0

I am consuming Wcf Rest Service into Angular JS Application . I am trying to retrieve a single record from sql database though Wcf Service in Angular JS Application . I debug the application i got following errors. 

 System.Data.SqlClient.SqlException occurred
  HResult=0x80131904
  Message=Unclosed quotation mark after the character string '{Account_Number}16'.
Incorrect syntax near '{Account_Number}16'.
  Source=.Net SqlClient Data Provider
  StackTrace:
<Cannot evaluate the exception stack trace>

Here is the interface .

   [OperationContract]
   [WebInvoke(Method = "POST",
   RequestFormat = WebMessageFormat.Json,
   ResponseFormat = WebMessageFormat.Json,
   UriTemplate = "/GetAccountDetails/{Account_Number}")]
    string  GetAccountDetails(string Account_Number);

Here is the Implementation.

 public string GetAccountDetails(string Account_Number)
        {
            List<object> customers = new List<object>();
            string sql = "SELECT * FROM Current_Account_Holder_Details WHERE Account_Number = '"+ Account_Number;
            using (SqlConnection conn = new SqlConnection())
            {
                conn.ConnectionString = ConfigurationManager.ConnectionStrings["DBCS"].ConnectionString;
                using (SqlCommand cmd = new SqlCommand(sql))
                {
                    cmd.Parameters.AddWithValue("@Account_Number", Account_Number);
                    cmd.Connection = conn;
                    conn.Open();
                    using (SqlDataReader sdr = cmd.ExecuteReader())
                    {
                        while (sdr.Read())
                        {

                            customers.Add(new
                            {
                                Tittle = sdr["Tittle"],
                                Account_Holder_First_Name = sdr["Account_Holder_First_Name"],
                                Account_Holder_Last_Name = sdr["Account_Holder_Last_Name"],
                                Account_Holder_DOB = sdr["Account_Holder_DOB"],
                                Account_Holder_House_No = sdr["Account_Holder_House_No"],
                                Account_Holder_Street_Name = sdr["Account_Holder_Street_Name"],
                                Account_Holder_Post_Code = sdr["Account_Holder_Post_Code"],

                                Account_Holder_Occupation = sdr["Account_Holder_Occupation"],
                                Account_Number = sdr["Account_Number"]



                            });
                        }
                    }
                    conn.Close();
                }

                return (new JavaScriptSerializer().Serialize(customers));
            }

        }

Here is the screen shot on debugging mode when i click the button with value.

Click here to see the out put

Here is the script code .

var app = angular.module("WebClientModule", [])
    .controller('Web_Client_Controller', ["$scope", 'myService', function ($scope, myService) {
        var Account_Number = $scope.Account_Number;
    $scope.search = function (Id) {
        var promisePostSingle = myService.postbyId(Id);

        promisePostSingle.then(function (pl) {
            var res = pl.data;
            $scope.Account_Number = res.Account_Number;
            $scope.Account_Creation_Date = res.Account_Creation_Date;
            $scope.Account_Type = res.Account_Type;
            $scope.Branch_Sort_Code = res.Branch_Sort_Code;
            $scope.Account_Fees = res.Account_Fees;
            $scope.Account_Balance = res.Account_Balance;
            $scope.Over_Draft_Limit = res.Over_Draft_Limit;

            //   $scope.IsNewRecord = 0;
        },
            function (errorPl) {
                console.log('failure loading Employee', errorPl);
            });
    }
    }]);




app.service("myService", function ($http) {

    this.postbyId = function (Id) {
        return $http.post("http://localhost:52098/HalifaxIISService.svc/GetAccountDetails/{Account_Number}" + Id);
    };
   })

Here is the HTML CODE .

@{
    Layout = null;
}

<!DOCTYPE html>

<html ng-app="WebClientModule">
<head>
    <meta name="viewport" content="width=device-width" />

    <title>AccountBalance</title>
    <script src="~/Scripts/angular.min.js"></script>

    <script src="~/RegistrationScript/AccountBalance.js"></script>
</head>
<body>
    <div data-ng-controller="Web_Client_Controller">
        Enter Account_Number: <input type="text" ng-model="Account_Number" />
        <input type="button"  value="search" ng-click="search(Account_Number)" />

            <table id="tblContainer">
                <tr>
                    <td>
                        <table style="border: solid 2px Green; padding: 5px;">
                            <tr style="height: 30px; background-color: skyblue; color: maroon;">
                                <th></th>
                                <th>Account Number</th>
                                <th>Account Creation Date</th>
                                <th>Account Type</th>
                                <th>Branch Sort Code</th>
                                <th>Account Fees</th>
                                <th>Account Balance</th>
                                <th>Over Draft Limit</th>

                                <th></th>
                                <th></th>
                            </tr>
                            <tbody data-ng-repeat="user in Users">
                                <tr>
                                    <td></td>
                                    <td><span>{{user.Account_Number}}</span></td>
                                    <td><span>{{user.Account_Creation_Date}}</span></td>
                                    <td><span>{{user.Account_Type}}</span></td>
                                    <td><span>{{user.Branch_Sort_Code}}</span></td>

                                    <td><span>{{user.Account_Fees}}</span></td>
                                    <td><span>{{user.Account_Balance}}</span></td>
                                    <td><span>{{user.Over_Draft_Limit}}</span></td>
                                    <td>

                                </tr>
                            </tbody>
                        </table>
                    </td>
                </tr>
                <tr>
                    <td></td>
                </tr>
                <tr>
                    <td>

                        <div style="color: red;">{{Message}}</div>

                    </td>
                </tr>
            </table>
        </div>
        </body>


</html>
<script src="~/RegistrationScript/AccountBalance.js"></script>
  • Hi there again :) `return $http.post("http://localhost:52098/HalifaxIISService.svc/GetAccountDetails/{Account_Number}" + Id);` should probably be `return $http.post("http://localhost:52098/HalifaxIISService.svc/GetAccountDetails/" + Id);` now that you have the param in the server side uri hopefully it gets picked up – shaunhusain Dec 05 '17 at 01:57

1 Answers1

1

This is your code:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = '"+ Account_Number;

It should be:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = '"+ Account_Number + "'"; // <-- see the missing closing quotation

Use parameters to avoid sql injection.

EDIT

Since you are already using SqlParameter like this: cmd.Parameters.AddWithValue("@Account_Number", Account_Number);

change your query to this:

string sql = "SELECT * FROM Current_Account_Holder_Details 
              WHERE Account_Number = @Account_Number";
CodingYoshi
  • 25,467
  • 4
  • 62
  • 64
  • Also this just found this as well. – shaunhusain Dec 05 '17 at 01:58
  • Looks like the OP has `cmd.Parameters.AddWithValue("@Account_Number", Account_Number);` but no reference to @Account_Number in the sql – shaunhusain Dec 05 '17 at 02:05
  • can you explian –  Dec 05 '17 at 02:07
  • @Mohammad please see my edit. I just noticed and shaunhusain commented about it as well that you are using sql parameter. Please use my edit because it is better. – CodingYoshi Dec 05 '17 at 02:16
  • Can you check this question . –  Dec 05 '17 at 02:22
  • @Mohammad sorry but that is a new question. Please create another question and add details to it. Either I or someone else will be able to help you. If I answer it here, it will not make sense because your original question was about something else and other people will get confused. – CodingYoshi Dec 05 '17 at 02:36