Need to get on with life:

This is the code that is giving me problems below. The first is the cnnection and such, the last part is the form. It is a login page accessing a MySQl database using Javascript and ASP. CAn anyone help me? I REALLY need to get this done


<%
var conn = Server.CreateObject("ADODB.Connection");
conn.Open(MM_test1_STRING);
var user = "" + Request("email");
user = user.replace(/\'/g, "''" );
var pwd = "" + Request("pass");
pwd = pwd.replace( /\'/g, "''" );
var SQL = "SELECT * FROM customers WHERE email = '" + user + "' "
+ " AND password = '" + pwd + "' ";
var RS = conn.Execute( SQL );
if ( RS.EOF )
{
RS.Close();
conn.Close();
Response.Redirect ("login.asp");
}
RS.Close();
conn.Close();
Response.Redirect ("Userpage.asp");
%>

This is the form code:

<form ACTION="Userpage.asp" name="login" method="POST">
<tr valign="center">
<td width="20%"><b>E-Mail Address:</b><br>
<input type="Text" name="email" maxlength="35">
<p><b>Password</b><br>
<input type="password" name="pwd" maxlength="20">
<br><input type="checkbox" name = "remember" value="ON" checked>
Remember me </p>
<p>
<input name="Submit" type="Submit" value="Login">&nbsp;&nbsp;
<INPUT TYPE="RESET">
</p>

I think that you should use something like this, an ASP page instead of using JavaScript, because at your code you're putting JavaScript inside the <% and %> tags...


<%
Dim Conn, Conninfo, strUser, strPass, SQL, RS

Conn = Server.CreateObject("ADODB.Connection")
ConnInfo = "DSN=MyDSN_Name;UID=MyUSER;PWD=MyPASS;"
Conn.Open ConnInfo
strUser = Replace("'","''",Trim(Request.Form("email")))
strPass = Replace("'","''",Trim(Request.Form("pwd")))
SQL = "SELECT * FROM customers WHERE email = '" & strUser & "' AND password = '" & strPass & "'";
Set RS = Conn.Execute(SQL)
if RS.BOF And RS.EOF Then
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Response.Redirect("login.asp")
Else
RS.Close
Conn.Close
Set RS = Nothing
Set Conn = Nothing
Response.Redirect("Userpage.asp")
End If
%>