|
hi all
i have a web service.a function get 2 parameters and return a string.
public string zakhire(string s,string d)
{
string sql = " insert into FX_Forecast2 (Symbol,DateTime) values( '"+s+"',"+d+")";
OpenDb();
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
con.Close();
return sql;
}
i want after executing function these 2 parameters with function name be in url,but just function name passes in url,not parameters and their values!!!
can someone say how to pass parameters??
do i should write code else to do this?
thnx
|
|
|
|
|
Firstly I would suggest do not build your query like this:
string sql = " insert into FX_Forecast2 (Symbol,DateTime) values( '"+s+"',"+d+")";
You leave yourself open to SQL Injection Attacks[^] Use a paramterised query[^] instead.
Secondly, you are not checking that d is a date: this is a recipie for disaster or, at least insert failure exceptions, which are costly in terms of performance.
Points 1 & 2 are especially true if the values are coming from outside you application, such as the WebServce you state.
Finaly, if the strings s and d are correct, your SQL will be generated correctly as far as I can tell, so the problem is probably with the code calling this method. Have you checked that values of s and d ?
|
|
|
|
|
Sage Advice and a Good Answer!
------------------------------------
I will never again mention that I was the poster of the One Millionth Lounge Post, nor that it was complete drivel. Dalek Dave
CCC League Table Link
CCC Link[ ^]
|
|
|
|
|
about point 1: your advise is correct.
about point 2:arrival parameters evaluate in another software that send these to this web service.so they are correct.
this url has shown when execute method:
http:
but i want to pass parameters and values in url after method name.
what's the problem that don't show parameters in url?
|
|
|
|
|
roebuck-code wrote: about point 2:arrival parameters evaluate in another software that send these to this web service.so they are correct.
Not necessarily: their code could be buggy, the web-service client they are using might be poorly formed or of a different version. You need to check the values coming in. You shouldn't trust anything coming into your webservice, even if you provide it.
IIRC, the values from the querystring don't get passed into the asmx method by default, they normally come from the SOAP message. As for getting stuff from the query string you'd have to do something like the following:
string value = Request.QueryString.Get("name").ToString();
|
|
|
|
|
Keith has already pointed out to you why your approach isn't considered to be within the best practices.
My philosophy in any project I'm involved with is that at any level, always assume the consumer of a method/service doesn't know what they are doing. How do you protect yourself.
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
roebuck-code wrote: be in url
What URL?
As Keith has pointed out you should never accept unvalidated input to your Sql statements. Use stored procedures or at least a parameterized query.
If you want to return the command text that was executed, though I can't see why you would, then use SqlCommand.CommandText
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Mark Nischalke wrote: What URL?
after executing this method,open a page that show me this answer:
<?xml version="1.0" encoding="utf-8" ?>
<string xmlns="http://tempuri.org/">insert into FX_Forecast2 (Symbol,DateTime) values( '4',56/8/8)</string>
in page's url has been written method name.
i want after it be parameters and values.
|
|
|
|
|
|
Manfred R. Bihy wrote: This will work if the parameter names of the function match those of the exposed web service method.
The parameters are appended like any other URL parameters by separating them with a "?"
should i pass parameters in url with coding or these have been passed after executing method?
|
|
|
|
|
roebuck-code wrote: should i pass parameters in url with coding
Yes, you should pass the parameteters in URL and they have to be encoded according to the rules of URL encoding.
roebuck-code wrote: or these have been passed after executing method
You'll have to do some explaining of what that means, as my feeble mind was unable to grasp what you were trying to say.
Cheers!
|
|
|
|
|
Manfred R. Bihy wrote: Yes, you should pass the parameteters in URL and they have to be encoded according to the rules of URL encoding.
what code i should write for passing parameters in url?
Manfred R. Bihy wrote: roebuck-code wrote:
or these have been passed after executing method
You'll have to do some explaining of what that means, as my feeble mind was unable to grasp what you were trying to say.
i thought that parameteres pass in url without my coding.
|
|
|
|
|
Please elaborate on from where you intend to call the webservice method. Write a minimal HTML document that illustrates the basic idea. Like posting the data from a form or calling the url from AJAX. The way this question started out there just isn't enough information to give you any appropriate help.
