Asp.net 帮助在ASP 4、VB中构建Web服务
我有一个搜索引擎,它将使用Web服务在我的数据库中搜索,以找到3个特定的东西。我甚至不知道它是否会像这样工作,但我在主页上有一个下拉列表来选择产品、功能和描述。根据用户选择的内容,Web服务应该转到if语句,以使用正确的SELECT语句并查找搜索结果 有人能帮我弄清楚如何修改我写的东西,让它工作吗?请不要太挑剔,我没有很多经验。我也一直在研究SQL注入,因为我有很多易受攻击的代码,所以在查看我的代码时请记住这一点 我无法消除WebService页面上DropdownList1.Value实例下面的蓝色曲线 网络服务:Asp.net 帮助在ASP 4、VB中构建Web服务,asp.net,sql,vb.net,web-services,Asp.net,Sql,Vb.net,Web Services,我有一个搜索引擎,它将使用Web服务在我的数据库中搜索,以找到3个特定的东西。我甚至不知道它是否会像这样工作,但我在主页上有一个下拉列表来选择产品、功能和描述。根据用户选择的内容,Web服务应该转到if语句,以使用正确的SELECT语句并查找搜索结果 有人能帮我弄清楚如何修改我写的东西,让它工作吗?请不要太挑剔,我没有很多经验。我也一直在研究SQL注入,因为我有很多易受攻击的代码,所以在查看我的代码时请记住这一点 我无法消除WebService页面上DropdownList1.Value实例下面
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim Feature As String = DropDownList1.Value
Dim Description As String = DropDownList1.Value
Dim Product As String = DropDownList1.Value
If Feature Then
Dim FeatureSql As String = "Select FeatureTitle FROM Feature WHERE FeatureTitle LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=******;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(FeatureSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "FeatureSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("FeatureTitle").ToString(), i)
i += 1
Next
Return items
End If
If Description Then
Dim MarketingSql As String = "Select MarketingType, MarketingData FROM Marketing WHERE MarketingType = '2' AND MarketingData LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(MarketingSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "DescriptionSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("MarketingType").ToString(), i)
items.SetValue(dr("MarketingData").ToString(), i)
i += 1
Next
Return items
End If
If Product Then
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE " + " " '%" + prefixText + "'"
Dim sqlConn As New SqlConnection("Server=off-db1;uid=productsDB_admin;pwd=*****;database=Products")
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
items.SetValue(dr("ProductName").ToString(), i)
i += 1
Next
Return items
End If
End Function
End Class
_
公共函数GetCompletionList(ByVal prefixText作为字符串,ByVal count作为整数)作为字符串()
Dim功能作为字符串=DropDownList1.值
Dim描述为字符串=DropDownList 1.值
Dim Product As String=DropDownList 1.值
如果是,那么
Dim FeatureSql As String=“从FeatureTitle类似“+”“%”%“+prefixText+”的功能中选择FeatureTitle”
Dim sqlConn作为新的SqlConnection(“服务器=off-db1;uid=productsDB_admin;pwd=****;数据库=Products”)
sqlConn.Open()
将myCommand设置为新的SqlCommand(功能SQL、sqlConn)
将myReader设置为SqlDataReader=myCommand.ExecuteReader()
将myTable设置为新数据表
myTable.TableName=“FeatureSearch”
myTable.Load(myReader)
sqlConn.Close()
Dim items As String()=新字符串(myTable.Rows.Count-1){}
尺寸i为整数=0
对于myTable.Rows中的每个dr As数据行
items.SetValue(dr(“FeatureTitle”).ToString(),i)
i+=1
下一个
退货项目
如果结束
如果是描述的话
Dim MarketingSql As String=“从Marketing中选择MarketingType、MarketingData,其中MarketingType='2'和MarketingData,如“+”“%”%“+prefixText+””
Dim sqlConn作为新的SqlConnection(“服务器=off-db1;uid=productsDB_admin;pwd=***;数据库=Products”)
sqlConn.Open()
Dim myCommand作为新的SqlCommand(MarketingSql、sqlConn)
将myReader设置为SqlDataReader=myCommand.ExecuteReader()
将myTable设置为新数据表
myTable.TableName=“描述搜索”
myTable.Load(myReader)
sqlConn.Close()
Dim items As String()=新字符串(myTable.Rows.Count-1){}
