12,162
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
mjt2000mjt 2006-06-20
- 打赏
- 举报
哈哈,谢谢各位大哥了,终于弄好了。。。。
sql那里只是一个测试的,会改的。。。
现在客户端是php的程序,服务器端是asp的。。。。。。。。。。。。
sql那里只是一个测试的,会改的。。。
现在客户端是php的程序,服务器端是asp的。。。。。。。。。。。。
yangfengxin 2006-06-20
- 打赏
- 举报
太负责了.
fangzhe 2006-06-20
- 打赏
- 举报
验证当然要在服务器~密码不要发到客户端,不然别有用心的人可以写个程序把密码都取出来
你的SQL有注入问题,注意把strxxx里的引号Replace掉
把Response.Write('<password>' + objRS("password") + '</password>')注释掉
返回一个Token元素就可以了(就是服务器随机生成个token(GUID一类的,比较难穷举破解的),然后在内存中建立个user-token的对应,客户如果发这个token过来就知道是谁了)
你的SQL有注入问题,注意把strxxx里的引号Replace掉
把Response.Write('<password>' + objRS("password") + '</password>')注释掉
返回一个Token元素就可以了(就是服务器随机生成个token(GUID一类的,比较难穷举破解的),然后在内存中建立个user-token的对应,客户如果发这个token过来就知道是谁了)
mjt2000mjt 2006-06-19
- 打赏
- 举报
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=GB2312">
<TITLE>SOAP应用程序</TITLE>
<SCRIPT language="JavaScript">
// 服务端SOAP应用程序名称
var strSOAPListener = "http://localhost/aaa/SOAPListener.asp"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 发送SOAP请求信息
function SOAPRequestMessage(strMethod, strTag, strValue,strTag1,strpass1){
// 建立HttpRequest对象
var httpObj = new ActiveXObject("MSXML2.XMLHTTP.4.0")
// 建立SOAP方法
var strSOAPAction = strSOAPURI + "#" + strMethod
// 打开HTTP链接
httpObj.Open("POST", strSOAPListener, false, "", "")
// 新增HTTP标头
httpObj.setRequestHeader("SOAPAction", strSOAPAction)
httpObj.setRequestHeader("Content-Type","text/xml")
// 建立SOAP请求信息
var strBody = '<?xml version="1.0" encoding="GB2312"?>'
strBody = strBody + '<SOAP-ENV:Envelope xmlns:SOAP-ENV='
strBody = strBody + '"http://schemas.xmlsoap.org/soap/envelope">'
strBody = strBody + '<SOAP-ENV:Body>';
strBody = strBody + '<m:' + strMethod +' xmlns:m='+'"'+ strSOAPURI +'">'
strBody = strBody + '<' + strTag + '>' + strValue + '</' + strTag + '>'
strBody = strBody + '<' + strTag1 + '>' + strpass1 + '</' + strTag1 + '>'
strBody = strBody + '</m:' + strMethod +'>'
strBody = strBody + '</SOAP-ENV:Body>'
strBody = strBody + '</SOAP-ENV:Envelope>'
// 使用HttpRequest发送SOAP信息
httpObj.Send (strBody)
// 获取响应的XML DOM
if (httpObj.ResponseXML.xml != "")
return httpObj.ResponseXML
}
// 获取图书的详细资料
function getBookDetail(){
// 获取查询的书号
var strCode = getCode.value
var strpass = pass.value
window.status="发送SOAP请求 ......"
