1. 首頁
  2. 問答
  3. Ajax調用通過代碼

Ajax調用通過代碼

2012-01-30 130 views
0 
<AjaxPro.AjaxMethod(AjaxPro.HttpSessionStateRequirement.Read)> _ 
Public Function HandleSelect(ByVal table As String, ByVal eventSource As String, ByVal filterValue As String, ByVal targetControl As String) As StreetNameResponse 

    Dim tName As TableName 
    Dim filter As String = Nothing 
    Dim sort As String = Nothing 
    Dim textField As String = Nothing 
    Dim valueField As String = Nothing 
    Dim name As String = Nothing 
    Dim onChange As String = Nothing 
    'Assign security filter 
    CheckSecurityFilter() 

    Select Case table.ToLower 
     Case "county" 
      tName = TableName.County 
      If filterValue = "-1" Or filterValue = "" Then 
       If _restrictionLevel = RestrictionLevel.District Then 
        filter = _restrictionFilter 
       End If 
      Else 
       filter = String.Format("maintdisnmbr in ({}0)", filterValue) 
      End If 
      tName = TableName.County 
      sort = "countyname ASC" 
      textField = "countyname" 
      valueField = "countynmbr" 
      name = "selCounty" 
      onChange = "CheckSubmitEnabled();ajaxGetSelect('city','county', this, 'spanCity')" 
     Case "city" 
      If filterValue = "-1" Or filterValue = "" Then 
       'No value selected, set the filter to the default security value 
       If _restrictionLevel = RestrictionLevel.District Or _restrictionLevel = RestrictionLevel.County Then 
        filter = _restrictionFilter 
       End If 
      Else 
       Select Case eventSource.ToLower 
        Case "district" 
         filter = String.Format("maintdisnmbr in ({0})", filterValue) 
        Case "county" 
         filter = String.Format("countynmbr in ({0})", filterValue) 
       End Select 
      End If 

      tName = TableName.MasterCity 
      sort = "sams_cityname ASC" 
      textField = "sams_cityname" 
      valueField = "cityname_value" 
      name = "selCity" 
      onChange = "CheckSubmitEnabled()" 
    End Select 
    Dim selOutput As HtmlSelect = BuildSelect(tName, filter, sort, textField, valueField, name, onChange) 
    Dim outControl As New StreetNameResponse 
    outControl.targetControl = targetControl 
    outControl.outputControl = selOutput 
    MyBase.ProperCaseSelectControl(selOutput) 
    Return outControl 
End Function

中途停在我有問題,調試上面的代碼。這一點是在HTML中我有三個選擇標籤。區,縣和城市。如果你選擇一個地區,它應該更新縣和市來限制該地區的縣或城市。城市完美,但縣沒有。我發現,如果它運行在上面的代碼中,如果它通過County Case段運行,它就會停止filter = String.Format(「{} 0」中的maintdisnmbr),filterValue)。如果我一步一步地完成代碼的話。如果我不一步一步地向前跳,它會給我一個錯誤,說明輸入字符串沒有格式化。這不是我的代碼,我沒有與Ajax合作,但我必須解決它,請任何幫助,至少找出問題會很好。Ajax調用通過代碼

來源

2012-01-30 cjohnson2136

+0

這看起來將是容易受到SQL注入攻擊。壞碼猴。沒有cookie。 – 2012-01-31 04:33:00

回答

1

此:

「maintdisnmbr在({} 0)」

應該是這樣的,而不是:

「maintdisnmbr在({0})」

但這如果你想對sql注入容易。如果你想好代碼,你會在正確地傳遞一個列表到SQL Server閱讀本系列文章:

http://www.sommarskog.se/arrays-in-sql.html

來源

2012-01-31 04:34:32

+0

雖然現在我只是試圖讓代碼工作......我們有一個團隊離開,所以這個項目上的每個人都沒有寫出我們只是試圖讓它工作的代碼。稍後我們會對摺射器進行評估感謝您指出我忽略的簡單錯誤。 – cjohnson2136 2012-01-31 13:08:25

相關問題

 相關問題