0

我在一个 html(使用 xmlHttp.responseText)页面中创建了一个 javascript,我在该页面中从一个查询数据库(MSSQL)中用户名的用户编号的 aspx 页面请求一个值。当我加载 html (IE8) 时,我得到了这个“未知的运行时错误行:30”。应该是什么导致了问题?需要帮忙。这是我的代码:

  1. 这是 HTML 页面和 Javascript:

       <!DOCTYPE html>
   <html>
   <head>
   <script type="text/javascript">
   function showUsernum(str)
   {
      var xmlHttp;   
       if (str=="")
   {
    document.getElementById("textExists").innerHTML="";
    return;
    }
   if (window.xmlHttpRequest)
    {// code for IE7+, Firefox, Chrome, Opera, Safari
         xmlHttp=new xmlHttpRequest();
    }
 else
    {// code for IE6, IE5
         xmlHttp=new ActiveXObject("Microsoft.xmlHttp");
    }

  xmlHttp.onreadystatechange=function()
   {
      if (xmlHttp.readyState==4 && xmlHttp.status==200)
      {
    //alert(str);
          document.getElementById("textExists").innerHTML=xmlHttp.responseText;
      }
   }

   xmlHttp.open("GET","http://localhost/Base_Data/default.aspx?q="+str,true);
   xmlHttp.send();
 }
 </script>
 </head>
 <body>

<form action=""  method="post"> 
<label>UserName
<input type="text" name="textUser" id="textUser" onchange="showUsernum(this.value)">
</label>
</form>
<br/>
<div >
<form name="form1" method="post" action="">
<label>
<div id="textExists">Exists?</div>
</label>
</form>
</div>
</body>

  2. 这是我的 ASP 代码。

    protected void Page_Load(object sender, EventArgs e)
{
    Response.Expires = -1;
    SqlConnection conn;
            string connection = ConfigurationManager.ConnectionStrings ["BaseData"].ConnectionString;
            conn = new SqlConnection(connection);
            string sql = "SELECT USERNUM FROM useraccount WHERE USERNAME ='" + Request.QueryString["q"] + "'";
            SqlCommand cmd = new SqlCommand(sql, conn);

            conn.Open();
            string contNm = Convert.ToString(cmd.ExecuteScalar());
            Response.Write("textExists=" + contNm );

            conn.Close();

  }

真的很感激任何回应。谢谢你。

4

1 回答 1

0

The problem is that you're trying to assign whole page, including <html> tag and everything, into a single DOM element and IE doesn't really like that.

To have the server send only raw HTML without whole document you need to clear the Response. In addition you are not disposing properly of the database objects and you are exposed to SQL Injection attacks, so optimized code would be:

string connection = ConfigurationManager.ConnectionStrings ["BaseData"].ConnectionString;
using (SqlConnection conn = new SqlConnection(connection))
{
    conn.Open();
    string sql = "SELECT USERNUM FROM useraccount WHERE USERNAME=@user";
    string contNm = "";
    using (SqlCommand cmd = new SqlCommand(sql, conn))
    {
        cmd.Parameters.AddWithValue("@user", Request.QueryString["q"]);
        contNm = Convert.ToString(cmd.ExecuteScalar());
    }
    Response.Clear();
    Response.Write("textExists=" + contNm);
    Response.End();
    conn.Close();
}
于 2012-08-31T08:19:53.610 回答