I have a simple SqlCommand in which I want to return all records within a specified DateTime range. (both Date and Time are involved)
var dataReader = new SqlCommand(
#"Select RecordID from RecordTable
where RecordTable.WorkingDT between '"+ _startDt +"' and '"+ _endDt +"'",
_sqlConnection).ExecuteReader();
how do I have to set the values for _startDt and _endDt?
You can try this:
var dataReader = new SqlCommand(
#"Select RecordID from RecordTable
where RecordTable.WorkingDT between '"+ _startDt.ToString("yyyy-MM-dd HH:mm:ss") +"' and '"+ _endDt.ToString("yyyy-MM-dd HH:mm:ss") +"'",
_sqlConnection).ExecuteReader();
Where _startDt and _endDt are type of DateTime.
If you add them as proper parameters in your command, you don't need to worry about formatting. The added benefit of getting into the habit of using these is that you don't have to worry about SQL injection when you were to supply strings as parameters.
Have a look at http://www.csharp-station.com/Tutorial/AdoDotNet/lesson06
It shows how to use parameters in your queries. I don't think it needs to be spelled out completely.
An example (copy/pasted from the site):
// 1. declare command object with parameter
SqlCommand cmd = new SqlCommand(
"select * from Customers where city = #City", conn);
// 2. define parameters used in command object
SqlParameter param = new SqlParameter();
param.ParameterName = "#City";
param.Value = inputCity;
// 3. add new parameter to command object
cmd.Parameters.Add(param);
// get data stream
reader = cmd.ExecuteReader();
And yes, defining the parameters can be done shorter that 3 lines per parameter. But that's left up to the reader.
#kmatyaszek, While commonly used, the "yyyy-mm-dd HH:mm:ss" date format is not guaranteed to be unambiguously parsed by SQL server. If you must create SQL from concatenating strings (not necessary in this case as René has shown) then you should use the ISO8601 format, which is just the same but with a T in the middle: "yyyy-mm-ddTHH:mm:ss".
http://msdn.microsoft.com/en-us/library/ms190977%28v=sql.90%29.aspx
"The advantage in using the ISO 8601 format is that it is an
international standard. Also, datetime values that are specified by
using this format are unambiguous. Also, this format is not affected
by the SET DATEFORMAT or SET LANGUAGE settings."
For a demonstration why, try this rerunnable Sql script.
if object_id('tempdb..#Foo') is not null drop table #Foo;
create table #Foo(id int, d datetime)
-- Intend dates to be 12th Jan.
set dateformat ymd
insert into #Foo(id, d) values (1, '2012-01-12 01:23:45') -- ok
insert into #Foo(id, d) values (2, '2012-01-12T01:23:45') -- ok
set dateformat ydm
insert into #Foo(id, d) values (3, '2012-01-12 01:23:45') -- wrong!
insert into #Foo(id, d) values (4, '2012-01-12T01:23:45') -- ok
select * from #Foo order by id
if object_id('tempdb..#Foo') is not null drop table #Foo;
Related
I tried to get result depending on two dates which the user checked.
I have two datetimepicker controls.
I want the user to chooses the "from" date and "to" date,
then the query get specific result.
leaving_time column type is nvarchar
This is my query:
SELECT name, mil_no, rotba, arrival_time, leaving_time, day, year
FROM dbo.Hodor_data
WHERE leaving_time BETWEEN '"+dateTimePicker1.Checked.ToString()+ "' AND '" + dateTimePicker2.Checked.ToString() + '"
Where is the mistake?
You should write parameterized queries and not using string concatenation for passing the parameters, in order to create a sql command. Using string concatenation makes you code vulnerable to sql injections.
var cmdText = #"SELECT ...