// 获取响应的资料
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,'password',strpass)
// 获取资料的内容 - Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 取出各元素节点
var nodeadmin = objBody.selectSingleNode("//admin")
var nodepassword = objBody.selectSingleNode("//password")
// var nodeflag = objBody.selectSingleNode("//flag")
//var nodeflag = objBody.selectSingleNode("//flag")
var nodestatus = objBody.selectSingleNode("//status")
// 显示详细资料
//admin.innerHTML = strCode
//pass.innerHTML = strpass
//document.write (strpass);
admin.innerHTML = nodeadmin.text
password.innerHTML = nodepassword.text
// author.innerHTML = nodeAuthor.text
//flag.innerHTML = nodeflag.text
window.status = ""
}
</SCRIPT>
</HEAD>
<BODY>
<H1><B>SOAP应用程序</B></H1>
<TABLE bgcolor="#CCCC99" width="300">
<TR><TD VALIGN=TOP><FONT size=2>用户名:</FONT>
<INPUT id="getCode" type="Text" size=5>
<INPUT id="pass" type="Text" size=5>
</TD><TD><input type="Button" value="查询" onClick="getBookDetail()">
</TD></TR>
</TABLE>
<H2>显示信息</H2>
<TABLE>
<TR>
<TD ALIGN="LEFT"><B>用户名: </B></TD>
<TD><DIV id="admin"></DIV></TD>
</TR><TR>
<TD ALIGN="LEFT"><B>密码: </B></TD>
<TD><DIV id="password"></DIV></TD>
</TR>
<TD ALIGN="LEFT"><B> </B></TD>
<TD><DIV id="flag"></DIV></TD>
</TR>
</TABLE>
</BODY>
</HTML>
########################以上是default.htm#######################################
######################asp服务器响应程序SOAPListener.asp########################
<% @LANGUAGE="JavaScript" %>
<%
// 响应XML文件
Response.ContentType="text/xml"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 获取数据表的记录建立成为XML文件
function getBookDetail(strCode,strpass){
// 查询数据库的图书详细资料
//SoapRequest="admin="+admin+"+password="+password
var strSQL = "SELECT * FROM shop_admin WHERE admin='" + strCode + "' and password='" + strpass + "' "
//var strSQL = "select * from shop_admin where admin='"&strCode&"'and password='" + strpass1 + "' "
var strDSN = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" + Server.MapPath("lashow.mdb")
var objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open(strSQL, strDSN)
// 建立SOAP响应信息
Response.Write('<?xml version="1.0" encoding="GB2312"?>')
Response.Write('<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope">')
Response.Write('<SOAP-ENV:Body>')
Response.Write('<m:getBookDetailResponse xmlns:m='+'"'+strSOAPURI+'">')
Response.Write('<book admin="' + strCode + ' " >' )
Response.Write('<admin>' + objRS("admin") + '</admin>')
// Response.Write('<flag>' + 'ok' + '</flag>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('<book password="' + strpass + '">')
Response.Write('<password>' + objRS("password") + '</password>')
// Response.Write('<flag>' + 'ok' + '</flag>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('</m:getBookDetailResponse>')
Response.Write('</SOAP-ENV:Body>')
Response.Write('</SOAP-ENV:Envelope>')
objRS.Close()
}
// 建立XML DOM对象
var objSOAPEnvelope = Server.CreateObject("MSXML2.DOMDocument.4.0")
// 加载SOAP信息
objSOAPEnvelope.async = false
objSOAPEnvelope.load (Request)
objSOAPEnvelope.setProperty("SelectionLanguage", "XPath")
// 获取HTTP标头的SOAP方法
var strMethod = new String(Request.ServerVariables("HTTP_SOAPACTION"))
var strHTTPMethod = strMethod.substring(strMethod.lastIndexOf("#") + 1, strMethod.length)
// 获取Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 获取其子元素
var objMethod = objBody.firstChild
var strSOAPMethod = objMethod.baseName
// HTTP标头和SOAP信息的方法是否相同
if (strHTTPMethod == strSOAPMethod){
switch (strSOAPMethod){
case "getBookDetail":
var objNode = objBody.selectSingleNode("//admin")
var objNode = objBody.selectSingleNode("//password")
getBookDetail(objNode.text)
break
default:
// 定义其他的方法
}
}
%>
我现在sql语句那里,如果把password=strpass去掉,就可以返回用户跟密码值,但是加上去就不行,还有验证在客户端可以吗?
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=GB2312">
<TITLE>SOAP应用程序</TITLE>
<SCRIPT language="JavaScript">
// 服务端SOAP应用程序名称
var strSOAPListener = "http://localhost/aaa/SOAPListener.asp"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 发送SOAP请求信息
function SOAPRequestMessage(strMethod, strTag, strValue,strTag1,strpass1){
// 建立HttpRequest对象
var httpObj = new ActiveXObject("MSXML2.XMLHTTP.4.0")
// 建立SOAP方法
var strSOAPAction = strSOAPURI + "#" + strMethod
// 打开HTTP链接
httpObj.Open("POST", strSOAPListener, false, "", "")
// 新增HTTP标头
httpObj.setRequestHeader("SOAPAction", strSOAPAction)
httpObj.setRequestHeader("Content-Type","text/xml")
// 建立SOAP请求信息
var strBody = '<?xml version="1.0" encoding="GB2312"?>'
strBody = strBody + '<SOAP-ENV:Envelope xmlns:SOAP-ENV='
strBody = strBody + '"http://schemas.xmlsoap.org/soap/envelope">'
strBody = strBody + '<SOAP-ENV:Body>';
strBody = strBody + '<m:' + strMethod +' xmlns:m='+'"'+ strSOAPURI +'">'
strBody = strBody + '<' + strTag + '>' + strValue + '</' + strTag + '>'
strBody = strBody + '<' + strTag1 + '>' + strpass1 + '</' + strTag1 + '>'
strBody = strBody + '</m:' + strMethod +'>'
strBody = strBody + '</SOAP-ENV:Body>'
strBody = strBody + '</SOAP-ENV:Envelope>'
// 使用HttpRequest发送SOAP信息
httpObj.Send (strBody)
// 获取响应的XML DOM
if (httpObj.ResponseXML.xml != "")
return httpObj.ResponseXML
}
// 获取图书的详细资料
function getBookDetail(){
// 获取查询的书号
var strCode = getCode.value
var strpass = pass.value
window.status="发送SOAP请求 ......"
// 获取响应的资料
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,'password',strpass)
// 获取资料的内容 - Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 取出各元素节点
var nodeadmin = objBody.selectSingleNode("//admin")
var nodepassword = objBody.selectSingleNode("//password")
// var nodeflag = objBody.selectSingleNode("//flag")
//var nodeflag = objBody.selectSingleNode("//flag")
var nodestatus = objBody.selectSingleNode("//status")
// 显示详细资料
//admin.innerHTML = strCode
//pass.innerHTML = strpass
//document.write (strpass);
admin.innerHTML = nodeadmin.text
password.innerHTML = nodepassword.text
// author.innerHTML = nodeAuthor.text
//flag.innerHTML = nodeflag.text
window.status = ""
}
</SCRIPT>
</HEAD>
<BODY>
<H1><B>SOAP应用程序</B></H1>
<TABLE bgcolor="#CCCC99" width="300">
<TR><TD VALIGN=TOP><FONT size=2>用户名:</FONT>
<INPUT id="getCode" type="Text" size=5>
<INPUT id="pass" type="Text" size=5>
</TD><TD><input type="Button" value="查询" onClick="getBookDetail()">
</TD></TR>
</TABLE>
<H2>显示信息</H2>
<TABLE>
<TR>
<TD ALIGN="LEFT"><B>用户名: </B></TD>
<TD><DIV id="admin"></DIV></TD>
</TR><TR>
<TD ALIGN="LEFT"><B>密码: </B></TD>
<TD><DIV id="password"></DIV></TD>
</TR>
<TD ALIGN="LEFT"><B> </B></TD>
<TD><DIV id="flag"></DIV></TD>
</TR>
</TABLE>
</BODY>
</HTML>
########################以上是default.htm#######################################
######################asp服务器响应程序SOAPListener.asp########################
<% @LANGUAGE="JavaScript" %>
<%
// 响应XML文件
Response.ContentType="text/xml"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 获取数据表的记录建立成为XML文件
function getBookDetail(strCode,strpass){
// 查询数据库的图书详细资料
//SoapRequest="admin="+admin+"+password="+password
var strSQL = "SELECT * FROM shop_admin WHERE admin='" + strCode + "' and password='" + strpass + "' "
//var strSQL = "select * from shop_admin where admin='"&strCode&"'and password='" + strpass1 + "' "
var strDSN = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" + Server.MapPath("lashow.mdb")
var objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open(strSQL, strDSN)
// 建立SOAP响应信息
Response.Write('<?xml version="1.0" encoding="GB2312"?>')
Response.Write('<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope">')
Response.Write('<SOAP-ENV:Body>')
Response.Write('<m:getBookDetailResponse xmlns:m='+'"'+strSOAPURI+'">')
Response.Write('<book admin="' + strCode + ' " >' )
Response.Write('<admin>' + objRS("admin") + '</admin>')
// Response.Write('<flag>' + 'ok' + '</flag>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('<book password="' + strpass + '">')
Response.Write('<password>' + objRS("password") + '</password>')
// Response.Write('<flag>' + 'ok' + '</flag>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('</m:getBookDetailResponse>')
Response.Write('</SOAP-ENV:Body>')
Response.Write('</SOAP-ENV:Envelope>')
objRS.Close()
}
// 建立XML DOM对象
var objSOAPEnvelope = Server.CreateObject("MSXML2.DOMDocument.4.0")
// 加载SOAP信息
objSOAPEnvelope.async = false
objSOAPEnvelope.load (Request)
objSOAPEnvelope.setProperty("SelectionLanguage", "XPath")
// 获取HTTP标头的SOAP方法
var strMethod = new String(Request.ServerVariables("HTTP_SOAPACTION"))
var strHTTPMethod = strMethod.substring(strMethod.lastIndexOf("#") + 1, strMethod.length)
// 获取Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 获取其子元素
var objMethod = objBody.firstChild
var strSOAPMethod = objMethod.baseName
// HTTP标头和SOAP信息的方法是否相同
if (strHTTPMethod == strSOAPMethod){
switch (strSOAPMethod){
case "getBookDetail":
var objNode = objBody.selectSingleNode("//admin")
var objNode = objBody.selectSingleNode("//password")
getBookDetail(objNode.text)
break
default:
// 定义其他的方法
}
}
%>
我现在sql语句那里,如果把password=strpass去掉,就可以返回用户跟密码值,但是加上去就不行,还有验证在客户端可以吗?
mjt2000mjt 2006-06-19
- 打赏
- 举报
谢谢楼上大哥教诲,只是比较急,我自己现在改到,可以把数据库的用户名跟密码返回到客户端,但是我还不清楚,验证的话在那边验证,怎么验证,主要我是对xml不懂,~~~~~~~~~~
fangzhe 2006-06-19
- 打赏
- 举报
你要是连这个都让别人帮你改,你就永远也学不会了
asp里
// 查询数据库的图书详细资料那里的SQL改改
// 建立SOAP响应信息后面的XML改改
html里
// 建立SOAP请求信息这里的XML改改,和asp那个对应
function getBookDetail(){}内容改成,就可以凑合看结果了;然后再仿写
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,strpass,status)
// 获取资料的内容 - Body元素
xxx.innerText = objSOAPEnvelope.documentElement.firstChild.text
xxx是一个Text之类的东西
最后修改那些URI之类的,注意要配套
asp里
// 查询数据库的图书详细资料那里的SQL改改
// 建立SOAP响应信息后面的XML改改
html里
// 建立SOAP请求信息这里的XML改改,和asp那个对应
function getBookDetail(){}内容改成,就可以凑合看结果了;然后再仿写
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,strpass,status)
// 获取资料的内容 - Body元素
xxx.innerText = objSOAPEnvelope.documentElement.firstChild.text
xxx是一个Text之类的东西
最后修改那些URI之类的,注意要配套
mjt2000mjt 2006-06-19
- 打赏
- 举报
<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=GB2312">
<TITLE>SOAP应用程序</TITLE>
<SCRIPT language="JavaScript">
// 服务端SOAP应用程序名称
var strSOAPListener = "http://localhost/aaa/SOAPListener.asp"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 发送SOAP请求信息
function SOAPRequestMessage(strMethod, strTag, strValue){
// 建立HttpRequest对象
var httpObj = new ActiveXObject("MSXML2.XMLHTTP.4.0")
// 建立SOAP方法
var strSOAPAction = strSOAPURI + "#" + strMethod
// 打开HTTP链接
httpObj.Open("POST", strSOAPListener, false, "", "")
// 新增HTTP标头
httpObj.setRequestHeader("SOAPAction", strSOAPAction)
httpObj.setRequestHeader("Content-Type","text/xml")
// 建立SOAP请求信息
var strBody = '<?xml version="1.0" encoding="GB2312"?>'
strBody = strBody + '<SOAP-ENV:Envelope xmlns:SOAP-ENV='
strBody = strBody + '"http://schemas.xmlsoap.org/soap/envelope">'
strBody = strBody + '<SOAP-ENV:Body>';
strBody = strBody + '<m:' + strMethod +' xmlns:m='+'"'+ strSOAPURI +'">'
strBody = strBody + '<' + strTag + '>' + strValue + '</' + strTag + '>'
strBody = strBody + '</m:' + strMethod +'>'
strBody = strBody + '</SOAP-ENV:Body>'
strBody = strBody + '</SOAP-ENV:Envelope>'
// 使用HttpRequest发送SOAP信息
httpObj.Send (strBody)
// 获取响应的XML DOM
if (httpObj.ResponseXML.xml != "")
return httpObj.ResponseXML
}
// 获取图书的详细资料
function getBookDetail(){
// 获取查询的书号
var strCode = getCode.value
var strpass = pass.value
window.status="发送SOAP请求 ......"
// 获取响应的图书资料
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,strpass,status)
// 获取资料的内容 - Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 取出各元素节点
var nodepassword = objBody.selectSingleNode("//password")
//var nodeAuthor = objBody.selectSingleNode("//author")
var nodestatus = objBody.selectSingleNode("//status")
// 显示图书的详细资料
admin.innerHTML = strCode
//pass.innerHTML = strpass
password.innerHTML = nodepassword.text
// author.innerHTML = nodeAuthor.text
//price.innerHTML = nodePrice.text
window.status = ""
}
</SCRIPT>
</HEAD>
<BODY>
<H1><B>SOAP应用程序</B></H1>
<TABLE bgcolor="#CCCC99" width="300">
<TR><TD VALIGN=TOP><FONT size=2>书号:</FONT>
<INPUT id="getCode" type="Text" size=5>
<INPUT id="pass" type="Text" size=5>
</TD><TD><input type="Button" value="查询" onClick="getBookDetail()">
</TD></TR>
</TABLE>
<H2>图书的详细资料</H2>
<TABLE>
<TR>
<TD ALIGN="LEFT"><B>书号: </B></TD>
<TD><DIV id="admin"></DIV></TD>
</TR><TR>
<TD ALIGN="LEFT"><B>书名: </B></TD>
<TD><DIV id="password"></DIV></TD>
</TR>
<TD ALIGN="LEFT"><B>定价: </B></TD>
<TD><DIV id="price"></DIV></TD>
</TR>
</TABLE>
</BODY>
</HTML>
#################上面是客户端的 default.html程序########################################
<% @LANGUAGE="JavaScript" %>
<%
// 响应XML文件
Response.ContentType="text/xml"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 获取数据表的记录建立成为XML文件
function getBookDetail(strCode,strpass){
// 查询数据库的图书详细资料
var strSQL = "SELECT * FROM shop_admin WHERE admin='" + strCode + "' "
//var strSQL = "select * from shop_admin where admin='"&strCode&"' and password='"&strpass&"'"
var strDSN = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" + Server.MapPath("lashow.mdb")
var objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open(strSQL, strDSN)
// 建立SOAP响应信息
Response.Write('<?xml version="1.0" encoding="GB2312"?>')
Response.Write('<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope">')
Response.Write('<SOAP-ENV:Body>')
Response.Write('<m:getBookDetailResponse xmlns:m='+'"'+strSOAPURI+'">')
Response.Write('<book admin="' + strCode + '">')
Response.Write('<password>' + objRS("password") + '</password>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('</m:getBookDetailResponse>')
Response.Write('</SOAP-ENV:Body>')
Response.Write('</SOAP-ENV:Envelope>')
objRS.Close()
}
// 建立XML DOM对象
var objSOAPEnvelope = Server.CreateObject("MSXML2.DOMDocument.4.0")
// 加载SOAP信息
objSOAPEnvelope.async = false
objSOAPEnvelope.load (Request)
objSOAPEnvelope.setProperty("SelectionLanguage", "XPath")
// 获取HTTP标头的SOAP方法
var strMethod = new String(Request.ServerVariables("HTTP_SOAPACTION"))
var strHTTPMethod = strMethod.substring(strMethod.lastIndexOf("#") + 1, strMethod.length)
// 获取Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 获取其子元素
var objMethod = objBody.firstChild
var strSOAPMethod = objMethod.baseName
// HTTP标头和SOAP信息的方法是否相同
if (strHTTPMethod == strSOAPMethod){
switch (strSOAPMethod){
case "getBookDetail":
var objNode = objBody.selectSingleNode("//admin")
getBookDetail(objNode.text)
break
default:
// 定义其他的方法
}
}
%>
###########################这个是服务器端的程序SOAPListener.asp#######################
程序原来是根据输入的图书代号查询出它的详细信息,我现在想改成,在客户端输入用户名,密码后,然后在服务器端进行验证,返回一个结果,请问大虾怎么改,能帮忙改改吗???
