如何获得.asp的返回值阿贾克斯 [英] How to get the return value .asp to ajax
问题描述
为什么我不能得到的.asp的返回值?
Why can't I get the return value from .asp?
下面是我的JS:
$('#loginID').click(function(){
var userID = $("#userId").val();
var passID = $("#passwordId").val();
var myURL = "http://ipaddress/asp/test2.asp";
$.ajax({
type: "GET",
url: myURL,
dataType: "JSON",
data: {
username: userID,
password: passID,
},
success: function (response) {
alert(response);
}
});
});
我的.asp:
<!--#include file="JSON_Conv.asp"-->
<%
Dim member
Set member = jsObject()
set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'",conn,1,3
if (not rs.EOF) then
member("userID") = rs("UserID")
member("idMember") = rs("IDMember")
member.Flush
else
Response.Write(50)
end if
rs.close
conn.Close
%>
修改
我只是注意到还有的是一个问题,我的第一个JS,我在做一个跨服务器的AJAX,但看到这个指南的 HTTP://www.$c$cproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request (具有同样的问题,其他人参考)不要忘记添加Response.AddHeader访问控制允许来源,*
edit i just notice there's was a problem with my first js, i was doing a cross server ajax, but saw this guide http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request (reference for other people having same problem) dont forget to add the Response.AddHeader "Access-Control-Allow-Origin","*"
$('#loginID').click(function(){
var userID = $("#userId").val();
var passID = $("#passwordId").val();
var myURL = "http://ipaddresss from other server"+userID+"&password="+passID;
var cor = null;
if (window.XMLHttpRequest) {
cor = new XMLHttpRequest();
}
else {
alert("Your browser does not support Cross-Origin request!");
return;
}
cor.onreadystatechange = function () {
if (cor.readyState == 4) {
var loko = cor.responseText;
var obj = jQuery.parseJSON(loko);
alert(obj.userID);
}
};
cor.open('GET', myURL, true);
cor.withCredential = "true";
cor.send(null);
});
反正问题就解决了..只是需要改善我的剧本
anyway the problem is solved.. just need to improve my script
推荐答案
看起来好像你正在使用的 aspjson 。
Looks as though you are using the aspjson.
下面是一个例子,应该帮助。
Here is an example that should help.
<!--#include file="JSON_Conv.asp"-->
<%
Dim member, json
Set member = jsObject()
Dim conn, cmd, rs, sql
Dim userid, pwd
'Use POST in your ajax to hide logon values from the URL
userid = Request.Form("username") & ""
pwd = Request.Form("password") & ""
'Your connection string should be stored in an #include so it can be easily accessed.
conn = "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"
'Use parametrised queries instead of being left open to SQL injection.
sql = "SELECT * FROM USER_ID WHERE UserID = ? and password = ?"
Set cmd = Server.CreateObject("ADODB.Command")
With cmd
'No need for ADODB.Connection object, ActiveConnection will instantiate it for us when the ADODB.Command is executed using the connection string.
.ActiveConnection = conn
.CommandType = adCmdText 'equals 1 if constants not defined
.CommandText = sql
'Assuming your fields (in order) are NVARCHAR with a length of 100 (change as appropriate.
.Parameters.Append(.CreateParameter("@userid", adVarWChar, adParamInput, 100))
.Parameters.Append(.CreateParameter("@password", adVarWChar, adParamInput, 100))
Set rs = .Execute(, Array(userid, pwd))
If (Not rs.EOF) Then
'Populate jsObject
member("userID") = rs("UserID")
member("idMember") = rs("IDMember")
Else
'Populate with error instead
member("error") = 50
End If
Call rs.Close()
Set rs = Nothing
End With
Set cmd = Nothing
'Serialize JSObject to a JSON string
json = toJSON(member)
'Output JSON response
Response.ContentType = "application/json"
Call Response.Write(json)
%>
的东西夫妇虽然
-
如果您不使用ADO常量我会认真推荐这样做的最简单,目前要做到这一点的最好办法是的使用元数据导入DLL常量。
code喜欢;
Code like;
"SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'"
c您留给自己是充满问题的主要一个是SQL注入,通过指定的Request.QueryString
直接到$ C $ /你的客户滥用。在上面我切换到使用的例子 ADODB.Command
与定义的参数这样SQL知道会发生什么,并提供了一个圈护栏网为传递任意值。
Is fraught with issues the main one being SQL Injection, by specifying Request.QueryString
directly into your code you leave yourself / your client open to abuse. In the example above I switch to using ADODB.Command
with defined parameters this way SQL knows what to expect and provides a ring fence for any value passed.
这篇关于如何获得.asp的返回值阿贾克斯的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!