FROM dbo.Hodor_data
WHERE leaving_time BETWEEN #StartDate AND #EndDate";
var sqlCommand = new SqlCommand(cmdText, connection);
sqlCommand.Parameters.AddWithValue("#StartDate", dateTimePicker1.Value);
sqlCommand.Parameters.AddWithValue("#EndDate", dateTimePicker2.Value);
where connection is your sql connection object.
Try to use dateTimePicker1.Text in dateTimePicker1_ValueChanged event where you are using dateTimePicker2.Checked that return true or false not the value of date
Checked is a boolean property, and it is not the date. You need to use the Value Property. It is better to add parameters and explicitly specify the type so that the date format conflict is solved.
Edit: If column type in SQL server is NVARCHAR and of format MM/dd/yyyy, you need to use ONVERT(DATETIME, leaving_time, 101):
conn.Open();
SqlDataAdapter dataAdapter =
new SqlDataAdapter("SELECT name, mil_no, rotba, arrival_time, leaving_time, day, year "
+ "FROM dbo.Hodor_data where CONVERT(DATETIME, leaving_time, 101) "
+ "BETWEEN #p1 AND #p2", conn);
SqlParameter fromDate = new SqlParameter("#p1", SqlDbType.DateTime2);
fromDate.Value = dateTimePicker1.Value;
SqlParameter toDate = new SqlParameter("#p2", SqlDbType.DateTime2);
toDate.Value = dateTimePicker2.Value;
dataAdapter.SelectCommand.Parameters.Add(fromDate);
dataAdapter.SelectCommand.Parameters.Add(toDate);
DataTable dt = new DataTable();
dataAdapter.Fill(dt);
dataGridView1.DataSource = dt;
conn.Close()
You should really consider changing the type of column leaving_time to be a DateTime column. This will make your life easier in querying. I can't really see any advantage of storing these values as text.
I have a C# program and I want to run a MySQL query that insert a record. In this record I have a timestamp field that MUST BE the server timestamp, not the client timestamp.
So, I write this:
start_session = new MySqlDataAdapter("INSERT INTO CUBE_WORKTIME(ID_WORKTIME,
ID_RISORSA_FK,DATA,ORA_INIZIO_EVENTO, ORA_FINE_EVENTO,
ID_CDC_FK, CAUSALE, LAST_EVENT)
VALUES ('', '"+ idrisorsa_global + "', DATE(NOW()),NOW(),
NULL, '"+ IDCDC +"', 'Login', 'Y')", connection);
DataTable start_session_dataset = new DataTable();
start_session.Fill(start_session_dataset);
This query works well, the ID_RISORSA_FK and IDCDC fields are correct. But the date and the datetime are 0000-00-00 and 0000-00-00 00:00:00.
I also tried adding the quotes, but no effects.
Any ideas?
The first thing to change is the use of an MySqlDataAdapter to just insert a record. While this could work it is not the correct class to use for this work. A simple MySqlCommand is the correct object to use and with a lot less of infrastructure required
The second thing to change is the way in which you build your sql query. Do not concatenate together strings to form an sql command but use Parameters. This avoid Sql Injection and parsing problems.
So your code could be rewritten as
string cmdText = #"INSERT INTO CUBE_WORKTIME
(ID_RISORSA_FK,DATA,ORA_INIZIO_EVENTO, ORA_FINE_EVENTO,ID_CDC_FK,
CAUSALE, LAST_EVENT) VALUES (#risorsaID, CURDATE(), CURTIME(),
NULL, #cdcID, 'Login', 'Y')";
MySqlCommand cmd = new MySqlCommand(cmdText, connection);
cmd.Parameters.Add("#risorsaID", MySqlDbType.Int32).Value = idrisorsa_global;
cmd.Parameters.Add("#cdcID", MySqlDbType.Int32).Value = IDCDC;
int rowsInserted = cmd.ExecuteNonQuery();
I'm writing WinForms code in C# and basically have the following:
DateTime localDate = DateTime.UtcNow;
SqlConnection Conn = new SqlConnection("....[connection info]....");
Conn.Open();
SqlCommand sqlcomm = new SqlCommand("INSERT INTO dbo.Call VALUES(...., #Time,...);", Conn);
sqlcomm.Parameters.Add("#Time", SqlDbType.DateTime);
sqlcomm.Parameters["#Time"].Value = localDate;
Int32 o = sqlcomm.ExecuteNonQuery();
This throws an error of "When converting a string to DateTime, parse the string to take the date before putting each variable into the DateTime object." From what I gather, it thinks the localDate variable is a string but if I write to the console localDate.GetType() it says System.DateTime.