尺寸i为整数=0
对于myTable.Rows中的每个dr As数据行
items.SetValue(dr(“MarketingType”).ToString(),i)
items.SetValue(dr(“MarketingData”).ToString(),i)
i+=1
下一个
退货项目
如果结束
如果是产品,那么
Dim ProductSql As String=“从产品中选择产品名称,其中产品名称类似于“+”“%”%“+prefixText+””
Dim sqlConn作为新的SqlConnection(“服务器=off-db1;uid=productsDB_admin;pwd=***;数据库=Products”)
sqlConn.Open()
将myCommand设置为新的SqlCommand(ProductSql、sqlConn)
将myReader设置为SqlDataReader=myCommand.ExecuteReader()
将myTable设置为新数据表
myTable.TableName=“ProductSearch”
myTable.Load(myReader)
sqlConn.Close()
Dim items As String()=新字符串(myTable.Rows.Count-1){}
尺寸i为整数=0
对于myTable.Rows中的每个dr As数据行
items.SetValue(dr(“ProductName”).ToString(),i)
i+=1
下一个
退货项目
如果结束
端函数
末级
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="AutoComplete.asmx" />
</Services>
</asp:ScriptManager>
Search by:
<asp:DropDownList ID="DropDownList1" runat="server">
<asp:ListItem>Product</asp:ListItem>
<asp:ListItem>Feature</asp:ListItem>
<asp:ListItem>Description</asp:ListItem>
</asp:DropDownList>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="AutoComplete.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="3" CompletionSetCount="120" EnableCaching="true">
</asp:AutoCompleteExtender>
搜索人:
产品
特征
描述
<asp:ScriptManager ID="ScriptManager1" runat="server">
<Services>
<asp:ServiceReference Path="FeatureSearch.asmx" />
</Services>
</asp:ScriptManager>
<asp:TextBox ID="Search" runat="server"></asp:TextBox>
<asp:AutoCompleteExtender ID="AutoCompleteExtender1" runat="server" TargetControlID="Search" ServicePath="~/FeatureSearch.asmx" ServiceMethod="GetCompletionList" MinimumPrefixLength="2" CompletionSetCount="120" EnableCaching="true">
</asp:AutoCompleteExtender>
<WebMethod()> _
Public Function GetCompletionList(ByVal prefixText As String, ByVal count As Integer) As String()
Dim ProductSql As String = "Select ProductName FROM Product WHERE ProductName LIKE '" & prefixText & "%'"
Dim sqlConn As New SqlConnection
sqlConn.Open()
Dim myCommand As New SqlCommand(ProductSql, sqlConn)
Dim myReader As SqlDataReader = myCommand.ExecuteReader()
Dim myTable As New DataTable
myTable.TableName = "ProductSearch"
myTable.Load(myReader)
sqlConn.Close()
Dim items As String() = New String(myTable.Rows.Count - 1) {}
Dim i As Integer = 0
For Each dr As DataRow In myTable.Rows
Dim id As String = dr("ProductID").ToString()
Dim name As String = dr("ProductName").ToString()
Dim item As String = AjaxControlToolkit.AutoCompleteExtender.CreateAutoCompleteItem(name, id)
items.SetValue(item, i)
Next
Return items
End Function
_
公共函数GetCompletionList(ByVal prefixText作为字符串,ByVal count作为整数)作为字符串()
Dim ProductSql As String=“从类似于ProductName的产品中选择ProductName”“&prefixText&“%””
Dim sqlConn作为新的SqlConnection
sqlConn.Open()
将myCommand设置为新的SqlCommand(ProductSql、sqlConn)
将myReader设置为SqlDataReader=myCommand.ExecuteReader()
将myTable设置为新数据表
myTable.TableName=“ProductSearch”
myTable.Load(myReader)
sqlConn.Close()
Dim items As String()=新字符串(myTable.Rows.Count-1){}
尺寸i为整数=0
对于myTable.Rows中的每个dr As数据行
Dim id为String=dr(“ProductID”).ToString()
Dim名称为String=dr(“ProductName”).ToString()
Dim项为String=AjaxControlToolkit.AutoCompleteXtender.CreateAutoCompleteItem(名称,id)
items.SetValue(item,i)
下一个
退货项目
端函数