查询在数据库中执行,但在WebService中执行时不执行

时间:2013-02-27 19:05:01

标签: c# sql web-services asmx

我的WebService遇到了一些问题。当我在我的数据库中执行查询时,返回正常,但是当我通过服务(在线)执行时,返回错误 System.Data.SqlClient.SqlException: Incorrect syntax near '<'.

CODE

    [WebMethod]
    public XmlDocument listagemCredenciadasCoordenadaGeografica(string latitude, string longitude, float raio)
    {
        try
        {
            string s = "SELECT San_Filial.Credenciada_Id " 
                + "FROM San_Filial " 
                + "WHERE (San_Filial.Excluido = 0) " 
                + "AND (San_Filial.Credenciada_Id NOT IN (62, 85, 1, 68, 10, 151, 152, 153, 154, 155)) " 
                + "AND San_Filial.lat != '0' " 
                + "AND San_Filial.lat IS NOT NULL "
                + "AND San_Filial.ddd IS NOT NULL " 
                + "AND ACOS( COS(RADIANS(RTRIM(LTRIM(San_Filial.lat)))) * " 
                + "COS(RADIANS(convert(float," + latitude + "))) * " 
                + "COS(RADIANS(RTRIM(LTRIM(San_Filial.lon))) - " 
                + "RADIANS(convert(float," + longitude + "))) + " 
                + "SIN(RADIANS(RTRIM(LTRIM(San_Filial.lat))) * " 
                + "SIN(RADIANS(convert(float," + latitude + ")))) * 6380 < " + raio + " ";

            XmlDocument xml = new XmlDocument();
            xml.LoadXml(ExecuteStrQuery(s, "Table").GetXml());

            return xml;
        }
        catch (Exception ex)
        {
            throw ex;
        }
    }


public static DataSet ExecuteStrQuery(string Query, string NameTable)
        {
            neticonn.ConexaoWebServices conn = new neticonn.ConexaoWebServices();
            SqlConnection c = new SqlConnection(conn.novaConexao("netservicemobile"));

            DataSet ds = new DataSet();
            SqlDataAdapter da = new SqlDataAdapter();

            try
            {
                SqlCommand cmd = new SqlCommand(Query, c);
                cmd.CommandType = CommandType.Text;
                da = new SqlDataAdapter(cmd);
                da.Fill(ds, NameTable);
                return ds;
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message, ex);
            }
            finally
            {
                try
                {
                    if (c.State != ConnectionState.Closed)
                    {
                        c.Close();
                        c.Dispose();
                        da.Dispose();
                    }
                }
                catch
                {
                }
            }
        }

1 个答案:

答案 0 :(得分:3)

想到两个想法。

1)每当进行sql查询时,请使用参数化查询...命名参数更好。连接是坏的,坏的,坏的!如果您不熟悉,请阅读SQL注入。

2)&lt;<的html,所以我猜你需要在使用查询值之前查看html编码/解码