Hi I try to insert into DB date time and the Column is date type what I need to do?
this is the code
string query = "INSERT INTO Feedback (user_Name, date_of_, Praise) VALUES ('"+TextBox1.Text+"',"+DateTime.Now+",'"+TextBox2.Text+"')";
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
I would advise against using time from the application server to insert values into the database. The most basic example how that can go wrong is that you could have two servers set to different time zones, that use the same database. What server's time is the right time?
Other thing is the neccessary transformation of a datetime to string when you are using inline SQL statements. If the application server and the database server are set to different cultures, you need to be extremely careful not to insert May 2nd (02.05), when you want to insert Feb 5th (02.05).
Sure, all these issues are avoidable, but why bother with them at all, when the RDBMS can do all that for us?
BTW, even if you don't want to use stored procedures, use parameters.
This code should be reformated like:
string query = "INSERT INTO Feedback (user_Name, date_of_, Praise) VALUES (#username, getdate(), #praise)";
SqlCommand cmd = new SqlCommand(query, con);
SqlParameter param = new SqlParameter("#username", SqlDbType.Text);
param.Value = text1;
cmd.Parameters.Add(param);
param = new SqlParameter("#praise", SqlDbType.Text);
param.Value = text2;
cmd.Parameters.Add(param);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
Don't include the value directly in your SQL.
Use a parameterized query instead. There's no point in messing around with string formatting when the database is quite capable of accepting a prepared statement with a DateTime parameter.
You should get in the habit of using query parameters for all values which can't be simply hard-coded into the SQL to start with. For example, your query is currently just blithely taking the contents of TextBox1.Text and inserting that into the SQL. That's a recipe for a SQL injection attack.
You should separate the code (the SQL) from the data (the values). Parameterized queries are the way to do that.
EDIT: Using a built-in function in the SQL is fine, of course, if you're happy to use the database's idea of "now" instead of your client's idea of "now". Work out which is more appropriate for your situation.
Why don't you use a TIMESTAMP column in your database ? Seems like overhead by inserting it through your code.
The following link provides more info:
http://msdn.microsoft.com/en-us/library/aa260631(SQL.80).aspx
edit: Set the default value of your database column as CURRENT_TIMESTAMP (Transact-SQL), and leave the column name out of your insert statement. The current date and time will be inserted by your database automatically. No problem with conversions anymore!
Replace DateTime.Now with DateTime.Now.ToString("yyyy-MM-dd");
Also, you should really parameterize your insert statement so that you cannot fall victim of a SQL injection attack.
There is a NOW() function in most SQL implementations.
You have to convert your DateTime to an Sql DateTime literal. The easiest way to do it is this:
DateTime.Now.ToString(System.Globalisation.CultureInfo.InvariantCulture)
Yet, especially for DateTime.Now, you may use some Sql function, such as GetDate() but that often depends on your database server.
You can use the Date property:
DataTime.Now.Date
Related
cmd = new SqlCommand("Select Max(Date_Time) From Daily_Sale ", con); cmd.ExecuteNonQuery();
string date_tim = (string)cmd.ExecuteScalar();
MessageBox.Show("date time" + date_tim);
This shows date time in a message box, but when I call this query:
cmdc = new SqlCommand("Select Total_Sale from Daily_Sale Where Date_Time ="+ date_tim,con);
cmdc.ExecuteNonQuery();
I get a syntax error.
Date_Time is saved as nvarchar(50).
First, you need to use parameters to send data to SQL. Never concatenate strings of data to SQL statement. That's a security hole as it's an open door to SQL Injection attacks.
For more information, read How can prepared statements protect from SQL injection attacks? and Microsoft Docs - How to: Perform Parameterized Queries
Second, Never store dates as strings in your database. For date only values, use the Date data type. For time only values, use the Time data type. For date and time values, use the DateTime2 data type (why not use DateTime?).
For more information, read Aaron Bertrand's Bad habits to kick : choosing the wrong data type, and my answer on SO to this question.
Third, you don't need two queries to get the last value of total_sale from the database. You can do that in a single query, without any parameters at all:
SELECT TOP 1 Total_Sale
FROM Daily_Sale
ORDER BY Date_Time DESC
If you want the date time value as well, simply add that to the query:
SELECT TOP 1 Total_Sale, Date_Time
FROM Daily_Sale
ORDER BY Date_Time DESC
I have a problem using the calender control .. I am getting the date in a textbox... and I have to insert this into the database .. using asp.net with c#
In my web application the field property is set to datetime and in the table the column's datatype is date..
