test.vbs=======================
    set Args = Wscript.Arguments

    'Get details of received message
    PhoneNumber = Args(0)
    MessageText = Args(1)
    Handset = Args(2)

    'Create ActiveSMS COM Object
    Set ActiveSMS = WScript.CreateObject("Intellisoftware.ActiveSMS")

    set conn=Server.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.Open "C:/Inetpub/wwwroot/SMS-Project/DATABASE/Project.mdb"
    set rs=Server.CreateObject("ADODB.recordset")
    SQL = "SELECT * FROM Login WHERE Username = '" + Request("MessageText") + "'"
    rs.Open sql, conn

    MessageText = rs("Password")

    rs.close
    conn.close

    'Send message back to sender
    ActiveSMS.ActiveHandset = Handset
    ActiveSMS.SendMessage PhoneNumber, MessageText, 0

    =====================================
    Using the above code i'm getting the following error:
    VBScript rutime error
    Object Required: 'Server'
    Line: 12

    What i'm trying to do is to query the database using the MessageText value that will retrieve the password of this user and send it back by sms.

    My concern if my connection and SQL statement are correct.

    Thanks alot for your help
    Reply With Quote Reply With Quote
  2. 03-08-2003, 03:54 AM #2
    andi_g69
    andi_g69 is offline Registered User
    Join Date
    Nov 2002
    Location
    DE
    Posts
    246
    I'd guess that you did copy and paste your db code from an ASP page?

    If you want to make this running under WSH try as follows (only the changed lines):

    ...set conn=WScript.CreateObject("ADODB.Connection")
    ...
    set rs=WScript.CreateObject("ADODB.recordset")
    SQL = "SELECT * FROM Login WHERE Username = '" + MessageText "'"
    ...


    On top of that:

    You should check if the record set is not empty before you try to access it.

    Looking at the query I have noticed another thing: Everybody can request anybody's password just by passing a valid login in the message text. You should also check if the user's phone number belongs to the login supplied in message text.
    Or even worse: Try calling your vbs with the following arguments and add
    MsgBox (SQL)
    in your code:

    test.vbs "123" "' OR '1'='1" ""
    Last edited by andi_g69; 03-08-2003 at 04:03 AM.
    Reply With Quote Reply With Quote
  3. 03-10-2003, 04:27 AM #3
    andreas
    andreas is offline Registered User
    Join Date
    Mar 2003
    Posts
    8
    >>I'd guess that you did copy and paste your db code from an ASP page?

    Yes i'm familiar with ASP but never try vbs


    >>Looking at the query I have noticed another thing: Everybody can request anybody's password just by passing a valid login in the message text.


    Yea this just a test, I will sent the password to user's mobile number that will be already stored in the database.


    Thanks alot andi_g69

    I will try it and let you know.
    Reply With Quote Reply With Quote
  4. 03-10-2003, 05:10 AM #4
    andreas
    andreas is offline Registered User
    Join Date
    Mar 2003
    Posts
    8
    My final code is as follows:

    =============test.vbs=================
    set Args = Wscript.Arguments

    'Get details of received message
    PhoneNumber = Args(0)
    MessageText = Args(1)
    Handset = Args(2)

    'Create ActiveSMS COM Object
    Set ActiveSMS = WScript.CreateObject("Intellisoftware.ActiveSMS")

    set conn= WScript.CreateObject("ADODB.Connection")
    conn.Provider="Microsoft.Jet.OLEDB.4.0"
    conn.Open "C:/Inetpub/wwwroot/SMS-Project/DATABASE/Project.mdb"
    set rs= WScript.CreateObject("ADODB.recordset")
    SQL = "SELECT * FROM Login WHERE Username = '" + MessageText "'"
    rs.Open sql, conn

    MessageText = rs("Password")

    rs.close
    conn.close
    'Send message back to sender
    ActiveSMS.ActiveHandset = Handset
    ActiveSMS.SendMessage PhoneNumber, MessageText, 0
    =====================================

    When i run the script i'm getting the following error:

    Line: 15
    Char: 62
    Error: Expected end of statement
    Code: 800A0401
    Source: Microsoft VBScript compliation error


    Can you help me on that?

    Thanks alot for your time.
    Last edited by andreas; 03-10-2003 at 05:31 AM.
    Reply With Quote Reply With Quote
  5. 03-11-2003, 09:59 AM #5
    andreas
    andreas is offline Registered User
    Join Date
    Mar 2003
    Posts
    8
    Finally i solve the problem,

    the "+" was needed at the end of the sql statement as the example below:

    SQL = "SELECT * FROM Login WHERE Username = '" + MessageText + "'"

    Thanks alot
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules