我的WebService遇到了一些问题。当我在我的数据库中执行查询时,返回正常,但是当我通过服务(在线)执行时,返回错误
System.Data.SqlClient.SqlException: Incorrect syntax near '<'.
CODE
[WebMethod]
public XmlDocument listagemCredenciadasCoordenadaGeografica(string latitude, string longitude, float raio)
{
try
{
string s = "SELECT San_Filial.Credenciada_Id "
+ "FROM San_Filial "
+ "WHERE (San_Filial.Excluido = 0) "
+ "AND (San_Filial.Credenciada_Id NOT IN (62, 85, 1, 68, 10, 151, 152, 153, 154, 155)) "
+ "AND San_Filial.lat != '0' "
+ "AND San_Filial.lat IS NOT NULL "
+ "AND San_Filial.ddd IS NOT NULL "
+ "AND ACOS( COS(RADIANS(RTRIM(LTRIM(San_Filial.lat)))) * "
+ "COS(RADIANS(convert(float," + latitude + "))) * "
+ "COS(RADIANS(RTRIM(LTRIM(San_Filial.lon))) - "
+ "RADIANS(convert(float," + longitude + "))) + "
+ "SIN(RADIANS(RTRIM(LTRIM(San_Filial.lat))) * "
+ "SIN(RADIANS(convert(float," + latitude + ")))) * 6380 < " + raio + " ";
XmlDocument xml = new XmlDocument();
xml.LoadXml(ExecuteStrQuery(s, "Table").GetXml());
return xml;
}
catch (Exception ex)
{
throw ex;
}
}
public static DataSet ExecuteStrQuery(string Query, string NameTable)
{
neticonn.ConexaoWebServices conn = new neticonn.ConexaoWebServices();
SqlConnection c = new SqlConnection(conn.novaConexao("netservicemobile"));
DataSet ds = new DataSet();
SqlDataAdapter da = new SqlDataAdapter();
try
{
SqlCommand cmd = new SqlCommand(Query, c);
cmd.CommandType = CommandType.Text;
da = new SqlDataAdapter(cmd);
da.Fill(ds, NameTable);
return ds;
}
catch (Exception ex)
{
throw new Exception(ex.Message, ex);
}
finally
{
try
{
if (c.State != ConnectionState.Closed)
{
c.Close();
c.Dispose();
da.Dispose();
}
}
catch
{
}
}
}
答案 0 :(得分:3)
想到两个想法。
1)每当进行sql查询时,请使用参数化查询...命名参数更好。连接是坏的,坏的,坏的!如果您不熟悉,请阅读SQL注入。
2)<
是<
的html,所以我猜你需要在使用查询值之前查看html编码/解码