Angular JS应用程序因多发帖请求而失败
我正在从AngularJs应用程序中使用WCF服务。我发布了多个服务请求。有了这个请求,我正在检查用户信息。
这是抛出错误的服务:
public bool cheekCreditScore(Credit_Crad credit)
{
int i = 600;
int j = 700;
SqlConnection cn = new SqlConnection(ConnectionString);
SqlCommand cmd = new SqlCommand("SELECT Credit_Score FROM Credit_Score WHERE Account_Number = '" + credit.account_number + "'", cn);
cn.Open();
cmd.Parameters.AddWithValue("Account_Number", credit.account_number);
var value = cmd.ExecuteScalar();
var da = new SqlDataAdapter(cmd);
DataTable tbl = new DataTable();
da.Fill(tbl);
if (tbl.Rows.Count == 0)
{
//message = ("Account is not exist Under this Name");
return true;
}
else if ((Convert.ToDouble(i) < Convert.ToDouble(value)) && (Convert.ToDouble(value) <= Convert.ToDouble(j)))
{
// message = "Application Successful We can offer you " + Value1 + "Pound";
return true;
}
else
{
// message = "Your application is unsuccessfull ";
return false;
}
//return false;
}
这些是我遇到的错误:
以下是Angular JS Web应用程序中的脚本代码,这里是我向Wcf Rest Service发送多个请求。
var app = angular.module("WebClientModule", [])
.controller('Web_Client_Controller', ["$scope", 'myService', function ($scope, myService) {
$scope.OperType = 1;
//1 Mean New Entry
//To Clear all input controls.
function ClearModels() {
$scope.OperType = 1;
$scope.Tittle = "";
$scope.First_Name = "";
$scope.Last_Name = "";
$scope.Gender = "";
$scope.DOB = "";
$scope.Mobile = "";
$scope.House_No = "";
$scope.Streent_Name = "";
$scope.Country = "";
$scope.Post_Code = "";
$scope.Occupation = "";
$scope.Account_Number = "";
}
$scope.CeditCardApplication = function () {
var ApplicationDeatils = {
Tittle: $scope.Tittle,
First_Name: $scope.First_Name,
Last_Name: $scope.Last_Name,
Gender: $scope.Gender,
DOB: $scope.DOB,
Mobile: $scope.Mobile,
House_No: $scope.House_No,
Streent_Name: $scope.Streent_Name,
Country: $scope.Country,
Post_Code: $scope.Post_Code,
Occupation: $scope.Occupation,
Account_Number: $scope.Account_Number
};
myService.ApplicationDeatilsCheck(ApplicationDeatils).then(function (pl) {
console.log(pl.data)
if (pl.data) {
//$scope.Account_Number = pl.data.Account_Number;
$scope.msg = "User information is correct !";
};
});
myService.ApplicationCreditScoreCheck(ApplicationDeatils).then(function (p2) {
console.log(p2.data)
if (p2.data) {
//$scope.Account_Number = p2.data.Account_Number;
$scope.msg = "We can offer you £6000";
} else {
$scope.msg = "Application failed !";
console.log("Some error Occured" + err);
}
}, function (err) {
$scope.msg = "Application failed!";
console.log("Some error Occured" + err);
});
} // <-- missing }
}]);
app.service("myService", function ($http) {
this.ApplicationDeatilsCheck = function (ApplicationDeatils) {
return $http.post("http://localhost:52098/HalifaxIISService.svc/CreateCurrentAccountCheck", JSON.stringify(ApplicationDeatils));
}
this.ApplicationCreditScoreCheck = function (ApplicationDeatils) {
return $http.post("http://localhost:52098/HalifaxIISService.svc/cheekCreditScore", JSON.stringify(ApplicationDeatils));
}
});
1 个答案:
答案 0 :(得分:1)
使用参数的全部目的是避免字符串连接并防止SQL注入。您的代码都传递参数并连接:
SqlCommand cmd = new SqlCommand("SELECT Credit_Score FROM Credit_Score WHERE Account_Number = '" + credit.account_number + "'", cn);
cn.Open();
cmd.Parameters.AddWithValue("Account_Number", credit.account_number);
这显然是错误的,因为您传递的查询甚至都不知道参数。
只需将您的代码更改为:
SqlCommand cmd = new SqlCommand("SELECT Credit_Score FROM Credit_Score WHERE Account_Number = @Account_Number", cn);
cn.Open();
cmd.Parameters.AddWithValue("Account_Number", credit.account_number);
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?