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=GB2312">
<TITLE>SOAP应用程序</TITLE>
<SCRIPT language="JavaScript">
// 服务端SOAP应用程序名称
var strSOAPListener = "http://localhost/aaa/SOAPListener.asp"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 发送SOAP请求信息
function SOAPRequestMessage(strMethod, strTag, strValue){
// 建立HttpRequest对象
var httpObj = new ActiveXObject("MSXML2.XMLHTTP.4.0")
// 建立SOAP方法
var strSOAPAction = strSOAPURI + "#" + strMethod
// 打开HTTP链接
httpObj.Open("POST", strSOAPListener, false, "", "")
// 新增HTTP标头
httpObj.setRequestHeader("SOAPAction", strSOAPAction)
httpObj.setRequestHeader("Content-Type","text/xml")
// 建立SOAP请求信息
var strBody = '<?xml version="1.0" encoding="GB2312"?>'
strBody = strBody + '<SOAP-ENV:Envelope xmlns:SOAP-ENV='
strBody = strBody + '"http://schemas.xmlsoap.org/soap/envelope">'
strBody = strBody + '<SOAP-ENV:Body>';
strBody = strBody + '<m:' + strMethod +' xmlns:m='+'"'+ strSOAPURI +'">'
strBody = strBody + '<' + strTag + '>' + strValue + '</' + strTag + '>'
strBody = strBody + '</m:' + strMethod +'>'
strBody = strBody + '</SOAP-ENV:Body>'
strBody = strBody + '</SOAP-ENV:Envelope>'
// 使用HttpRequest发送SOAP信息
httpObj.Send (strBody)
// 获取响应的XML DOM
if (httpObj.ResponseXML.xml != "")
return httpObj.ResponseXML
}
// 获取图书的详细资料
function getBookDetail(){
// 获取查询的书号
var strCode = getCode.value
var strpass = pass.value
window.status="发送SOAP请求 ......"
// 获取响应的图书资料
var objSOAPEnvelope = SOAPRequestMessage('getBookDetail', 'admin', strCode,strpass,status)
// 获取资料的内容 - Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 取出各元素节点
var nodepassword = objBody.selectSingleNode("//password")
//var nodeAuthor = objBody.selectSingleNode("//author")
var nodestatus = objBody.selectSingleNode("//status")
// 显示图书的详细资料
admin.innerHTML = strCode
//pass.innerHTML = strpass
password.innerHTML = nodepassword.text
// author.innerHTML = nodeAuthor.text
//price.innerHTML = nodePrice.text
window.status = ""
}
</SCRIPT>
</HEAD>
<BODY>
<H1><B>SOAP应用程序</B></H1>
<TABLE bgcolor="#CCCC99" width="300">
<TR><TD VALIGN=TOP><FONT size=2>书号:</FONT>
<INPUT id="getCode" type="Text" size=5>
<INPUT id="pass" type="Text" size=5>
</TD><TD><input type="Button" value="查询" onClick="getBookDetail()">
</TD></TR>
</TABLE>
<H2>图书的详细资料</H2>
<TABLE>
<TR>
<TD ALIGN="LEFT"><B>书号: </B></TD>
<TD><DIV id="admin"></DIV></TD>
</TR><TR>
<TD ALIGN="LEFT"><B>书名: </B></TD>
<TD><DIV id="password"></DIV></TD>
</TR>
<TD ALIGN="LEFT"><B>定价: </B></TD>
<TD><DIV id="price"></DIV></TD>
</TR>
</TABLE>
</BODY>
</HTML>
#################上面是客户端的 default.html程序########################################