The column for "#Time" in the database is set up to DateTime, so that's not the issue. Any thoughts?
You're almost there. for Sql Server think among these lines
select cast(getdate() as time)
Problem is that in .net there is no such type as time, so you need to adapt
SqlCommand sqlcomm = new SqlCommand(
"INSERT INTO dbo.Call VALUES(...., cast(#Time as time),...);", Conn);
sqlcomm.Parameters.AddWithValue("#Time", localDate);
this is all you should need. Although, I think, you may not even need to add cast as DB engine itself will try cast it. The problem, I think, that you explicitly said your type SqlDbType.DateTime. But if you use AddWithValue, provider will do things for you.
since #Frédéric mentioned TimeSpan, you can try this as well
sqlcomm.Parameters.AddWithValue("#Time", localDate.TimeOfDay);
' and no cast(#Time as time)
The UTC format is not an sql date time format whuch you specified in the parameters.add
In the past I have formatted the utc time to that of yyyy-MM-dd.
Given this table schema:
create table dbo.call_history
(
id int not null identity(1,1) primary key clustered ,
my_date date null ,
my_time time null ,
my_datetime datetime null ,
)
This code works just fine:
using ( SqlConnection conn = new SqlConnection( connectString ) )
using ( SqlCommand cmd = conn.CreateCommand() )
{
cmd.CommandType = CommandType.Text;
cmd.CommandText = #"
insert dbo.call_history ( my_date , my_time , my_datetime )
values ( #pDate , #pDate , #pDate )
select scope_identity()
";
cmd.Parameters.AddWithValue( "#pDate" , DateTime.UtcNow );
conn.Open();
// double downcast required herebecause scope_identity()
// returns numeric(38,0) which gets mapped to decimal
int id = (int)(decimal) cmd.ExecuteScalar() ;
conn.Close();
}
i am using mysql net connector and i want to insert some data , without datetime it works but
with date time it gives error.
my code is;
da.InsertCommand = new MySqlCommand("INSERT INTO orders( VALUES('',#ORDER_DATE, #DATE_SHIPMENT, #PRODUCT_ID, #QUANTITY, #CUSTOMER_ID, #INVOICE_FEE, #PROD_TYPE, #BRAND, #MODEL, #PRICE, #VAT)", cs);
da.InsertCommand.Parameters.Add("ORDER_DATE", MySqlDbType.DateTime).Value = oRDER_DATEDateTimePicker.Text;
da.InsertCommand.Parameters.Add("DATE_SHIPMENT", MySqlDbType.DateTime).Value = dATE_SHIPMENTDateTimePicker.Text;
da.InsertCommand.Parameters.Add("PRODUCT_ID", MySqlDbType.Int32).Value = pRODUCT_IDTextBox.Text;
da.InsertCommand.Parameters.Add("QUANTITY", MySqlDbType.Decimal).Value = qUANTITYTextBox.Text;
da.InsertCommand.Parameters.Add("CUSTOMER_ID", MySqlDbType.Int32).Value = textiD.Text;
da.InsertCommand.Parameters.Add("INVOICE_FEE", MySqlDbType.VarChar).Value = comboBoxfee.Text;
da.InsertCommand.Parameters.Add("PROD_TYPE", MySqlDbType.VarChar).Value = pROD_TYPETextBox.Text;
da.InsertCommand.Parameters.Add("BRAND", MySqlDbType.VarChar).Value = bRANDTextBox.Text;
da.InsertCommand.Parameters.Add("MODEL", MySqlDbType.VarChar).Value = mODELTextBox.Text;
da.InsertCommand.Parameters.Add("PRICE", MySqlDbType.Decimal).Value = pRICETextBox.Text;
da.InsertCommand.Parameters.Add("VAT", MySqlDbType.Decimal).Value = vATTextBox.Text;
cs.Open();
da.InsertCommand.ExecuteNonQuery();
cs.Close();
error is:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES('','0007-12-2012 00:00:00 ', '0007-12-2012 00:00:00
i guess my datetime format is not recognizing by mysql,in my winform oRDER_DATEDateTimePicker.Text and dATE_SHIPMENTDateTimePicker.Text is short datetime.
