Why i can not use string dataType as input argument in webmethod in vb.net

StackOverflow https://stackoverflow.com/questions/18219817

Question

i implemented a webservice with vb.net

method is like this

Public Class WebService
    Inherits System.Web.Services.WebService

    <WebMethod()> _
    Public Function INSERT_NEW(ByVal i As Integer, ByVal f As String) As String
        Dim con As New OleDbConnection
        Dim cmd As New OleDbCommand
        Try
            con.ConnectionString = ConfigurationManager.ConnectionStrings("WebConnectionSTR").ToString
            'Dim strMdbPath As String = "C:\Users\Hossein\Documents\Visual Studio 2010\WebSites\WebSite1\"
            'Dim strProvider As String = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
            'Dim strDBFile As String = "db.mdb"
            cmd.Connection = con
            cmd.CommandText = "insert into tb values (" & i & ",'" & f & "')"
            con.Open()
            cmd.ExecuteNonQuery()
            con.Close()
            Return "1"
        Catch ex As Exception
            con.Close()
            Return "0"
        End Try
    End Function
End Class

it works if i run it and invoke it

but when i create a windows application i occured with an unkown problem because i used 2 (integer and string) input parameters in web method as input parameters, INSERT_NEW(byval i as integer,byval f as string) as string

it didnt work

Imports wsdl.Myservice

Public Class Form1

    Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
        Dim s As WebServiceSoap = New WebServiceSoapClient

        lblAdd.Text = s.INSERT_NEW(txt1.Text, txt2.Text)


    End Sub
End Class

but when i change the input argument in web method to INTEGER it works properly

is it a limitation to use data types in web method in web service OR i did something wrong???

i added these 3 photos to show you the exact error that i get.

enter image description here enter image description here enter image description here

Was it helpful?

Solution 2

Finally i found the answer myself

Imports wsdl.Myservice

Imports System.Reflection

Public Class Form1

Private Sub btnAdd_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnAdd.Click
    Dim s As WebServiceSoap = New WebServiceSoapClient
    Dim method As MethodInfo = s.GetType().GetMethod("INSERT_NEW")
    Dim returnValue As Integer = method.Invoke(s, New Object() {CInt(txt1.Text), txt2.Text})

    lblAdd.Text = returnValue

End Sub

End Class

OTHER TIPS

You declare your webmethod to receive an Integer and a String. So you should pass an Integer and a String, but your code tries to pass two strings. You should respect the signature of the webmethod and pass the parameters as expected

lblAdd.Text = s.INSERT_NEW(Convert.ToInt32(txt1.Text), txt2.Text)

Of course, here I am assuming that the string in txt1.Text is convertible in an integer.

Said that I wish to point your attention to a very big problem of your code: What happen if a malicious user pass for the parameter f the following string

"xxxxx');DELETE FROM tb; --"

It is called Sql Injection and could wreak havoc with your database. Try to use ALWAYS a parameterized query when you receieve input from your users and pass it to a database command

Using con = New OleDbConnection(ConfigurationManager.ConnectionStrings("WebConnectionSTR").ConnectionString)
Using cmd = New OleDbCommand("insert into tb values (?, ?)", con)
Try
    con.Open()
    cmd.Parameters.AddWithValue("@p1",i) 
    cmd.Parameters.AddWithValue("@p2",f) 
    cmd.ExecuteNonQuery()
    Return "1"
Catch ex As Exception
    Return "0"
End Try
End Using
End Using
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top