User Login / Registration

Hello,
I've been looking to improve my user register / login routines, but have a qestion about many examples I've seen.

When creating a new user, why try and INSERT it, and use a database error to indicate a failed insert (becase of a dupe?)

Why not first try to SELECT the 'new' user to see if he already exists and if he does, then you know that the name can't be used and so reqest a new one? That way you never actually try to create a dupe in the first place?

cheers
-ian

Where have you seen an example like this?
I'd probably not write it that way. For consistency I usually have a function or class method that will allow me to look up the existence of a particular name.

The function is designed to execute a query and if no records are found it is ok to add that name.

Some may argue that you are making a costly trip to the database for this, however I don't agree. How often is someone registering? Not that often. Even on very busy sites you most likely won't see more than a few every few minutes... no problem there, especially if you have indexed your database correctly.

Err, the Creating a Members Area with ASP on this very site uses exatcly this method
URL

sSQL = "INSERT INTO members (username,password) VALUES " & _
"('" & fixQuotes(Request.Form("username")) & "','" & _
fixQuotes(Request.Form("password")) & "')"
cConn.Execute sSQL

Once this statement has been executed, we need to check if an error has occurred; if it has, there is probably a conflict with an existing entry in the database (i.e. the username is already in use).


if Err.Number = 222 Then
strError = "- That username is already in use. Please choose another<br>" & vbNewLine

Assuming that the username field is set as your Primary Key. Which it may not be.

I've always used a SELECT to if a user exists... like laidbak suggest, it's better to create a class or a library of functions that do this stuff for you, as you'll need it for pretty much every app you write requiring user access.

Note that a lot of the articles on the web leave out stuff like this for brevity. You'll notice that a lot of articles don't do bounds checking, string validation, error checking, etc.

Thanks for the replies.
Can anyone point me to a definitive site or book that I can learn best practice on? There is *so much* stuff out there all done in totally different ways, that it's hard to know where to start in ASP vbscript.

My background started 15 years ago in 3GLs (basic, pascal, some assembler) and have spent many years as a database programmer using proprietory (non-SQL) tools like OMNIS, SeaChange - I'm looking to get quickly into ASP/VbScript as I need to produce a couple of membership based sites.

I'd rather do it right from the start, but I have no experience of OO (and I see everyone talking about 'classes'). I'd be grateful for advice if anyone can point me to material that would help, specifically on any of the following:

- code re-use, functions, procs, classes, etc
- security (is it possible to use pure VbScript + DSNLess, and ignore COM objects even in complex systems?)
- ins and outs of session management (app v session v cookies, etc)
- pros and cons of Access v SQL server, and developing ASP independently of the back-end simply by changing connection string
- various cursor modes, when/why to use directional, rw, rw, etc.

cheers
ian

Great resource for OO programming:
http://ootips.org/books.html