How can I do this??
The error I am getting is:
The conversion of a varchar data type to a datetime data type resulted
in an out-of-range value. The statement has been terminated.
Could anyone help me in this regard?
Thanks in advance
The error i am getting is: The conversion of a varchar data type to a datetime data type resulted in an out-of-range value.
It sounds like you're trying to insert it as a string, which is a generally bad idea. You should use parameterized SQL and set the value as a parameter, still as a .NET DateTime. See the docs for SqlCommand.Parameters for an example of parameterized SQL. You should always keep data in its natural type for as long as possible.
Of course, it's then still possible that you'll get this error if you try to insert a DateTime value which is out of the range that SQL can store. In particular, I believe SQL has a lower limit of 1753 as the year. If your value is DateTime.MinValue for some reason (January 1st, 1AD) then you'd still get this problem. Have you added diagnostics for the value you're trying to insert?
Sorry, my first answer missed your question. Try adding the parameter by doing using the standard parameter system.
command.CommandText = "INSERT INTO FooTable (FooDate) VALUES (#FooDate)";
command.Parameters.AddWithValue("#FooDate", DateToUse.Date);
Using the .Date will only return the date part of the object. Here's another reference to it Date vs DateTime
If you're using a parametrized query, I have no trouble whatsoever to insert that DateTime from the ASP.NET calendar control into a SQL Server database table that contains a column of type DATE.
Use something like this:
// define INSERT statement - of course, yours will look quite different!
string insertStmt = "INSERT INTO dbo.DateTest(TheDate) VALUES(#DateValue);";
// set up connection and SqlCommand to do insert
using(SqlConnection conn = new SqlConnection("....your-connection-string-here...."))
using (SqlCommand cmd = new SqlCommand(insertStmt, conn))
{
// add the parameters - the #DateValue - to the SqlCommand object and
// define it's datatype (on the database) and set the value to be stored
cmd.Parameters.Add("#DateValue", SqlDbType.Date).Value = Calendar1.SelectedDate;
// open connection, execute command, close connection
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
Try one thing first, try to insert 01/01/2012 in the column, because that could because of wrong culture.... it could be mm/dd/yyyy or dd/mm/yyyy
try this 01/01/2012 first and see if thats working.
thanks
I'm working on an app that stores data in a spreadsheet to a Postgresql database. I'm familiar with C# and .Net but not so well with Postgresql. I'm having trouble storing a DateTime value into a TimeStamp column; I keep getting an error message: Failed to convert parameter value from a DateTime to a Byte[]. Any advice would be appreciated.
string query = "INSERT INTO organizer(organizer_name, contact_name, phone, alt_phone, created_date, last_update) " +
"VALUES('#name', '#contactname', '#phone', '#altphone', '#created', '#updated')";
OdbcCommand cmd = new OdbcCommand(query, con);
cmd.Parameters.Add("#name", OdbcType.VarChar);
cmd.Parameters["#name"].Value = org.Name;
cmd.Parameters.Add("#contactname", OdbcType.VarChar);
cmd.Parameters["#contactname"].Value = org.ContactName;
cmd.Parameters.Add("#phone", OdbcType.VarChar);
cmd.Parameters["#phone"].Value = org.Phone;
cmd.Parameters.Add("#altphone", OdbcType.VarChar);
cmd.Parameters["#altphone"].Value = org.AltPhone;
cmd.Parameters.Add("#created", OdbcType.Timestamp).Value = DateTime.Now;
cmd.Parameters.Add("#updated", OdbcType.Timestamp).Value = DateTime.Now;
con.Open();
cmd.ExecuteNonQuery();
I don't have a PostgreSQL db handy to test with, but I believe that you are seeing this because the OdbcType.Timestamp is actually a byte array, not a time and date. From MSDN:
Timestamp: A stream of binary data (SQL_BINARY). This maps to an Array of type Byte.
This is probably because the timestamp datatype, in SQL Server, is
a data type that exposes automatically generated, unique binary numbers within a database. timestamp is generally used as a mechanism for version-stamping table rows.
I would try using OdbcType.DateTime, which seems to map to the concept behind PostgreSQL's timestamp.
EDIT:
Here is a useful post which summarizes the mappings between PostgreSQL and .NET.
You've got a few solutions here...I'm going to assume the organizer table has the created_date and last_update as timestamp fields, correct? The silliest answer is to change those to varchar fields. heh.
