How to get the return value .asp to ajax

Question

Why can't I get the return value from .asp?

Here is my js:

$('#loginID').click(function(){ 
  var userID = $("#userId").val();
  var passID = $("#passwordId").val();

  var myURL = "http://ipaddress/asp/test2.asp";   

  $.ajax({
    type: "GET",    
    url: myURL,
    dataType: "JSON",
    data: {
      username: userID,
      password: passID,
    },
    success: function (response) {
        alert(response);    
    }
  });
});

my .asp:

<!--#include file="JSON_Conv.asp"-->
<%
Dim member
Set member = jsObject()

set conn=Server.CreateObject("ADODB.Connection")
conn.Open "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"       
set rs = Server.CreateObject("ADODB.recordset")
rs.Open "SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'",conn,1,3      
if (not rs.EOF) then
    member("userID") = rs("UserID")
    member("idMember") = rs("IDMember")
    member.Flush
else
    Response.Write(50)           
end if
rs.close
conn.Close 
%>

edit i just notice there's was a problem with my first js, i was doing a cross server ajax, but saw this guide http://www.codeproject.com/Articles/185506/AJAX-Cross-Origin-HTTP-request (reference for other people having same problem) dont forget to add the Response.AddHeader "Access-Control-Allow-Origin","*"

$('#loginID').click(function(){ 

    var userID = $("#userId").val();
    var passID = $("#passwordId").val();

    var myURL = "http://ipaddresss from other server"+userID+"&password="+passID;


    var cor = null; 

    if (window.XMLHttpRequest) {
    cor = new XMLHttpRequest();
    }
    else {
    alert("Your browser does not support Cross-Origin request!");
    return;
    }
    cor.onreadystatechange = function () {
    if (cor.readyState == 4) {
        var loko = cor.responseText;
        var obj = jQuery.parseJSON(loko);
        alert(obj.userID);

    }
    };

    cor.open('GET', myURL, true);
    cor.withCredential = "true";
    cor.send(null);

    });

anyway the problem is solved.. just need to improve my script

Answer 1

Looks as though you are using the aspjson.

Here is an example that should help.

<!--#include file="JSON_Conv.asp"-->
<%
Dim member, json
Set member = jsObject()

Dim conn, cmd, rs, sql
Dim userid, pwd

'Use POST in your ajax to hide logon values from the URL
userid = Request.Form("username") & ""
pwd = Request.Form("password") & ""

'Your connection string should be stored in an #include so it can be easily accessed.
conn = "Provider=SQLOLEDB.1;Password=password;Persist Security Info=True;User ID=userid;Initial Catalog=SMS;Data Source=127.0.0.1"

'Use parametrised queries instead of being left open to SQL injection.
sql = "SELECT * FROM USER_ID WHERE UserID = ? and password = ?"

Set cmd = Server.CreateObject("ADODB.Command")
With cmd
  'No need for ADODB.Connection object, ActiveConnection will instantiate it for us when the ADODB.Command is executed using the connection string.
  .ActiveConnection = conn
  .CommandType = adCmdText 'equals 1 if constants not defined
  .CommandText = sql
  'Assuming your fields (in order) are NVARCHAR with a length of 100 (change as appropriate.
  .Parameters.Append(.CreateParameter("@userid", adVarWChar, adParamInput, 100))
  .Parameters.Append(.CreateParameter("@password", adVarWChar, adParamInput, 100))
  Set rs = .Execute(, Array(userid, pwd))    

  If (Not rs.EOF) Then
    'Populate jsObject
    member("userID") = rs("UserID")
    member("idMember") = rs("IDMember")
  Else
    'Populate with error instead
    member("error") = 50
  End If
  Call rs.Close()
  Set rs = Nothing
End With
Set cmd = Nothing

'Serialize JSObject to a JSON string
json = toJSON(member)

'Output JSON response
Response.ContentType = "application/json"
Call Response.Write(json)
%>

---

Couple of things though

• If your not using ADO constants I would seriously recommend doing so the easiest and by far the best way to do this is Using METADATA to Import DLL Constants.

• Code like;

  "SELECT * FROM USER_ID where UserID = '" & Request.QueryString("username") & "' and password = '" & Request.QueryString("password") & "'"
  

  Is fraught with issues the main one being SQL Injection, by specifying Request.QueryString directly into your code you leave yourself / your client open to abuse. In the example above I switch to using ADODB.Command with defined parameters this way SQL knows what to expect and provides a ring fence for any value passed.