I am trying to get a autocomplete textbox using classic ASP and Jquery below is the code i currently have but nothing is populating in the search box.
Database Name = Test
Database User Login = sql
Password = Password
Table Name = Product
Columns are: ProductId, Name, ItemNumber
I am trying to allow the user to search by product name. Also do I have a risk of SQL injection with the following code? Thanks in advance!
search.asp:
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.2 /jquery.js" ></script>
<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.js" ></script>
<link rel="stylesheet" type="text/css" href="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/themes/base/jquery-ui.css"/>
<!-- SCRIPT FOR AUTOCOMPETE SEARCH BOX //-->
<script type="text/javascript" language="javascript">
<!--
$(function() {
$( "#productname" ).autocomplete({
source: "source.asp",
minLength: 2
});
});
// -->
</script>
</head>
<body>
<p> </p>
<div>
<input type="text" id="productname">
</div>
<p> </p>
</body>
</html>
and my source page is:
<%
Dim keywords
Dim keywords_cmd
Dim output
Set keywords_cmd = Server.CreateObject ("ADODB.Command")
keywords_cmd.ActiveConnection = "Provider=SQLNCLI10;Server=LOCALHOST\SQL; Database=test;Uid=sql; Pwd=Password;"
keywords_cmd.CommandText = "SELECT ProductId, Name FROM product where Name like '%" & Request.QueryString("term") & "%'"
keywords_cmd.Prepared = true
Set keywords = keywords_cmd.Execute
output = "["
While (NOT keywords.EOF)
output = output & "{""ProductId"":""" & keywords.Fields.item("ProductId") & """,""value"":""" & keywords.Fields.Item("Name") & """},"
keywords.MoveNext()
While end
keywords.Close()
Set keywords = Nothing
output=Left(output,Len(output)-1)
output = output & "]"
response.write output
%>
<!--We haven't needed to hide JavaScript like this since last century.