Wcf rest service {“字符串'{Account_Number} 16'后面的未闭合引号。\ r \ n'{Account_Number} 16'附近的语法不正确。”}

时间:2017-12-05 01:47:27

标签: c# angularjs rest wcf

我正在将Wcf Rest Service用于Angular JS Application。我试图通过Angular JS Application中的Wcf Service从sql数据库中检索单个记录。我调试了应用程序,我得到了以下错误。

 System.Data.SqlClient.SqlException occurred
  HResult=0x80131904
  Message=Unclosed quotation mark after the character string '{Account_Number}16'.
Incorrect syntax near '{Account_Number}16'.
  Source=.Net SqlClient Data Provider
  StackTrace:
<Cannot evaluate the exception stack trace>

这是界面。

   [OperationContract]
   [WebInvoke(Method = "POST",
   RequestFormat = WebMessageFormat.Json,
   ResponseFormat = WebMessageFormat.Json,
   UriTemplate = "/GetAccountDetails/{Account_Number}")]
    string  GetAccountDetails(string Account_Number);

这是实施。

 public string GetAccountDetails(string Account_Number)
        {
            List<object> customers = new List<object>();
            string sql = "SELECT * FROM Current_Account_Holder_Details WHERE Account_Number = '"+ Account_Number;
            using (SqlConnection conn = new SqlConnection())
            {
                conn.ConnectionString = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
                using (SqlCommand cmd = new SqlCommand(sql))
                {
                    cmd.Parameters.AddWithValue("@Account_Number", Account_Number);
                    cmd.Connection = conn;
                    conn.Open();
                    using (SqlDataReader sdr = cmd.ExecuteReader())
                    {
                        while (sdr.Read())
                        {

                            customers.Add(new
                            {
                                Tittle = sdr["Tittle"],
                                Account_Holder_First_Name = sdr["Account_Holder_First_Name"],
                                Account_Holder_Last_Name = sdr["Account_Holder_Last_Name"],
                                Account_Holder_DOB = sdr["Account_Holder_DOB"],
                                Account_Holder_House_No = sdr["Account_Holder_House_No"],
                                Account_Holder_Street_Name = sdr["Account_Holder_Street_Name"],
                                Account_Holder_Post_Code = sdr["Account_Holder_Post_Code"],

                                Account_Holder_Occupation = sdr["Account_Holder_Occupation"],
                                Account_Number = sdr["Account_Number"]



                            });
                        }
                    }
                    conn.Close();
                }

                return (new JavaScriptSerializer().Serialize(customers));
            }

        }

当我点击带有值的按钮时,这是在调试模式下拍摄的屏幕。

Click here to see the out put

这是脚本代码。

var app = angular.module("WebClientModule", [])
    .controller('Web_Client_Controller', ["$scope", 'myService', function ($scope, myService) {
        var Account_Number = $scope.Account_Number;
    $scope.search = function (Id) {
        var promisePostSingle = myService.postbyId(Id);

        promisePostSingle.then(function (pl) {
            var res = pl.data;
            $scope.Account_Number = res.Account_Number;
            $scope.Account_Creation_Date = res.Account_Creation_Date;
            $scope.Account_Type = res.Account_Type;
            $scope.Branch_Sort_Code = res.Branch_Sort_Code;
            $scope.Account_Fees = res.Account_Fees;
            $scope.Account_Balance = res.Account_Balance;
            $scope.Over_Draft_Limit = res.Over_Draft_Limit;

            //   $scope.IsNewRecord = 0;
        },
            function (errorPl) {
                console.log('failure loading Employee', errorPl);
            });
    }
    }]);




app.service("myService", function ($http) {

    this.postbyId = function (Id) {
        return $http.post("http://localhost:52098/HalifaxIISService.svc/GetAccountDetails/{Account_Number}" + Id);
    };
   })

这是HTML CODE。

@{
    Layout = null;
}

<!DOCTYPE html>

<html ng-app="WebClientModule">
<head>
    <meta name="viewport" content="width=device-width" />

    <title>AccountBalance</title>
    <script src="~/Scripts/angular.min.js"></script>

    <script src="~/RegistrationScript/AccountBalance.js"></script>
</head>
<body>
    <div data-ng-controller="Web_Client_Controller">
        Enter Account_Number: <input type="text" ng-model="Account_Number" />
        <input type="button"  value="search" ng-click="search(Account_Number)" />

            <table id="tblContainer">
                <tr>
                    <td>
                        <table style="border: solid 2px Green; padding: 5px;">
                            <tr style="height: 30px; background-color: skyblue; color: maroon;">
                                <th></th>
                                <th>Account Number</th>
                                <th>Account Creation Date</th>
                                <th>Account Type</th>
                                <th>Branch Sort Code</th>
                                <th>Account Fees</th>
                                <th>Account Balance</th>
                                <th>Over Draft Limit</th>

                                <th></th>
                                <th></th>
                            </tr>
                            <tbody data-ng-repeat="user in Users">
                                <tr>
                                    <td></td>
                                    <td><span>{{user.Account_Number}}</span></td>
                                    <td><span>{{user.Account_Creation_Date}}</span></td>
                                    <td><span>{{user.Account_Type}}</span></td>
                                    <td><span>{{user.Branch_Sort_Code}}</span></td>

                                    <td><span>{{user.Account_Fees}}</span></td>
                                    <td><span>{{user.Account_Balance}}</span></td>
                                    <td><span>{{user.Over_Draft_Limit}}</span></td>
                                    <td>

                                </tr>
                            </tbody>
                        </table>
                    </td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td>

                        <div style="color: red;">{{Message}}</div>

                    </td>
                </tr>
            </table>
        </div>
        </body>


</html>
<script src="~/RegistrationScript/AccountBalance.js"></script>

1 个答案:

答案 0 :(得分:1)

这是你的代码:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = '"+ Account_Number;

应该是:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = '"+ Account_Number + "'"; // <-- see the missing closing quotation

使用参数来避免sql injection

修改

由于您已经在使用SqlParameter:cmd.Parameters.AddWithValue("@Account_Number", Account_Number);

将您的查询更改为:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = @Account_Number";