thanks
Instead of adding (as a single example of a wider problem) dATE_SHIPMENTDateTimePicker.Text, use DateTime.Parse (etc) to get the actual value as a DateTime, and add that:
var when = DateTime.Parse(dATE_SHIPMENTDateTimePicker.Text);
da.InsertCommand.Parameters.Add(
"DATE_SHIPMENT", MySqlDbType.DateTime).Value = when;
The same applies to all the parameters; integers, dates, decimals, etc. In fact, simply having database code (commands etc) and UI code (text-boxes) in the same method tells me something is very wrong: ideally, you would have that via a method somewhere that takes typed parameters:
void CreateOrder(int foo, string bar, DateTime baz, decimal blop, ...)
{
...
}
It is the job of the UI to turn the human input into real values that make sense to other layers, such as your data-access code.
So done properly, the UI would handle the parsing, and then call a separate method that knows nothing about the UI to talk to the database.
Another approach is for the UI to build an object with typed members and pass that in:
void CreateOrder(Order order)
{
...
}
Then the UI does:
var order = new Order();
order.Id = /* todo... */
/* ...for each property... */
CreateOrder(order);
MySqlDbType.DateTime wants DateTime as parameter, and not string.
Use DateTime.Parse(oRDER_DATEDateTimePicker.Text) or DateTime.ParseExact(oRDER_DATEDateTimePicker.Text, format) where format is custom format for date that you choose. It can be "yyyy-DD-MM" or whatever else you want or need.
You seem to have a few typos in your query:
da.InsertCommand = new MySqlCommand("INSERT INTO orders( VALUES('',#ORDER_DATE, #DATE_SHIPMENT, #PRODUCT_ID, #QUANTITY, #CUSTOMER_ID, #INVOICE_FEE, #PROD_TYPE, #BRAND, #MODEL, #PRICE, #VAT)", cs);
^^^ ^^
Put a space between VALUES and (, and remove the parenthesis after orders:
da.InsertCommand = new MySqlCommand("INSERT INTO orders VALUES ('',#ORDER_DATE, #DATE_SHIPMENT, #PRODUCT_ID, #QUANTITY, #CUSTOMER_ID, #INVOICE_FEE, #PROD_TYPE, #BRAND, #MODEL, #PRICE, #VAT)", cs);
Second, (as others have mentioned), you are not be using the correct DateTime format. MySQL will accept DateTime.Parse as an input, but it should also accept a string in this format:
yyyy-MM-dd HH:mm:ss
I have a MySQL database, there's a table which have column Time's Type is Nvachar(50) and its values is kind like this "05/09/2012 20:53:40:843" *(Month-date-year hour:mins:second:msecond)*
Now I want to query to get a record have Time after "10/05/2012 01:00:30 PM".
I had code in C# to converted it to "05/10/2012 13:00:30" before making a query.
My Query :
SELECT * FROM ABCDFEGH WHERE capTime > '05/10/2012 13:00:30' LIMIT 0, 1
But i got no record. So please tell me how can I can make it return record have time after the time above ???
