为什么我无法从.asp获得返回值?
这是我的js:
$('#loginID').click(function(){
var userID = $("#userId").val();
var passID = $("#passwordId").val();
var myURL = "http://ipaddress/asp/test2.asp";
$.ajax({
type: "GET",
url: myURL,
dataType: "JSON",
data: {
username: userID,
password: passID,
},
success: function (response) {
alert(response);
}
});
});
我的.asp:
<!--#include file="JSON_Conv.asp"-->
<%
Dim member
Set member = jsObject()
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'",conn,1,3
if (not rs.EOF) then
member("userID") = rs("UserID")
member("idMember") = rs("IDMember")
member.Flush
else
Response.Write(50)
end if
rs.close
conn.Close
%>
修改 我只是注意到我的第一个js是一个问题,我正在做一个跨服务器ajax,但看到这个指南http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request(其他人有相同问题的参考)不要忘记添加Response.AddHeader &#34;访问控制允许来源&#34;&#34; *&#34;
$('#loginID').click(function(){
var userID = $("#userId").val();
var passID = $("#passwordId").val();
var myURL = "http://ipaddresss from other server"+userID+"&password="+passID;
var cor = null;
if (window.XMLHttpRequest) {
cor = new XMLHttpRequest();
}
else {
alert("Your browser does not support Cross-Origin request!");
return;
}
cor.onreadystatechange = function () {
if (cor.readyState == 4) {
var loko = cor.responseText;
var obj = jQuery.parseJSON(loko);
alert(obj.userID);
}
};
cor.open('GET', myURL, true);
cor.withCredential = "true";
cor.send(null);
});
无论如何问题都解决了..只需要改进我的脚本
答案 0 :(得分:1)
看起来好像使用的是aspjson。
这是一个应该有帮助的例子。
<!--#include file="JSON_Conv.asp"-->
<%
Dim member, json
Set member = jsObject()
Dim conn, cmd, rs, sql
Dim userid, pwd
'Use POST in your ajax to hide logon values from the URL
userid = Request.Form("username") & ""
pwd = Request.Form("password") & ""
'Your connection string should be stored in an #include so it can be easily accessed.
conn = "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"
'Use parametrised queries instead of being left open to SQL injection.
sql = "SELECT * FROM USER_ID WHERE UserID = ? and password = ?"
Set cmd = Server.CreateObject("ADODB.Command")
With cmd
'No need for ADODB.Connection object, ActiveConnection will instantiate it for us when the ADODB.Command is executed using the connection string.
.ActiveConnection = conn
.CommandType = adCmdText 'equals 1 if constants not defined
.CommandText = sql
'Assuming your fields (in order) are NVARCHAR with a length of 100 (change as appropriate.
.Parameters.Append(.CreateParameter("@userid", adVarWChar, adParamInput, 100))
.Parameters.Append(.CreateParameter("@password", adVarWChar, adParamInput, 100))
Set rs = .Execute(, Array(userid, pwd))
If (Not rs.EOF) Then
'Populate jsObject
member("userID") = rs("UserID")
member("idMember") = rs("IDMember")
Else
'Populate with error instead
member("error") = 50
End If
Call rs.Close()
Set rs = Nothing
End With
Set cmd = Nothing
'Serialize JSObject to a JSON string
json = toJSON(member)
'Output JSON response
Response.ContentType = "application/json"
Call Response.Write(json)
%>
尽管如此
如果您不使用ADO常量,我会认真地建议这样做最简单,最好的方法是Using METADATA to Import DLL Constants。
代码如;
"SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'"
充满问题的主要问题是SQL注入,通过直接在代码中指定Request.QueryString,您可以将自己/您的客户端置于滥用状态。在上面的例子中,我转而使用带有已定义参数的ADODB.Command,这样SQL知道会发生什么,并为传递的任何值提供一个环栅栏。