Sql – Classic ASP nested if else condition not executing

asp-classicif statementsqlsql-server-2000vbscript

Its a simple login form that I have made using Classic ASP, where the user and the admin can login using the same form.

In the "Users" table in database I have created a field called "status" with DATA TYPE as BIT(i.e "0" or "1") value is accepted. By default value is "0" for every new registered user.

I have passed a query where if the status is "0" that particular User or Admin should be redirected to Authentication.asp page where he'll answer some questions and onclick of SUBMIT the status value in the database will be set to "1".
"1" indicates that user or admin has filled the authentication form and can be redirected to his desired page rather then redirecting him to Authentication.asp page.
For that I have used If-elseif-else statement. I rechecked it many times it doesn't seem that there is any thing missing with my if-else statements. But I'm always redirected to authentication page even if I manually entered "1" as the status in the status column in database. here's my code.

Session("Username")=request.form("user_name")
    if request.Form("sub_but") <> "" then
    sql = "SELECT * FROM Users WHERE UserName='"&request.form("user_name")&"' AND Password='"&request.form("pwd")&"'"
    rs.open sql, con, 1, 2  
    if rs.EOF then
            response.Write("<script language='javascript'>{attention_emp();}</script>")
        else
        if(rs("status")=1 & rs("login_type")="admin") then
                  Response.Redirect ("admin.asp")
        elseif(rs("status")=1 & rs("login_type")="emp") then
                      response.Redirect("leave.asp")
        else
                      response.Redirect("auth.asp") 
        end if  
    end if

    rs.close
    end if

Best Answer

Do not use "&" use the following:

if(rs("status")=1 AND LCase(rs("login_type"))="admin") then
              Response.Redirect ("admin.asp")
    elseif(rs("status")=1 AND LCase(rs("login_type"))="emp") then
                  response.Redirect("leave.asp")
    else
                  response.Redirect("auth.asp") 
    end if

In vbScript "&" is a string concatenation operator not a logical operator. Here is a list of vbScript operators.

EDIT also note that string comparisons are case sensitive. I've changed the comparison to convert the database output to lower case. This could also be a factor in your problem.

Also take note of @Mirko comment!!!

EDIT 2 To Clarify from comments

If you are still always getting redirected to the authentication page the actual cause needs to be determined. Hard coding the conditional statement should help rule it out as being the cause. Another method for debugging is to pull apart the statement instead of redirecting. See below:

if(rs("status")=1 AND LCase(rs("login_type"))="admin") then
    Response.Redirect ("admin.asp")
elseif(rs("status")=1 AND LCase(rs("login_type"))="emp") then
    response.Redirect("leave.asp")
else
    Response.Write "Status: " & rs("status") & "<br />"
    Response.Write "Is Status 1: " & (rs("status")=1)  & "<br />"
    Response.Write "Login Type: " & rs("login_type") & "<br />"
    Response.Write "Is Login Type admin: " & (rs("login_type") = "admin") & "<br />"
    Response.Write "Is Login Type emp: " & (rs("login_type") = "emp") & "<br />"
end if

This will help you determine what is true and what is false in you if and if/else statements. Once you have done that is should become clearer as to what is causing the behavior you are getting. Once you have isolated and fixed the problem, put back the redirect.

Related Topic