帮助在ASP 4,VB中构建WebService

时间:2011-08-31 19:09:50

标签: asp.net sql vb.net web-services

我有一个搜索引擎,它将使用网络服务搜索我的数据库以查找3个特定的内容。我甚至不知道它是否会像这样工作,但我的主页上有一个下拉列表,用于选择产品,功能,描述。根据用户选择的内容,Web服务应该转到if语句以使用正确的SELECT语句并找到搜索结果。

有人会帮我弄清楚如何修复我写的内容以使其有效吗?请不要太批评,我没有太多的经验。我也一直在研究SQL注入,因为我有很多易受攻击的代码,所以当你查看我的代码时请记住这一点。

我无法在WebService页面上的DropdownList1.Value实例下面获得蓝色波浪线。

WebService的:

        <WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
    Dim Feature As String = DropDownList1.Value 
    Dim Description As String = DropDownList1.Value 
    Dim Product As String = DropDownList1.Value 

    If Feature Then
        Dim FeatureSql As String = "Select FeatureTitle FROM Feature WHERE FeatureTitle LIKE " + " " '%" + prefixText + "'"
        Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=******;database=Products")
        sqlConn.Open()
        Dim myCommand As New SqlCommand(FeatureSql, sqlConn)
        Dim myReader As SqlDataReader = myCommand.ExecuteReader()
        Dim myTable As New DataTable
        myTable.TableName = "FeatureSearch"
        myTable.Load(myReader)
        sqlConn.Close()
        Dim items As String() = New String(myTable.Rows.Count - 1) {}
        Dim i As Integer = 0
        For Each dr As DataRow In myTable.Rows
            items.SetValue(dr("FeatureTitle").ToString(), i)
            i += 1
        Next
        Return items
    End If

    If Description Then
        Dim MarketingSql As String = "Select MarketingType, MarketingData FROM Marketing WHERE MarketingType = '2' AND MarketingData LIKE " + " " '%" + prefixText + "'"
        Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
        sqlConn.Open()
        Dim myCommand As New SqlCommand(MarketingSql, sqlConn)
        Dim myReader As SqlDataReader = myCommand.ExecuteReader()
        Dim myTable As New DataTable
        myTable.TableName = "DescriptionSearch"
        myTable.Load(myReader)
        sqlConn.Close()
        Dim items As String() = New String(myTable.Rows.Count - 1) {}
        Dim i As Integer = 0
        For Each dr As DataRow In myTable.Rows
            items.SetValue(dr("MarketingType").ToString(), i)
            items.SetValue(dr("MarketingData").ToString(), i)
            i += 1
        Next
        Return items
    End If

    If Product Then
        Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE " + " " '%" + prefixText + "'"
        Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
        sqlConn.Open()
        Dim myCommand As New SqlCommand(ProductSql, sqlConn)
        Dim myReader As SqlDataReader = myCommand.ExecuteReader()
        Dim myTable As New DataTable
        myTable.TableName = "ProductSearch"
        myTable.Load(myReader)
        sqlConn.Close()
        Dim items As String() = New String(myTable.Rows.Count - 1) {}
        Dim i As Integer = 0
        For Each dr As DataRow In myTable.Rows
            items.SetValue(dr("ProductName").ToString(), i)
            i += 1
        Next
        Return items
    End If

End Function
End Class

Default.aspx页面 - 在这里我需要下拉列表以某种方式绑定到数据库。

   <asp:ScriptManager ID="ScriptManager1" runat="server">
    <Services>
        <asp:ServiceReference Path="AutoComplete.asmx" />
    </Services>
    </asp:ScriptManager>
    Search by: 
    <asp:DropDownList ID="DropDownList1" runat="server">
        <asp:ListItem>Product</asp:ListItem>
        <asp:ListItem>Feature</asp:ListItem>
        <asp:ListItem>Description</asp:ListItem>
    </asp:DropDownList>
    <asp:TextBox ID="Search" runat="server"></asp:TextBox>
    <asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="AutoComplete.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="3" CompletionSetCount="120" EnableCaching="true">
    </asp:AutoCompleteExtender>

1 个答案:

答案 0 :(得分:-1)

我删除了下拉列表并测试了其中一个select语句的代码,以确保它正常工作。当他们说下拉列表不能按照我想要的方式使用web服务时,每个人都是对的。 :(

以下是我现在所拥有的:

<asp:ScriptManager ID="ScriptManager1" runat="server">
    <Services>
        <asp:ServiceReference Path="FeatureSearch.asmx" />
    </Services>
</asp:ScriptManager>     

<asp:TextBox ID="Search" runat="server"></asp:TextBox>
     <asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="~/FeatureSearch.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="2" CompletionSetCount="120" EnableCaching="true">
    </asp:AutoCompleteExtender>

  <WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
    Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE '" & prefixText & "%'"
    Dim sqlConn As New SqlConnection
    sqlConn.Open()
    Dim myCommand As New SqlCommand(ProductSql, sqlConn)
    Dim myReader As SqlDataReader = myCommand.ExecuteReader()
    Dim myTable As New DataTable
    myTable.TableName = "ProductSearch"
    myTable.Load(myReader)
    sqlConn.Close()
    Dim items As String() = New String(myTable.Rows.Count - 1) {}
    Dim i As Integer = 0
    For Each dr As DataRow In myTable.Rows
        Dim id As String = dr("ProductID").ToString()
        Dim name As String = dr("ProductName").ToString()
        Dim item As String = AjaxControlToolkit.AutoCompleteExtender.CreateAutoCompleteItem(name, id)
        items.SetValue(item, i)
    Next
    Return items
End Function
相关问题
最新问题