How can I get all the returned values of an execution a query (SELECT) through an XML

Question

0.00/5 (No votes)

See more:

Hello community

I have an application on visual basic(VS2008) and the use a service web. the application have 3 functions.

1.The tyipical hello word

2.show data from a table

3.inserts datas

In the second function is wrote this way

VB

<WebMethod()> _
   Public Function SelectData(ByVal Obra As String)
        Dim Con As String
        Dim command As String
        Dim result As String
        Dim fieldname As String = "Description"
        command = "select Description from Site where Code='" + code.Trim() + "'"
        result = ""
        Using connection As New SqlConnection(Con)
            Dim query As New SqlCommand(command, connection)
            connection.Open()

            Dim reader As SqlDataReader = query.ExecuteReader()
            While reader.Read()
                'revisar si asignacion es correcta en el lenguaje visual
                result = reader.Item(fieldname).ToString
            End While
            reader.Close()
        End Using
        Return result
    End Function

here call the method

VB

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    Dim serv As New Servicio.Service1
    Dim resultadoserv As Xml.XmlElement

     TextBox3.Text = serv.SelectData(TextBox2.Text)

End Sub

And the Web service return this result by internet explorer

XML

<?xml version="1.0" encoding="UTF-8"?>
<anyType xmlns="http://tempuri.org/" xmlns:d1p1="http://www.w3.org/2001/XMLSchema-instance" d1p1:type="q1:string" xmlns:q1="http://www.w3.org/2001/XMLSchema">QUERY RESULT </anyType>

How can I get two o more results in xml response on differents tags?
if need more information to understand the problem let me know please.

Greetings people.

Posted 13-Oct-14 6:25am

Salomon Pineda Silva

Updated 13-Oct-14 7:34am

v2

Add a Solution

Comments

[no name] 13-Oct-14 12:33pm

Your result will only have one string no matter what is in your database, as written. Do you really mean result += reader.Item(fieldname).ToString()?

Salomon Pineda Silva 13-Oct-14 13:08pm

and i should declare a result more ?

[no name] 13-Oct-14 14:18pm

declare a result more than what?

Richard Deeming 13-Oct-14 13:27pm

Your service code is susceptible to SQL Injection[^].

Consider what would happen if I passed the following value to the Obra parameter:
';DELETE FROM Site;--

NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query instead.

Salomon Pineda Silva 13-Oct-14 13:36pm

i changed the parameter, i forgot to change it.

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

How can I get all the returned values ​​of an execution a query (SELECT) through an XML

Add your solution here

Preview 0

Existing Members

...or Join us

How can I get all the returned values of an execution a query (SELECT) through an XML