Its actualy quite ironic that for the past few weeks ive been building a forum and now im posting in one!

My problem seems quite simply, i just theres a simple answer...

I my members table i have logged in amount, location, country, rating, times rated and many more....

 when i use  SSH to requerst the following, it all seems to work fine,

mysql> SELECT Rating, Rates From Members WHERE Username = 'Admin' LIMIT 1;
+--------+-------+
| Rating | Rates |
+--------+-------+
|   5.00 |     0 |
+--------+-------+
1 row in set (0.00 sec) 

 But when i use the same in my webpage, i dont seem to get the same back,

Set getmember = my_conn.Execute("SELECT * From Members WHERE Username = '"& getposts("PostingMember") &"' LIMIT 1") 

<%Response.Write(getmember("Rating"))%>

 why is this? does anyone have any suggestions at all?

not sure what getposts() is returning, but the name of it suggests that it is not returning a username such as 'Admin'.  Make sure that getposts("PostingMember") is returning a username.

Might I suggest that you switch to using parameterized queries before someone registers with a name like "asdf' ; drop table Members --"

Hope this helps!

oh no, dont worry, ive done all my homework for people joining the site, it uses regular expressions to verify what goes into the database, so no worries there...

getposts() is linked to SELECT * From Posts WHERE Forum_IDfk = '"& forum &"' ORDER BY Dateposted DESC.

 what i dont understand is that half my data returns fine to the page but the rating which is:  rating DECIMAL(4,2) DEFAULT '5',

 why is it not returning this value correctly?

 my table creation is:

CREATE TABLE Members (
Member_ID MEDIUMINT UNSIGNED  PRIMARY KEY AUTO_INCREMENT NOT NULL UNIQUE,

Username VARCHAR(20) UNIQUE NOT NULL,
Password VARCHAR(40) NOT NULL,
Firstname VARCHAR(50) NOT NULL,
Lastname VARCHAR(50) NOT NULL,
Email VARCHAR(50) UNIQUE NOT NULL,

Gender VARCHAR(12) NOT NULL DEFAULT 'Undisclosed',
Dateofbirth DATE NOT NULL,
Orientation VARCHAR(12) NOT NULL DEFAULT 'Undisclosed',
Status VARCHAR(20) NOT NULL DEFAULT 'Undisclosed',
Signature VARCHAR(100),
Webpage VARCHAR(255) DEFAULT '';

Account VARCHAR(10) NOT NULL DEFAULT 'PENDING', # DELETED, SUSPENDED, ACTIVE, PENDING
Accountverify SMALLINT UNSIGNED NOT NULL,
Accountvisits MEDIUMINT UNSIGNED NOT NULL DEFAULT 0,
Rating DECIMAL(4,2) DEFAULT '5',
Rates MEDIUMINT UNSIGNED DEFAULT 0,
Datejoined TIMESTAMP NOT NULL DEFAULT NOW(),
Lastloggedin TIMESTAMP NOT NULL DEFAULT 0,
Logincount MEDIUMINT UNSIGNED DEFAULT 0,

Country VARCHAR(255) NOT NULL,
Location VARCHAR(255),
Postcode VARCHAR(10),

Posts MEDIUMINT UNSIGNED NOT NULL DEFAULT 0,
Profileheader VARCHAR(100),
Profiletext TEXT,
Interests VARCHAR(255),

Profilepicture VARCHAR(255) NOT NULL DEFAULT 'nopic',
Avatar VARCHAR(255) NOT NULL DEFAULT 'noavatar'

);

if getPosts() is "linked to" a "SELECT *" query, then that query could be returning multiple rows.  I don't see how you could be getting a value by using "getPosts("PostingMember")" - I'm not saying this isn't possible, but without the code I just don't know what logic is there.

On the other issue, regardless of your regular expressions, you should never construct queries this way because of the risk of sql injection

Matt

how do i risk mysql injection?? can you provide a sample code?

 im a tad confused on why my numbers arnt coming up for the rating which is a decimal number....

 the way it works is that you can basically doa piece of code...

<% 

Set my_conn = Server.CreateObject("ADODB.Connection")
Set rs = Server.CreateObject("ADODB.Recordset")
my_conn.Open "DRIVER={MySQL}; DATABASE=mydatabase; USER=myusername; PASSWORD=pass; Server=localhost;" ' Data source name

set latesttopics = my_conn.Execute("SELECT Forum_ID, Forumsubject, Datecreated From Forums Order BY Datecreated DESC;")

Do while not latesttopics.eof

response.write(latesttopics("Forumsubject") & "created on: " & latesttopics("Datecreated"))       

latesttopics.MoveNext
loop%>

thats basically how it works (alot of it was copy and past so should be correct) thats how you communicate with MYSQL via VBscript

If you are constructing sql queries with user input, you are risking sql-injection attack.  Put the issue to rest by parameterizing your query. 

I am not sure how any of that code pertains to the question at hand.  Where is there a query that returns a username in a field called "PostingMember?"

the query is 

forum = request.QueryString("forum")

Set getposts = my_conn.Execute("SELECT * From Posts WHERE Forum_IDfk = '"& forum &"' ORDER BY Dateposted DESC")

 i found all my variable return ok now, but for some reason i am not getting back the value 5.0 for the rating, why is this?

<p align="left"> <strong>Group:</strong>

<strong>Posts:</strong> <%Response.Write(getmember("Posts"))%>

<br>
    

<strong>Joined:</strong> <% Response.Write(converttime(getmember("Datejoined"),1))%>

<br>

 <strong>Location:</strong>

<%
    if getmember("Location") <> "" then
    Response.Write(getmember("Location") &", "& getmember("Country"))
    else
    Response.Write(getmember("Country"))
    end if
%>

<br>

<strong>Rating:</strong>

<%Response.Write(getmember("Rating"))%>

everything returns fine except the rating...

the page is here...

http://www.guyspot.co.uk/display.asp?forum=1

Have you tried setting your recordset cursorlocation property to adUseServer (Const value = 2)

It seems MySQL dose not support using cursors on the client 

You MUST set the cursorLocation before connecting to the database.