如何获得.asp的返回值阿贾克斯 [英] How to get the return value .asp to ajax

问题描述

为什么我不能得到的.asp的返回值？

Why can't I get the return value from .asp?

下面是我的JS：

$('#loginID').click(function(){ 
  var userID = $("#userId").val();
  var passID = $("#passwordId").val();

  var myURL = "http://ipaddress/asp/test2.asp";   

  $.ajax({
    type: "GET",    
    url: myURL,
    dataType: "JSON",
    data: {
      username: userID,
      password: passID,
    },
    success: function (response) {
        alert(response);    
    }
  });
});

我的.asp：

<!--#include file="JSON_Conv.asp"-->
<%
Dim member
Set member = jsObject()

set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"       
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'",conn,1,3      
if (not rs.EOF) then
    member("userID") = rs("UserID")
    member("idMember") = rs("IDMember")
    member.Flush
else
    Response.Write(50)           
end if
rs.close
conn.Close 
%>

修改
我只是注意到还有的是一个问题，我的第一个JS，我在做一个跨服务器的AJAX，但看到这个指南的 HTTP：//www.$c$cproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request （具有同样的问题，其他人参考）不要忘记添加Response.AddHeader访问控制允许来源，*

edit i just notice there's was a problem with my first js, i was doing a cross server ajax, but saw this guide http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request (reference for other people having same problem) dont forget to add the Response.AddHeader "Access-Control-Allow-Origin","*"

$('#loginID').click(function(){ 

    var userID = $("#userId").val();
    var passID = $("#passwordId").val();

    var myURL = "http://ipaddresss from other server"+userID+"&password="+passID;


    var cor = null; 

    if (window.XMLHttpRequest) {
    cor = new XMLHttpRequest();
    }
    else {
    alert("Your browser does not support Cross-Origin request!");
    return;
    }
    cor.onreadystatechange = function () {
    if (cor.readyState == 4) {
        var loko = cor.responseText;
        var obj = jQuery.parseJSON(loko);
        alert(obj.userID);

    }
    };

    cor.open('GET', myURL, true);
    cor.withCredential = "true";
    cor.send(null);

    });

反正问题就解决了​​..只是需要改善我的剧本

anyway the problem is solved.. just need to improve my script

推荐答案

看起来好像你正在使用的 aspjson 。

Looks as though you are using the aspjson.

下面是一个例子，应该帮助。

Here is an example that should help.

<!--#include file="JSON_Conv.asp"-->
<%
Dim member, json
Set member = jsObject()

Dim conn, cmd, rs, sql
Dim userid, pwd

'Use POST in your ajax to hide logon values from the URL
userid = Request.Form("username") & ""
pwd = Request.Form("password") & ""

'Your connection string should be stored in an #include so it can be easily accessed.
conn = "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"

'Use parametrised queries instead of being left open to SQL injection.
sql = "SELECT * FROM USER_ID WHERE UserID = ? and password = ?"

Set cmd = Server.CreateObject("ADODB.Command")
With cmd
  'No need for ADODB.Connection object, ActiveConnection will instantiate it for us when the ADODB.Command is executed using the connection string.
  .ActiveConnection = conn
  .CommandType = adCmdText 'equals 1 if constants not defined
  .CommandText = sql
  'Assuming your fields (in order) are NVARCHAR with a length of 100 (change as appropriate.
  .Parameters.Append(.CreateParameter("@userid", adVarWChar, adParamInput, 100))
  .Parameters.Append(.CreateParameter("@password", adVarWChar, adParamInput, 100))
  Set rs = .Execute(, Array(userid, pwd))    

  If (Not rs.EOF) Then
    'Populate jsObject
    member("userID") = rs("UserID")
    member("idMember") = rs("IDMember")
  Else
    'Populate with error instead
    member("error") = 50
  End If
  Call rs.Close()
  Set rs = Nothing
End With
Set cmd = Nothing

'Serialize JSObject to a JSON string
json = toJSON(member)

'Output JSON response
Response.ContentType = "application/json"
Call Response.Write(json)
%>

---

的东西夫妇虽然

• 如果您不使用ADO常量我会认真推荐这样做的最简单，目前要做到这一点的最好办法是的使用元数据导入DLL常量。

code喜欢;

Code like;

"SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'"

c您留给自己是充满问题的主要一个是SQL注入，通过指定的Request.QueryString 直接到$ C $ /你的客户滥用。在上面我切换到使用的例子 ADODB.Command 与定义的参数这样SQL知道会发生什么，并提供了一​​个圈护栏网为传递任意值。

Is fraught with issues the main one being SQL Injection, by specifying Request.QueryString directly into your code you leave yourself / your client open to abuse. In the example above I switch to using ADODB.Command with defined parameters this way SQL knows what to expect and provides a ring fence for any value passed.

这篇关于如何获得.asp的返回值阿贾克斯的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！