Help!
I am in BIG trouble. I need to get something done FAST.

My company is moving to IISProtect and I need to grab the
IISProtect user name and match that to a field in a table to
display data. ISS Protect is a replacement for Windows Authorization.

Our members used to logon as a Win2000 user in the members group.
That user ID match the ID field of all the different databases we use.
Once a member logged in the main page, all we had to do was call
logon_user in our older .idc pages.

Now we are moving to asp, and I am having a problem getting the
IISProtect Server variable to match the ID field .

The IISProtect variable is : HTTP_IISPROTECTUSER

Here is what I thought should work:

<%
var stmtsum = Server.CreateObject("ADODB.Recordset");
stmtsum.ActiveConnection = MM_clubpro_STRING;
stmtsum.Source = "SELECT * FROM stmtsum WHERE ACCO='"& HTTP_IISPROTECTUSER &"'";

stmtsum.CursorType = 0;
stmtsum.CursorLocation = 2;
stmtsum.LockType = 1;
stmtsum.open();
var stmtsum_numRows = 0;
%>

It doesn't, it just comes back with :

"Microsoft JScript runtime (0x800A1391)
'HTTP_IISPROTECTUSER' is undefined
/protected/statements/stmtsum.asp, line 9"
error

I know the HTTP_IISPROTECTUSER variable is active and holding
data because I can get it to print out using a response.write script in another test page.

Here is a script that WORKS 100%, but it uses a KNOWN member ID number

<%
var stmtsum = Server.CreateObject("ADODB.Recordset");
stmtsum.ActiveConnection = MM_clubpro_STRING;
stmtsum.Source = "SELECT * FROM stmtsum WHERE ACCO='3081'";
stmtsum.CursorType = 0;
stmtsum.CursorLocation = 2;
stmtsum.LockType = 1;
stmtsum.Open();
var stmtsum_numRows = 0;
%>

3081 being a valid member.. My page pops up with all the data in
tact and looks great.


So I tried something different:

If I first setup a declaration like:

<%
myid = (Request.ServerVariables("HTTP_IISPROTECTUSER"))
%>
and then use that in the select statement like this:


<%
myid = (Request.ServerVariables("HTTP_IISPROTECTUSER"))
%>

<%
var stmtsum = Server.CreateObject("ADODB.Recordset");
stmtsum.ActiveConnection = MM_clubpro_STRING;
stmtsum.Source = "SELECT * FROM stmtsum WHERE ACCO='"& myid &"'";
stmtsum.CursorType = 0;
stmtsum.CursorLocation = 2;
stmtsum.LockType = 1;
stmtsum.open();
var stmtsum_numRows = 0;
%>

I get this WEIRD message:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC dBase Driver] Invalid SQL statement; expected
'DELETE', 'INSERT', 'PROCEDURE', 'SELECT', or 'UPDATE'.
/protected/statements/stmtsum.asp, line 14



So it looks like it accepted the "myid" because If I
use anything else it gives me the "undefined" error.

Does anyone know what the heck is going on??