Help with building a WebService in ASP 4, VB
I have a search engine that will use a webservice to search through my database to find 3 specific things. I don't even know if it will work like this, but I have a dropdown list on my main page to select Product, Feature, Description. From what the user selects, the webservice should then go to an if statement to use the correct SELECT statement and find results for the search.
Will someone help me figure out how to fix what I've written to make it work? Please don't be too critical, I don't have a lot of experience. I have also been researching SQL Injection because I have a lot of code that is vulnerable so keep that in mind when you look at my code.
I can't get the blue squiggly lines to go away that are underneath the DropdownList1.Value instances on the WebService page.
WebService:
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim Feature As String = DropDownList1.Value
Dim Description As String = DropDownList1.Value
Dim Product As String = DropDownList1.Value
If Feature Then
Dim FeatureSql As String = "Select FeatureTitle FROM Feature WHERE FeatureTitle LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=******;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(FeatureSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "FeatureSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("FeatureTitle").ToString(), i)
i += 1
Next
Return items
End If
If Description Then
Dim MarketingSql As String = "Select MarketingType, MarketingData FROM Marketing WHERE MarketingType = '2' AND MarketingData LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(MarketingSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "DescriptionSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("MarketingType").ToString(), i)
items.SetValue(dr("MarketingData").ToString(), i)
i += 1
Next
Return items
End If
If Product Then
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End If
End Function
End Class
Default.aspx page - Here I need the dropdownlist to tie to the database somehow.
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="AutoComplete.asmx" />
</Services>
</asp:ScriptManager>
Search by:
<asp:DropDownList ID="DropDownList1" runat="server">
<asp:ListItem>Product</asp:ListItem>
<asp:ListItem>Feature</asp:ListItem>
<asp:ListItem>Description</asp:ListItem>
</asp:DropDownList>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="AutoComplete.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="3" CompletionSetCount="120" EnableCaching="true">
</开发者_如何学Casp:AutoCompleteExtender>
I deleted the dropdown and tested the code of one of the select statements to make sure that it was working correctly. Everyone was right when they said that the dropdown would not work with the webservice the way I wanted it to. :(
Here is what I have now:
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="FeatureSearch.asmx" />
</Services>
</asp:ScriptManager>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="~/FeatureSearch.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="2" CompletionSetCount="120" EnableCaching="true">
</asp:AutoCompleteExtender>
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE '" & prefixText & "%'"
Dim sqlConn As New SqlConnection
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
Dim id As String = dr("ProductID").ToString()
Dim name As String = dr("ProductName").ToString()
Dim item As String = AjaxControlToolkit.AutoCompleteExtender.CreateAutoCompleteItem(name, id)
items.SetValue(item, i)
Next
Return items
End Function
加载中,请稍侯......
精彩评论