2 better answers...I'm assuming this is a formatting error where DateTime.Now doesn't return in the format pgsql wants:
Since you are just giving it the current timestamp
you can define your table to default these columns to now() and then not pass values to this column, on an insert the table would just populate that with the default of now().
instead of defining the variable to DateTime.Now and then passing the variable, just send postgres now() and it will populate it in the format it feels right.
And second potential is to format the date into what PG expects as part of the insert statement...I'd need to know what DateTime.Now gives for a value to format it to what pg wants to see. This might be a bit of string manipulation...
I have got the following exception when try to select data from SQL Server or inserting data in in with a C# windows application. I am passing the date in where clause of select query in single quotes like this '16/03/2011' The exception message is shown below:
The conversion of a char data type to
a datetime data type resulted in an
out-of-range datetime value.
Is there any perfect solution for inserting and selecting date from sqlserver database irrelevant to the operating system. i.e. that works on both Italian and English OS.
If you can't use stored procs, or parameterized queries, you might want to format the date in a yyyy-mm-dd format. Ex. '2011-03-16'
T-SQL SAMPLE
INSERT INTO MyTable (SomeDate) VALUES ('2011-03-16')
or
SELECT * FROM MyTable WHERE SomeDate <= '2011-03-16'
Also, keep in mind the time portion of the date. If time is not important, then make sure you don't store it, because it could impact your SELECT queries down the road.
Use stored procedures, or parameterized queries. These will let you pass in a C# datetime object, and the conversion will be handled automatically for you.
I would suggest starting with the SQLDataAdapter class. A simple example of this would be:
using (SqlDataAdapter da = new SqlDataAdapter("SELECT * FROM MyTable WHERE myDate = #myDate", someSqlConnection)
{
da.SelectCommand.Paramaters.Add("#myDate", new DateTime());
DataTable dt = new DataTable();
da.Fill(dt);
}
However, be aware that there are many different ways of achieving your goal. From your question, I would imagine you are creating SQL strings and executing them against your database. This is considered a Bad Practice for lots of reasons (including the one you describe). Read up about ORMs such as Entity Framework or NHibernate.
Update can't work.
sqlstr ="UPDATE emp SET bDate='"+Convert.ToDateTime(txtbDate.Text)+"'";
can't update emp table.
I tried also using Parse method.
It throws error message :
The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value. The statement has been terminated.
You should allways use sql parameters when accepting input from a user. This will probably solve your problem as well as increasing security. Try this:
sqlstr ="UPDATE emp SET bDate=#bDate";
SqlCommand.Parameters.AddWithValue("#bDate", Convert.ToDateTime(txtbDate.Text));
Don't use adhoc SQL like this, use parameterised SQL:
sqlstr = "UPDATE emp SET bDate=#NewDate WHERE...."
Then on your SqlCommand, add the #NewDate parameter:
YourSqlCommand.Parameters.Add("#NewDate", SqlDbType.DateTime);
YourSqlCommand.Parameters["#NewDate"].Value = Convert.ToDateTime(txtbDate.Text);
You can use parameterised stored procedures.
The .net datetime contains more values than the SQL DateTime, so thus the out of range error.
Parameterised stored procs also provide more security against sql injection attacks.
You can kill 2 birds with one stone and use a parameter:
UPDATE emp SET bDate=#newDate
And fill the parameter value with a Date directly, using DateTime.Parse() to do the conversion. This also eliminates the SQl injection problem you have now.
have you tried to parse the date value to SQL format(yyyy-MM-dd), ex 2000-12-31
Convert.ToDateTime(txtbDate.Text).ToString("yyyy-MM-dd");
Cheers.
use Parameters to pass the date to the query
this if you are using ole db:
sqlstr = "UPDATE emp SET bDate=? "
command.Parameters.Add(New OleDbParameter("#bDate", Convert.ToDateTime(txtbDate.Text)))
"The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value. The statement has been terminated."
You're date-time is not in the range accepted by the SQL DateTime. What date are you trying to parse? I've this error for some really early dates (1/15/103 for example). Dates are stored in ticks from an arbitrary start point.
The start point for .net is 1/1/0001
The start point for SQL is 1/1/1753
I'm not sure about end values. Try running these and compare. Either code trace, or console writeline.
DateTime netDate = DateTime.MinValue;
SqlDateTime sqlDate = SqlDateTime.MinValue;
DateTime netMaxDate = DateTime.MaxValue;
SqlDateTime sqlMaxDate = SqlDateTime.MaxValue;
Read what everyone else said about parameterizing queries.
it should be plain string because you store it in a sqlstr ;)