sql查询中的列名称(lat,lat,lng,lat,lat,lng)无效

时间:2012-01-17 06:01:43

标签: c# sql-server-2008 latitude-longitude 

protected void btnFind_Click(object sender, EventArgs e)
{
    if (zipcode.Text != "")
    {
        litAddress.Text = "";
        litAddress1.Text = "";
        string addressstring = zipcode.Text;

        SqlConnection conn1 = new SqlConnection("Data Source=win2008-2;Initial Catalog=h1tm11;User ID=sa;Password=password;Persist Security Info=True;");
        SqlCommand cmd = new SqlCommand("Select lat,lng from tbl_pincode where codes='" + addressstring + "'", conn1);
        DataTable table = new DataTable();
        SqlDataAdapter adapter = new SqlDataAdapter(cmd);
        adapter.Fill(table);

        foreach (DataRow row in table.Rows)
        {
            string lat = row["lat"].ToString();
            string lng = row["lng"].ToString();

            string connstring = "Data Source=win2008-2;Initial Catalog=h1tm11;User ID=sa;Password=password;Persist Security Info=True;";
            SqlConnection conn = new SqlConnection(connstring);
            string SQL1 = "SELECT  *, 6371.01 * ACOS( SIN( CAST((lat) AS float)*PI()/180 ) * SIN( CAST((store_lat) AS float)*PI()/180 ) + COS( CAST((lat) AS float)*PI()/180 ) * COS( CAST((store_lat) AS float)*PI()/180 ) * COS( (CAST((store_long) AS float)*PI()/180) - (CAST((lng) AS float)*PI()/180) ) ) AS distance from storelocator where 6371.01 * ACOS( SIN(CAST((lat) AS float)*PI()/180 ) * SIN( CAST((store_lat) AS float)*PI()/180 ) + COS(CAST((lat) AS float)*PI()/180 ) * COS( CAST((store_lat) AS float)*PI()/180 ) * COS( (CAST((store_long) AS float)*PI()/180) - (CAST((lng) AS float)*PI()/180) ) ) < '" + ddl_distance.SelectedItem.Value + "' order by distance asc;";
            conn.Open();
            SqlCommand comm = new SqlCommand(SQL1, conn);
            SqlDataReader reader = comm.ExecuteReader();
            while (reader.Read())
            {
                string area = reader["store_name"].ToString();
                string codes = reader["store_address1"].ToString();
                litAddress.Text += area + "<br>";
                litAddress1.Text += codes + "<br>";
            }
        }
    }
}

我收到一个无效的列名lat,lat,lng,lat,lat,lng error.I认为它没有在sql查询中取latlng值,但我'传递它。我还将字符串转换为float。我的数据库中的数据字段为nvarcharlatlngstore_latstore_long。我不知道为什么。

2 个答案:

答案 0 :(得分:0)

您应该编写像

这样的SQL查询 
  string lat = row["lat"].ToString();
  string lng = row["lng"].ToString();
  string SQL1 = "SELECT  *, 6371.01 * CAST("+lat+" AS float)*PI()/180 From YourTable order by distance asc;";

答案 1 :(得分:-1)

你交叉检查一次,所有的列名。并尝试使用良好的命名约定重命名,这样就不会导致错误。

这不是向查询添加参数的正确方法,它容易出错.. Exploits of SqlInjectio , 你应该使用参数化查询。并且也不要使用

SELECT * from table name ,

您使用显示逻辑所需的列数,这将有助于加快处理速度。 

        SqlCommand cmd = new SqlCommand("Select lat,lng from tbl_pincode wherecodes=@address", conn1);
        cmd.Parameters.AddWithValue("@address",  addressstring ); 
        DataTable table = new DataTable();
        SqlDataAdapter adapter = new SqlDataAdapter(cmd);
        adapter.Fill(table);
相关问题
最新问题