More Info My C# code :
string tableName = "ABCDFEGH";
string date = "05/10/2012 13:00:30";
var query = "SELECT * FROM " + tableName + " WHERE capTime > '" + date + "' LIMIT 0, 1";
var cmd = new MySqlCommand(query, connection);
MySqlDataReader dataReader = null;
try
{
dataReader = cmd.ExecuteReader();
}
I'm so so so so so so sorry. I made a mistake the query must be
SELECT * FROM ABCDFEGH WHERE capTime > '05/10/2012 13:00:30' LIMIT 0, 1
This query is successful return the record i need :)
But soemhow I have mistyped it into
SELECT * FROM ABCDFEGH WHERE capTime > '05-10-2012 13:00:30' LIMIT 0, 1
Sorry again, topic close. But tks for evveryone tried :)
I recommend using the DATETIME datatype instead of NVARCHAR. Store dates in YYYY-MM-DD HH:MM:SS format, which is the native DATETIME format recognized by MySQL.
Also use date literals in the same format.
Two reasons for this recommendation: First, DATETIME takes only 8 bytes, instead of up to 150 bytes which is the potential size of a multibyte 50 character varchar.
Second, the sort order of DATETIME will be the same as the chronological order. So if you create an index on the Time column, your > comparison can benefit from the index. Your query will be much faster as a result.
Use TIMESTAMPDIFF()
Schema
CREATE TABLE ABCDFEGH (`right` varchar(3), `time` datetime);
INSERT INTO ABCDFEGH (`right`, `time`)
VALUES
('Yes', '2012-10-02 13:00:30'),
('No', '2012-10-15 13:00:30');
SQL Code
SELECT * FROM ABCDFEGH
WHERE TIMESTAMPDIFF(MINUTE, time, '2012-10-05 13:00:30') > 0
LIMIT 0, 1
Explanation
TIMESTAMPDIFF() returns datetime_expr2 – datetime_expr1, where datetime_expr1 and datetime_expr2 are date or datetime expressions. One expression may be a date and the other a datetime; a date value is treated as a datetime having the time part '00:00:00' where necessary. The unit for the result (an integer) is given by the unit argument.
Fiddle: http://www.sqlfiddle.com/#!2/244cc/1 datetime
Fiddle: http://www.sqlfiddle.com/#!2/063b3/1 varchar(50)
PS1: Time may be a reserved word. Please avoid using it. Else use it with backticks (`).
PS2: The format of time is YYYY-MM-DD not the reverse.
First, why did you save the dates as NVARCHAR? If you are still able to change it to DATETIME datatype and all of the records on it, much better.
But if not, you can use STR_TO_DATE.
SELECT *
FROM tableName
WHERE STR_TO_DATE(`capTime`, '%m/%d/%Y %H:%i:%s:%x') >
STR_TO_DATE('05/10/2012 13:00:30', '%c/%d/%Y %H:%i:%s')
See SQLFiddle Demo
SOURCES
STR_TO_DATE
DATE Formats
UPDATE 1
and your query is vulnerable with SQL Injection. To avoid from it
Parameterized your query
code snippet,
string tableName = "ABCDFEGH";
string date = "05/10/2012 13:00:30";
String query = "SELECT * FROM " + tableName + " WHERE STR_TO_DATE(`capTime`, '%m/%d/%Y %H:%i:%s:%x') > STR_TO_DATE(#dateHere, '%c/%d/%Y %H:%i:%s')";
using (MySqlConnection connection = new MySqlConnection("connectionStringHere"))
{
using (MySqlCommand command = new MySqlCommand())
{
command.Connection = connection;
command.CommandType = CommandType.Text;
command.CommandText = query;
command.Parameters.AddwithValue("#dateHere",date)
MySqlDataReader dataReader = null;
try
{
dataReader = cmd.ExecuteReader();
}
catch(MySqlException e)
{
// do something here
// don't suppress the error
}
}
}