<% @LANGUAGE="JavaScript" %>
<%
// 响应XML文件
Response.ContentType="text/xml"
// SOAP信息的命名空间URI
var strSOAPURI = "http://localhost/aaa/soap"
// 获取数据表的记录建立成为XML文件
function getBookDetail(strCode,strpass){
// 查询数据库的图书详细资料
var strSQL = "SELECT * FROM shop_admin WHERE admin='" + strCode + "' "
//var strSQL = "select * from shop_admin where admin='"&strCode&"' and password='"&strpass&"'"
var strDSN = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" + Server.MapPath("lashow.mdb")
var objRS = Server.CreateObject("ADODB.Recordset")
objRS.Open(strSQL, strDSN)
// 建立SOAP响应信息
Response.Write('<?xml version="1.0" encoding="GB2312"?>')
Response.Write('<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope">')
Response.Write('<SOAP-ENV:Body>')
Response.Write('<m:getBookDetailResponse xmlns:m='+'"'+strSOAPURI+'">')
Response.Write('<book admin="' + strCode + '">')
Response.Write('<password>' + objRS("password") + '</password>')
//Response.Write('<author>' + objRS("Author") + '</author>')
//Response.Write('<price>' + objRS("Price") + '</price>')
Response.Write('</book>')
Response.Write('</m:getBookDetailResponse>')
Response.Write('</SOAP-ENV:Body>')
Response.Write('</SOAP-ENV:Envelope>')
objRS.Close()
}
// 建立XML DOM对象
var objSOAPEnvelope = Server.CreateObject("MSXML2.DOMDocument.4.0")
// 加载SOAP信息
objSOAPEnvelope.async = false
objSOAPEnvelope.load (Request)
objSOAPEnvelope.setProperty("SelectionLanguage", "XPath")
// 获取HTTP标头的SOAP方法
var strMethod = new String(Request.ServerVariables("HTTP_SOAPACTION"))
var strHTTPMethod = strMethod.substring(strMethod.lastIndexOf("#") + 1, strMethod.length)
// 获取Body元素
var objBody = objSOAPEnvelope.documentElement.firstChild
// 获取其子元素
var objMethod = objBody.firstChild
var strSOAPMethod = objMethod.baseName
// HTTP标头和SOAP信息的方法是否相同
if (strHTTPMethod == strSOAPMethod){
switch (strSOAPMethod){
case "getBookDetail":
var objNode = objBody.selectSingleNode("//admin")
getBookDetail(objNode.text)
break
default:
// 定义其他的方法
}
}
%>
###########################这个是服务器端的程序SOAPListener.asp#######################
程序原来是根据输入的图书代号查询出它的详细信息,我现在想改成,在客户端输入用户名,密码后,然后在服务器端进行验证,返回一个结果,请问大虾怎么改,能帮忙改改吗???
canserly 2006-06-15
- 打赏
- 举报
没见过。。。
应该是用脚本做。
应该是用脚本做。
mjt2000mjt 2006-06-15
- 打赏
- 举报
没有人知道吗?55555555555555555555
mjt2000mjt 2006-06-15
- 打赏
- 举报
谢谢楼上的,能否给个例子呢?
fangzhe 2006-06-15
- 打赏
- 举报
如果要标准,那么得实现一套SOAP,这个有javascript的,移植一下应该可以,但是比较麻烦
如果无所谓的话,Response返回一个xml就可以了,别忘记把ContentTyep设置成text/xml
如果无所谓的话,Response返回一个xml就可以了,别忘记把ContentTyep设置成text/xml
mjt2000mjt 2006-06-15
- 打赏
- 举报
现在是要做这样的程序
用server端程序(asp网站)来读写数据库,用客户端程序来操作server
用server端程序(asp网站)来读写数据库,用客户端程序来操作server
