In lesson 17 I showed you have you created an Access database and how you could connect to it with ASP through ODBC using a DSN file. You need to have full access to the server to create the DSN file, something that can be difficult if your site is hosted somewhere. In this lesson I will teach you how to make a DSN-less connection. And as tests has shown, an DSN-less connection to Access gives you better performance! You can have up to 20-30 simultaneous users on the db without problems. A regular DSN connection would not handle this kind of load. (This is not the case for MS SQL Server). Check out this great Power ASP article to learn more.

Multiple Recordsets - the ability to stuff multiple SQL query results into one Recordset - is an ADO feature that's few developers are aware of. In this article, we are going to take a look on what a Mutliple Recordset is, exactly, and how it can make your development life easier (and your code more efficient). But before we start examining Multiple Recordsets, let's look at a common task in ASP and how it is handled without using Multiple Recordsets.

Microsoft Index Server is a built-in feature of Windows 2000. It provides a service for automatically indexing documents such as HTML, text, and Office documents. The Index Server search facilities can then be used to quickly locate a document.

If you are developing a password-protected web site, you have to make a decision about how to store user password information securely.

What is "secure," anyway? Realize that the data in your database is not safe. What if the password to the database is compromised? Then your entire user password database will be compromised as well. Even if you are quite certain of the security of your database, your users' passwords are still accessible to all administrators who work at the Web hosting company where your database is hosted. Scrambling the passwords using some home-brewed algorithm may add some obscurity but not true "security." Another approach would be to encrypt all passwords in your database using some industry-standard cipher, such as the Message-Digest Algorithm 5 (MD5).

MD5 encryption is a one-way hashing algorithm. Two important properties of the MD5 algorithm are that it is impossible to revert back an encrypted output to the initial, plain-text input, and that any given input always maps to the same encrypted value. This ensures that the passwords stored on the server cannot be deciphered by anyone. This way, even if an attacker gains reading permission to the user table, it will do him no good.

MD5 does have its weaknesses. MD5 encryption is not infallible: if the password is not strong enough, a brute force attack can still reveal it. So, you can ask: "Why should I use MD5 if I know it is not the most secure?" The answer is fairly straightforward: it's fast, it's easy, and it can be powerful if salted. The greatest advantage of MD5 is its speed and ease of use.

It is vitally important to understand that password encryption will not protect your website, it can protect your passwords only. If your website does not have sufficient protection, password encryption will not make it safe from cracking. If your system has been cracked, a hacker can inflict a irreparable damage to it and also gain an access to confidential information, including passwords database. But if you store this information encrypted, hackers practically cannot make use of it. Cracking an encrypted password takes a large amount of time and processing power, even on today's computers.

There are no built-in MD5 functions in ASP. To enable MD5 encryption you should include md5.asp.


So, let's start. First of all, you need to add a new account to your database. The following code allows to do it.

Allowing multiple choices of data observations enables people to customize views of your data and adds value to your applications. The following example utilizes our db on the career statistics of Hammerin? Hank Greenberg. The years he played are available to select from in a dropdown menu. When multiple years are selected they are passed comma delimited. Utilizing the where in statement in our sql the comma delimited selections are appended to our sql statement to display only those years selected. Because we are looking for numeric values in our where in statement no modification to the comma delimited input is necessary. When character input is involved a replace statement can be used to put the appropriate quotation marks into your statement. Which is also provided in this example, but must be un-commented to be used