0

I have an HTML canvas on my page. When I click the canvas, a simple dot paints. I pass the coordinates into my InsertIntoDB function to enter the x and y coordinates into a MS SQL Server database, but it's not happening.

I can, however, place the C# call into an HTML

element and get it to work fine, so long as I use dummy xCoord and yCoord numbers and return something (not void).

My code is actually popping up the "Success!" alert, but when I run a SQL query, there was no INSERT. Here is the Code from Default.aspx: 

function insertIntoDB(x, y) {
        try
        {
            $.ajax({
                type: 'POST',
                url: 'Default.aspx/InsertPoints', 
                data: "{'xCoord': '" + x + "', 'yCoord': '" + y + "'}",

                //    '{"xCoord": "' + x + '", "yCoord": "' + y + '"}',
                success: function (data) {
                    alert("Success!");
                },
                error: function (XMLHttpRequest, textStatus, errorThrown) {
                    alert("Fail: " + textStatus);
                }
            });
        }
        catch (e)
        {
            alert(e);
        }
    }

Here is the C# code in Default.aspx.cs:

[WebMethod]
    public static void InsertPoints(int xCoord, int yCoord) {
        string myConn = "Data Source=MYDATABASEINFO;Initial Catalog=DATABASENAME;Integrated Security=False;User ID=USERID;Password=MYPASSWORD";
        SqlConnection myConnection = new SqlConnection(myConn);
        try
        {
            myConnection.Open();
            SqlCommand myCommand= new SqlCommand("INSERT INTO DRAW (xCoord, yCoord) " +
                "Values (" + xCoord + ", " + yCoord + ");", myConnection);

            myCommand.ExecuteNonQuery();

            myConnection.Close();
        } 
        catch(Exception e) 
        {
            Console.WriteLine(e.ToString());
        }
    }

Thanks for your help.

btalbot
  • 167
  • 9
  • Are you sure your INSERT statement is ok? – Maria Ines Parnisari Feb 06 '15 at 23:11
  • If you put a breakpoint to *catch* in your code you'll see the reason. – EZI Feb 06 '15 at 23:11
  • 2
    Are you catching an exception, and then writing it to the console, and then not seeing it? What happens if you replace that with `System.Diagnostics.Debug.WriteLine()` and check the Output window in VS? – mason Feb 06 '15 at 23:12
  • Yes @l19. If I return bool instead of void in InsertPoints(), and place that code in html in my Default.aspx (InsertPoints(77, 77) for example), it INSERTs them. I can run a SELECT * FROM DRAW query and sure enough it inserted the points. – btalbot Feb 06 '15 at 23:13
  • I'm actually not doing this in VS @mason. I am just editing in a text editor and remote logging and placing it on an external server. The only bit of code I am editing is these two files and uploading them to the server. Can I see those Console errors another way? (Or should I try doing the same thing on my own MS VS 2012 on another computer and see the line?) – btalbot Feb 06 '15 at 23:19
  • @EZI. Well I did put a break point in and it doesn't tell me anything (probably because I am not is VS), but no success message pops up anymore, so I suppose you're onto something. – btalbot Feb 06 '15 at 23:22
  • You should use Visual Studio, not really a reason not to. If you have VS 2012, that'll work fine. Or VS 2013 Express Web is free, or for many situations VS 2013 Community is free. Using VS, you can attach a remote debugger and see the diagnostic output. But if you don't want to do that, then you can write to a log file. – mason Feb 06 '15 at 23:23
  • 2
    Your code is possibly suseptible to a [SQL Injection](http://en.wikipedia.org/wiki/SQL_injection) attack, please take the time to make sure all your queries are [Parameterized](http://stackoverflow.com/questions/5468425/how-do-parameterized-queries-help-against-sql-injection). I would suspect that other methods you have written would allow SQL Injections based on this one example. – Erik Philips Feb 06 '15 at 23:41

3 Answers3

1

You are trying to send json data to server then you have to declare its content type.

add jquery ajax option for content type.

function insertIntoDB(x, y) {
        try
        {
            var data = {
                "xCoord": x,
                "yCoord": y
            };


            $.ajax({
                type: 'POST',
                url: 'Default.aspx/InsertPoints', 
                data: JSON.stringify(data), 
                contentType: 'application/json',
                success: function (data) {
                    alert("Success!");
                },
                error: function (XMLHttpRequest, textStatus, errorThrown) {
                    alert("Fail: " + textStatus);
                }
            });
        }
        catch (e)
        {
            alert(e);
        }
    }
JasonMArcher
  • 14,195
  • 22
  • 56
  • 52
Sameer Azazi
  • 1,503
  • 10
  • 16
0

Try creating an old school Web Service(.asmx file) and not a Web Page(.aspx file).

It will even be better if you create a WebApi endpoint. It is not good practice to use web pages for web services

Trekco
  • 1,246
  • 6
  • 17
0

Try change :

  data: "{'xCoord': '" + x + "', 'yCoord': '" + y + "'}",

to:

  data: {'xCoord': x , 'yCoord':  y },

and try add datatype:

  dataType: "json",
  contentType: 'application/json',
Irfan TahirKheli
  • 3,652
  • 1
  • 22
  • 36