Seeking connection string help

[DierwulfBL]

I'm trying to set up my web development environment locally. I pulled down the database onto my local machine. SQLEXPRESS is what i'm trying to connect to. when i put it on the machine it only let me use "windows authentication". in my config.asp my connString is as follows:

connString="driver={SQL Server};Server=MARCIA\SQLExpress;Database=exactly_bridecentral;Trusted_Connection=True;User Instance=True"

and i've now broken it to the point where im not getting any decent error msgs, but most of what i've run into are "failed to log in" and that sort of thing. Anyone got a website/tutorial that could help a poor newb like myself? I'm pretty new to this and kinda suck at it. I'm just trying to run the website off my localhost without querying the live database over and over. please help!

[.RJ]

You connection string doesnt mention where the database is (localhost?), the port (1521?) or the login credentials.

So... you're doing it wrong somehow :lol:

[DierwulfBL]

ohhhh yea i knew i broke it good. as far as login/password. when i imported the database with the wizard the only thing i could use was "windows authentication" soooo which u/n pw is that? i tried a buncha diff ones but nothing would work....any possible way i can make it no u/n or p/w? btw im using the SQL Express that comes with visual basic express package. I dont see how i can add users or anything. Any suggestions?

connString="driver={SQL Server};Data Source=.\SQLEXPRESS;AttachDbFilename=""C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\exactly_bridecentral_Data.mdf"";Connect Timeout=30;User Instance=True


do i need the attachDbFilename? or is that just gonna cause problems?

[CaptainHenreh]

Did you name your server after the brady bunch?

[Evan]

can you log in via management studio?

since you are using windows authentication, you dont have any login info to pass through the conn string but you need to make sure the account that is trying to connect to the DB has rights to the DB. What account it is using depends on how you using it (ie - either your local user an IIS web account) is something you are going to have to find out yourself.


you shouldnt need any "localhost" or port number as long as you are using the default port and MARCIA (wtf?) is the network name of the computer.

and looks like you left out
Initial Catalog= [database name]

And I think you need
Integrated Security = True
for windows authentication (but Im not sure)

[DierwulfBL]

yea i think the owners wife's name is Marcia(mar-see-uh). This is what i got so far. The database is sitting on the C:/ drive. My connString works for the live database out on the web but when im testing pages locally it hits the database each time i reload the page and the owner is convinced it bogs the server down. This is my current connString:

connString="Data Source=C:\exactly_bridecentral_data.mdf;Server=MARCIA\SQLExpress;Integrated Security = True;Connect Timeout=30;User Instance=True;Initial Catalog= exactly_database"

This is my error msg:

Module : scripts/_INCappDBConn_.asp : openDB()

Number : -2147217887

Page : /scripts/prodView.asp

Desc : Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done.

and this is the code for openDB():
function openDB()
on error resume next
set connTemp = server.createobject("adodb.connection")
connTemp.Open connString
if err.number <> 0 then
dim errMsg
errMsg = "" _
& "<b>Module :</b> scripts/_INCappDBConn_.asp : openDB()<br><br>" _
& "<b>Number :</b> " & err.number & "<br><br>" _
& "<b>Page :</b> " & Request.ServerVariables("PATH_INFO") & "<br><br>" _
& "<b>Desc :</b> " & err.Description
call errorDB("",errMsg)
end if
on error goto 0
if UCase(dbLocked) = "Y" then
call errorDB("<b>" & LangText("ErrStoreClosed","") & "</b>","")
closeDB()
end if
end function

I'm just cruising along hitting the live DB for everything right now but any help would be really nice as I just started learning ASP last week and have never had to do SQL injection or anything on a webpage, just kinda baffled. Been trawling the net for answers but more or less just get more confused. Thanks for the help so far!

[Evan]

I dont think I can help you debug anymore from here.

Can you convert the .mdf to a sql server db instance? personally I never work with mdf so Im not even sure of the syntax.

I have a good c# conn string tester that is good for debugging this kind of thing (or at least isolating the problem) give me your email and ill send it to you

btw speaking of sql injection, never ever ever build SQL statements directly from user form input. Always used parameterized queries. (and always check for isnullorempty() unless you like NPEs!) ado.net makes it easy so no real excuse not to.

[stevegula]

btw speaking of sql injection, never ever ever build SQL statements directly from user form input. Always used parameterized queries. (and always check for isnullorempty() unless you like NPEs!) ado.net makes it easy so no real excuse not to.

Or filter the user input before you use it... which is mainly what a parameterized query is doing for you.

instead of rewriting all of his DB queries he could just filter all of his post/get data before using it.

[DierwulfBL]

yea thats basically what i do. one thing im good at is testing and I cant seem to break the queries in any way. I stay away from user input variables as much as possible but when there are i validate everything as many ways as i can think of.

[Evan]

Or filter the user input before you use it... which is mainly what a parameterized query is doing for you.

instead of rewriting all of his DB queries he could just filter all of his post/get data before using it.

sure, multiple ways to skin a cat. IMO its a pain in the ass, you are duplicating code, and you always run the risk of missing something or having bugs in your code. Im a lazy programmer so I love to reuse good tested code that makes my life easier.
With parameterized queries you also get other benefits such as performance, and you are properly keeping data layer code out of your presentation layer.

IMO its a lot easier and quicker to convert a concatted query into a parameterized query than it is to write messy input validation.

[.RJ]

[DierwulfBL]

wow, i didn't even know what parameterized queries were so i did a quick lil search. Had i known that and wrote them in a while back that woulda saved me atleast a couple hours in debugging my SQL, all those damn single and double quotes are killin me

[stevegula]

Or filter the user input before you use it... which is mainly what a parameterized query is doing for you.

instead of rewriting all of his DB queries he could just filter all of his post/get data before using it.

sure, multiple ways to skin a cat. IMO its a pain in the ass, you are duplicating code, and you always run the risk of missing something or having bugs in your code. Im a lazy programmer so I love to reuse good tested code that makes my life easier.
With parameterized queries you also get other benefits such as performance, and you are properly keeping data layer code out of your presentation layer.

IMO its a lot easier and quicker to convert a concatted query into a parameterized query than it is to write messy input validation.

I don't follow, but then again I use PHP. All you'd have to do is every time your script is called upon, you go through the contents of $_GET and $_POST and sanitize them. 1 piece of code, forever recycled at the very beginning of your script. C#/.net may be different in its handling of this data, but in PHP it's convenient keyed array.

The framework I do my programming in offers a filter that sanitizes XSS requests, GET, and POST data. It also has a Object Relation Model class that, when queried through, sanitizes things and parameterizes the queries.

I just threw out the filter of the POST/GET stuff because if he's just trying to quickly update a lot of code, rewriting every query vs filtering the inputted data is a lot of hassle. Not a who's right/wrong thing, but a what's feasible thing.

[HAULN-SS]

NERD ALERT