paris0000
Reputation: 53
Send stored procedure in ajax data
I need send stored procedure with parameter in ajax data.
Below is my example, after send get this error
Apostrophes real problem,any solution?
function sendData(userNameVal, procedureNameVal, jsonCallBackFunc) {
var stringVal = "wsInsertData N'EXECUTE carInsert N''160655'',N''data:image/png;base64,AAAAAAAAAAAA'',N''18602''', N'18602'";
$.ajax({
type: "POST",
url: 'helloService.asmx/myService',
data: "{userName:\"" + userNameVal + "\",procedureName:\"" + stringVal + "\",callback:\"" + jsonCallBackFunc + "\",}",
dataType: 'json',
contentType: 'application/json; charset=utf-8',
success: function (response) {
$('#lblError').html(JSON.stringify(response));
},
error: function (error) {
console.log(error);
}
});
}
Upvotes: 0
Views: 1790
Answers (2)
Vexen Crabtree
Reputation: 359
Security! All it takes is a user to edit the JSON response to the server and add their own SQL, and they can make your SQL server do anything they want. Pass whatever parameters you need, and have the server construct the Stored Proc after sanitizing possible crazy inputs from the client.
Upvotes: 1
fikkatra
Reputation: 5822
Before 'callback' you add a single quote ', which is not terminated.
Upvotes: 0
Related Questions
- How do I write JSON data to a file?
- How to manually send HTTP POST requests from Firefox or Chrome browser
- jQuery AJAX submit form
- Abort Ajax requests using jQuery
- Convert form data to JavaScript object with jQuery
- How do I POST JSON data with cURL?
- How to save a PNG image server-side, from a base64 data URI
- How to manage a redirect request after a jQuery Ajax call
- How can I get jQuery to perform a synchronous, rather than asynchronous, Ajax request?
- How does data binding work in AngularJS?