我正在将Wcf Rest Service用于Angular JS Application。我试图通过Angular JS Application中的Wcf Service从sql数据库中检索单个记录。我调试了应用程序,我得到了以下错误。
System.Data.SqlClient.SqlException occurred
HResult=0x80131904
Message=Unclosed quotation mark after the character string '{Account_Number}16'.
Incorrect syntax near '{Account_Number}16'.
Source=.Net SqlClient Data Provider
StackTrace:
<Cannot evaluate the exception stack trace>
这是界面。
[OperationContract]
[WebInvoke(Method = "POST",
RequestFormat = WebMessageFormat.Json,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "/GetAccountDetails/{Account_Number}")]
string GetAccountDetails(string Account_Number);
这是实施。
public string GetAccountDetails(string Account_Number)
{
List<object> customers = new List<object>();
string sql = "SELECT * FROM Current_Account_Holder_Details WHERE Account_Number = '"+ Account_Number;
using (SqlConnection conn = new SqlConnection())
{
conn.ConnectionString = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
using (SqlCommand cmd = new SqlCommand(sql))
{
cmd.Parameters.AddWithValue("@Account_Number", Account_Number);
cmd.Connection = conn;
conn.Open();
using (SqlDataReader sdr = cmd.ExecuteReader())
{
while (sdr.Read())
{
customers.Add(new
{
Tittle = sdr["Tittle"],
Account_Holder_First_Name = sdr["Account_Holder_First_Name"],
Account_Holder_Last_Name = sdr["Account_Holder_Last_Name"],
Account_Holder_DOB = sdr["Account_Holder_DOB"],
Account_Holder_House_No = sdr["Account_Holder_House_No"],
Account_Holder_Street_Name = sdr["Account_Holder_Street_Name"],
Account_Holder_Post_Code = sdr["Account_Holder_Post_Code"],
Account_Holder_Occupation = sdr["Account_Holder_Occupation"],
Account_Number = sdr["Account_Number"]
});
}
}
conn.Close();
}
return (new JavaScriptSerializer().Serialize(customers));
}
}
当我点击带有值的按钮时,这是在调试模式下拍摄的屏幕。
这是脚本代码。
var app = angular.module("WebClientModule", [])
.controller('Web_Client_Controller', ["$scope", 'myService', function ($scope, myService) {
var Account_Number = $scope.Account_Number;
$scope.search = function (Id) {
var promisePostSingle = myService.postbyId(Id);
promisePostSingle.then(function (pl) {
var res = pl.data;
$scope.Account_Number = res.Account_Number;
$scope.Account_Creation_Date = res.Account_Creation_Date;
$scope.Account_Type = res.Account_Type;
$scope.Branch_Sort_Code = res.Branch_Sort_Code;
$scope.Account_Fees = res.Account_Fees;
$scope.Account_Balance = res.Account_Balance;
$scope.Over_Draft_Limit = res.Over_Draft_Limit;
// $scope.IsNewRecord = 0;
},
function (errorPl) {
console.log('failure loading Employee', errorPl);
});
}
}]);
app.service("myService", function ($http) {
this.postbyId = function (Id) {
return $http.post("http://localhost:52098/HalifaxIISService.svc/GetAccountDetails/{Account_Number}" + Id);
};
})
这是HTML CODE。
@{
Layout = null;
}
<!DOCTYPE html>
<html ng-app="WebClientModule">
<head>
<meta name="viewport" content="width=device-width" />
<title>AccountBalance</title>
<script src="~/Scripts/angular.min.js"></script>
<script src="~/RegistrationScript/AccountBalance.js"></script>
</head>
<body>
<div data-ng-controller="Web_Client_Controller">
Enter Account_Number: <input type="text" ng-model="Account_Number" />
<input type="button" value="search" ng-click="search(Account_Number)" />
<table id="tblContainer">
<tr>
<td>
<table style="border: solid 2px Green; padding: 5px;">
<tr style="height: 30px; background-color: skyblue; color: maroon;">
<th></th>
<th>Account Number</th>
<th>Account Creation Date</th>
<th>Account Type</th>
<th>Branch Sort Code</th>
<th>Account Fees</th>
<th>Account Balance</th>
<th>Over Draft Limit</th>
<th></th>
<th></th>
</tr>
<tbody data-ng-repeat="user in Users">
<tr>
<td></td>
<td><span>{{user.Account_Number}}</span></td>
<td><span>{{user.Account_Creation_Date}}</span></td>
<td><span>{{user.Account_Type}}</span></td>
<td><span>{{user.Branch_Sort_Code}}</span></td>
<td><span>{{user.Account_Fees}}</span></td>
<td><span>{{user.Account_Balance}}</span></td>
<td><span>{{user.Over_Draft_Limit}}</span></td>
<td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td></td>
</tr>
<tr>
<td>
<div style="color: red;">{{Message}}</div>
</td>
</tr>
</table>
</div>
</body>
</html>
<script src="~/RegistrationScript/AccountBalance.js"></script>
答案 0 :(得分:1)
这是你的代码:
string sql = "SELECT * FROM Current_Account_Holder_Details
WHERE Account_Number = '"+ Account_Number;
应该是:
string sql = "SELECT * FROM Current_Account_Holder_Details
WHERE Account_Number = '"+ Account_Number + "'"; // <-- see the missing closing quotation
使用参数来避免sql injection。
修改强>
由于您已经在使用SqlParameter:cmd.Parameters.AddWithValue("@Account_Number", Account_Number);
将您的查询更改为:
string sql = "SELECT * FROM Current_Account_Holder_Details
WHERE Account_Number = @Account_Number";