Regards,
|
|
|
|
|
i have a page in a web service:'default.asmx'
in default.cs(in App_Code) is a web method:
[WebMethod]
public string zakhire(string s,string d)
{
string sql = " insert into FX_Forecast2 (Symbol,A) values( '"+s+"','"+d+"')";
OpenDb();
cmd = new SqlCommand(sql, con);
cmd.ExecuteNonQuery();
con.Close();
return sql;
}
type of fields 'Symbol,A' are nvarchar..
now without knowing about a software that send data to webservice,i run this page in visual studio that test this page.
after running this page and executing the method with my arrival data and press 'invoke' button,a page open and in it's url just is method name:
http:
but i need to parameters and values too.like this:
http:
i had seen in a book that has been written in vb language in visual studio that after executing the method and opening a page,arrival parameters and values been in url with method name.
i hope that explain my need clearly.
totally i have a script in mql language in another software that run this url:
http:
i want to insert this parameters('s' and 'd')in database.
so i build a webservice and wrote in .asmx page that code.
do i think right?
modified on Saturday, January 8, 2011 7:46 AM
|
|
|
|
|
I found the answer:
with Going to web.config and adding this code in system.web section:
<webServices>
<protocols>
<add name="HttpGet"/>
<add name="HttpPost"/>
</protocols>
</webServices>
good luck.
|
|
|
|
|
Try to read string from the registry - i get beck null all the time
Code:
public static string ReadStringFromRegistry( string hive, string key )
{
string strRetVal = null;
try
{
using( RegistryKey regKey = Registry.LocalMachine.OpenSubKey( hive ) )
{
if( null != regKey )
{
strRetVal = regKey.GetValue( key ) as string;
if( String.IsNullOrEmpty( strRetVal ) )
{
strRetVal = null;
Debug.Assert( false, "fail to read from the registry" );
}
}
}
}
catch( Exception e )
{
}
return strRetVal;
}
|
|
|
|
|
Your code is working fine for me, so there is nothing wrong with it. You probably have wrong input strings. Please check if "hive" and "key" are correct.
|
|
|
|
|
Thanks,
In the line
strRetVal = regKey.GetValue( key ) as string;
i get strRetVal as null.
|
|
|
|
|
So, what is the value that you expect to read? And of which type is it?
|
|
|
|
|
I read simple string that i created.
If i try to read some other string ( that i did not created ) from the next hive - i see that the result are ok.
Very Strange...
P.S: using win7 - and i check the premmision of the registry access.
|
|
|
|
|
Have you checked in the registry editor if your created string is somehow different from the one you are able to read? (is it of type REG_SZ?) I just tested creating one key and then read it back and it worked fine with XP.
|
|
|
|
|
|
when you swallow exceptions like you do, you deserve the trouble you're getting.
|
|
|
|
|
Dear All,
I am trying to log the methods using Aspect oriented progamming ( AOP) and custom attributes.
Use a class derived from ContextBoundObject with a custom attribute. IMessageSink and IContextProperty are aslo implemented to catch the sink messages. This sample worked fine.
But the problem is the this custom attributes work on class level only( i have already tried AttributeTargets.Method). So all methods will be logged. but i want only selected method by giving the attribute on methods.
Thanks
|
|
|
|
|
i am using below code to extract the files inside the zip folder.
getting an error while using copyHere method ..
after deleteing the folder i m trying to create a new one . and then copying from the zip file
but still it gives an error "File exist"
Please provide a solution thanks in advance
if (Directory.Exists(unzipFilePath))
{
Directory.Delete(unzipFilePath, true);
Directory.CreateDirectory(unzipFilePath);
}
else
{
Directory.CreateDirectory(unzipFilePath);
}
Shell objShell = new Shell();
Folder shellZipFile = objShell.NameSpace(zipFilePath);
Folder shellUnZipFile = objShell.NameSpace(uzipFilePath);
foreach (FolderItem zipFileitem in shellZipFile.Items())
{
shellUnZipFile.CopyHere(zipFileitem, 0);
}
This error is happening in a particular system
|
|
|
|