0
我有一个搜索引擎,它将使用Web服务来搜索我的数据库以查找3个特定的事情。我甚至不知道它是否会像这样工作,但我在主页上有一个下拉列表以选择产品,功能,说明。根据用户选择的内容,Web服务应该转到if语句以使用正确的SELECT语句并查找搜索结果。帮助在ASP 4中构建WebService,VB
有人能帮我弄清楚如何解决我写的使其工作?请不要太挑剔,我没有太多的经验。我也一直在研究SQL注入,因为我有很多易受攻击的代码,所以在查看我的代码时请记住这一点。
我无法让蓝色波浪线离开WebService页面上的DropdownList1.Value实例。
的WebService:
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim Feature As String = DropDownList1.Value
Dim Description As String = DropDownList1.Value
Dim Product As String = DropDownList1.Value
If Feature Then
Dim FeatureSql As String = "Select FeatureTitle FROM Feature WHERE FeatureTitle LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=******;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(FeatureSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "FeatureSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("FeatureTitle").ToString(), i)
i += 1
Next
Return items
End If
If Description Then
Dim MarketingSql As String = "Select MarketingType, MarketingData FROM Marketing WHERE MarketingType = '2' AND MarketingData LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(MarketingSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "DescriptionSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("MarketingType").ToString(), i)
items.SetValue(dr("MarketingData").ToString(), i)
i += 1
Next
Return items
End If
If Product Then
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End If
End Function
End Class
Default.aspx页 - 在这里,我需要的下拉列表,以配合到数据库莫名其妙。
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="AutoComplete.asmx" />
</Services>
</asp:ScriptManager>
Search by:
<asp:DropDownList ID="DropDownList1" runat="server">
<asp:ListItem>Product</asp:ListItem>
<asp:ListItem>Feature</asp:ListItem>
<asp:ListItem>Description</asp:ListItem>
</asp:DropDownList>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="AutoComplete.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="3" CompletionSetCount="120" EnableCaching="true">
</asp:AutoCompleteExtender>
你不应该写新的ASMX Web服务Microsoft认为他们是“传统技术” Web服务客户端或服务器的所有新的发展应使用WCF。 –
哦,我一定找到了一个很老的教程,那么开始使用别的东西会多复杂? – jlg
并不复杂,WCF中有更丰富的内容,但是您可以完全忽略它。事实上,如果你使用“basicHttpBinding”绑定,你可以使WCF看起来非常像ASMX。 –