0

I am using following JavaScript: 

jQuery(document).ready(function ($) {
    $(function () {
        $.ajax({
            type: "POST",
            url: "candidate-job-alert.aspx/GetJobalerts",
            data: '{}',
            contentType: "application/json; charset=utf-8",
            dataType: "json",
            success: OnSuccess
        });
    });
});

function OnSuccess(response) {

    var xmlDoc = $.parseXML(response.d);
    var xml = $(xmlDoc);
    console.log(xml);
    var customers = xml.find("Table");
    console.log(customers);
    var row = $("[id*=CandidateAlerts] tr:last-child").clone(true);
    $("[id*=CandidateAlerts] tr").not($("[id*=CandidateAlerts] tr:first-child")).remove();
    $.each(customers, function () {
        var customer = $(this);
        AppendRow(row, $(this).find("alert_name").text(), $(this).find("keywords").text(), $(this).find("job_location").text(), $(this).find("job_category").text(), $(this).find("job_type").text(), $(this).find("email_frequency").text())
        row = $("[id*=CandidateAlerts] tr:last-child").clone(true);
    });
}

function AppendRow(row, alertname, keyword, joblocation, jobcategory, jobtype, emailfrequency) {

    //Bind alert_name.
    $(".alert_name", row).find("span").html(alertname);
    $(".alert_name", row).find("input").val(alertname);

    //Bind keywords.
    $(".keywords", row).find("span").html(keyword);
    $(".keywords", row).find("input").val(keyword);

    //Bind job_location.
    $(".job_location", row).find("span").html(joblocation);
    $(".job_location", row).find("input").val(joblocation);

    //Bind job_category.
    $(".job_category", row).find("span").html(jobcategory);
    $(".job_category", row).find("input").val(jobcategory);

    //Bind job_type.
    $(".job_type", row).find("span").html(jobtype);
    $(".job_type", row).find("input").val(jobtype);

    //Bind email_frequency.
    $(".email_frequency", row).find("span").html(emailfrequency);
    $(".email_frequency", row).find("input").val(joblocation);
    $("[id*=CandidateAlerts]").append(row);
}

This is my C# code:

using System;
using System.Collections.Generic;
using System.Configuration;
using System.Data;
using System.Data.SqlClient;
using System.Linq;
using System.Web;
using System.Web.Services;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class candidate_job_alert : System.Web.UI.Page
{
    string connectionString = ConfigurationManager.ConnectionStrings["JobMonsterConnectionString1"].ConnectionString;
    string strg;
    SqlCommand cms;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["Email"] != null)
        {

            try
            {
                this.BindDummyRow();
                //memberimg();
                //lblRows.Text = getjobalerts();

            }
            catch (Exception ex)
            {
                string script = "<script>alert('" + ex.Message + "');</script>";

            }

        }

    }
    private void BindDummyRow()
    {
        DataTable dummy = new DataTable();
        dummy.Columns.Add("alert_name");
        dummy.Columns.Add("keywords");
        dummy.Columns.Add("job_location");
        dummy.Columns.Add("job_category");
        dummy.Columns.Add("job_type");
        dummy.Columns.Add("email_frequency");
        dummy.Rows.Add();
        CandidateAlerts.DataSource = dummy;
        CandidateAlerts.DataBind();
    }

    [WebMethod]
public static string GetJobalerts()
{
    string query = "SELECT alert_name, keywords, job_location, job_category, job_type, email_frequency FROM candidate_job_alerts where candidate_id = @CandidateId";
    SqlCommand cmd = new SqlCommand(query);
    cmd.Parameters.AddWithValue("@CandidateId", Session["candidate_id"]);
    string constr = ConfigurationManager.ConnectionStrings["JobMonsterConnectionString1"].ConnectionString;
    using (SqlConnection con = new SqlConnection(constr))
    {
        using (SqlDataAdapter sda = new SqlDataAdapter())
        {
            cmd.Connection = con;
            sda.SelectCommand = cmd;
            using (DataSet ds = new DataSet())
            {
                sda.Fill(ds);
                return ds.GetXml();
            }
        }
    }
}
}

I am getting the following error:

Compiler Error Message: CS0120: An object reference is required for the non-static field, method, or property 'System.Web.UI.Page.Session.get'

Line 55: string query = "SELECT alert_name, keywords, job_location, job_category, job_type, email_frequency FROM candidate_job_alerts where candidate_id='" + Session["candidate_id"] + "'";

Heretic Monkey
  • 11,687
  • 7
  • 53
  • 122
mohsin shabir
  • 11
  • 4
  • Please don't use string concatenation for queries - use [query parameterisation](http://csharp-station.com/Tutorial/AdoDotNet/Lesson06). – Rudi Visser Nov 16 '16 at 18:14
  • The error message tells you that you need a Session instance – aw04 Nov 16 '16 at 18:15
  • Possible duplicate of [How can I get the value of a session variable inside a static method?](http://stackoverflow.com/questions/2577183/how-can-i-get-the-value-of-a-session-variable-inside-a-static-method) – nickles80 Nov 16 '16 at 18:17
  • Change `type: "POST",` to `type: "get",` – Hackerman Nov 16 '16 at 18:17

1 Answers1

0

As mentioned in my comment, you need to use query parameterisation rather than concatenation otherwise you are open to a plethora of SQL Injection attacks.

The issue with your reference to Session is that your method is static, so you cannot access instance members (such as Session and anything else) of the System.Web.UI.Page. Make it an instance member instead of static should make your code work fine, I can't see any reason for it to be static, nor a POST request.

[WebMethod]
public string GetJobalerts()
{
    string query = "SELECT alert_name, keywords, job_location, job_category, job_type, email_frequency FROM candidate_job_alerts where candidate_id = @CandidateId";
    SqlCommand cmd = new SqlCommand(query);
    cmd.Parameters.AddWithValue("@CandidateId", Session["candidate_id"]);

    // ..
}
Rudi Visser
  • 21,350
  • 5
  • 71
  • 97