0
我有一個搜索引擎,它將使用Web服務來搜索我的數據庫以查找3個特定的事情。我甚至不知道它是否會像這樣工作,但我在主頁上有一個下拉列表以選擇產品,功能,說明。根據用戶選擇的內容,Web服務應該轉到if語句以使用正確的SELECT語句並查找搜索結果。幫助在ASP 4中構建WebService,VB
有人能幫我弄清楚如何解決我寫的使其工作?請不要太挑剔,我沒有太多的經驗。我也一直在研究SQL注入,因爲我有很多易受攻擊的代碼,所以在查看我的代碼時請記住這一點。
我無法讓藍色波浪線離開WebService頁面上的DropdownList1.Value實例。
的WebService:
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim Feature As String = DropDownList1.Value
Dim Description As String = DropDownList1.Value
Dim Product As String = DropDownList1.Value
If Feature Then
Dim FeatureSql As String = "Select FeatureTitle FROM Feature WHERE FeatureTitle LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=******;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(FeatureSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "FeatureSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("FeatureTitle").ToString(), i)
i += 1
Next
Return items
End If
If Description Then
Dim MarketingSql As String = "Select MarketingType, MarketingData FROM Marketing WHERE MarketingType = '2' AND MarketingData LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(MarketingSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "DescriptionSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("MarketingType").ToString(), i)
items.SetValue(dr("MarketingData").ToString(), i)
i += 1
Next
Return items
End If
If Product Then
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End If
End Function
End Class
Default.aspx頁 - 在這裏,我需要的下拉列表,以配合到數據庫莫名其妙。
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="AutoComplete.asmx" />
</Services>
</asp:ScriptManager>
Search by:
<asp:DropDownList ID="DropDownList1" runat="server">
<asp:ListItem>Product</asp:ListItem>
<asp:ListItem>Feature</asp:ListItem>
<asp:ListItem>Description</asp:ListItem>
</asp:DropDownList>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="AutoComplete.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="3" CompletionSetCount="120" EnableCaching="true">
</asp:AutoCompleteExtender>
你不應該寫新的ASMX Web服務Microsoft認爲他們是「傳統技術」 Web服務客戶端或服務器的所有新的發展應使用WCF。 –
哦,我一定找到了一個很老的教程,那麼開始使用別的東西會多複雜? – jlg
並不複雜,WCF中有更豐富的內容,但是您可以完全忽略它。事實上,如果你使用「basicHttpBinding」綁定,你可以使WCF看起來非常像ASMX。 –