0

I am trying to make a small, data-driven widget that is populated with data from a database on the fly. I can load it initially just fine, but when the index of an ASP DropDownMenu is changed, the widget returns a 404.

This could be a symptom of how I am using the Javascript, or how I am using the ASP. I honestly don't know for sure.

Javascript: http://pastebin.com/f127d6b84
ASP: http://pastebin.com/f38c73708
VB.NET codebehind: http://pastebin.com/f7881a903

4

2 回答 2

1

If the postback is returning 404, I'd look at the url that you're sending the postback to.

http://webwidgetstest.reeceandnichols.com/rDeskWidgetMLSt.aspx?agentname=jendene
于 2008-12-03T16:56:41.263 回答
0

Also your widget has some security issues going on, namely SQL Injection.

Dim SelectString As String = "select ListingNumber, ListingSearchHitCount, ListingDetailHitCount, VirtualTourHitCount from FNIS.dbo.ListingHitCountCurrent, RAN.dbo.Heartland_Residential where Heartland_Residential.LIST_AGENT_1_ID = '" & Request("agentname") & "' and Heartland_Residential.MLS_Number = FNIS.dbo.ListingHitCountCurrent.ListingNumber and Heartland_Residential.Status = 'A'"

This inline SQL statement is not parameterizing the Request("agentname") field.

于 2008-12-03T16:59:38.467 回答