Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
bnd_ck
Starting Member
4 Posts |
 Posted - 2014-06-03 : 17:54:34
|
| I am new to sql database programming. developing an application using C# and sql server 2005. i am having problems with date insertion to database. I use datatimepicker control to get date input. here is my code. in table i use datetime column type. strSQL = "Insert Into TB1 (PPT_No,Reference_No,Application_Date,Receipt_No,Citizenship,Purpose_Visit,Entry_Type,Visa_Category,Airline,Vessel_No,Date_Arrival,Date_Departs,Collected_Date,Remarks) Values('" +txtPPT_No.Text+ "'," +application_Date.Value+ ",'" +txtRecieptNo.Text+ "','" +cmbcitizenship.Text+ "','" +txtpurpose.Text+ "','" +cmbentry.Text+ "','" +cmbcategory.Text+ "','" +cmbAirLine.Text+ "','" +txtvesel.Text+ "'," +arrivalDate.Value+ ",'" +departsDate.Value+ ",'" +txtrefference_No.Text+ "'," +collected_Date.Value+ ",'" +txtremarks.Text+ "'";all date fields i used datetimepicker control. where i went wrong?. Error : "The conversion of a char data type to a datetime data type resulted in an out-of-range datetime value."any advice please |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-06-03 : 19:05:39
|
| Please read up on using parameterized queries. Your SQL code is vulnerable to SQL Injection. You should not be concatenating your queries together like this. Please use parameterized queries only. We'll need to see some sample data to help answer your question.Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
 |
|
|
bnd_ck
Starting Member
4 Posts |
Posted - 2014-06-04 : 05:31:52
|
| yeah i know that's true. but i am familiar with this type of coding since i have been using this with vb.net. but there should be a way of approaching this method too. any idea most welcome. many thanks |
|
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2014-06-04 : 12:03:12
|
| You need to post sample data for us to help.Tara KizerSQL Server MVP since 2007http://weblogs.sqlteam.com/tarad/ |
|
|
|
Lamprey
Master Smack Fu Yak Hacker
4614 Posts |
Posted - 2014-06-04 : 12:24:58
|
| My guess is that you are treating DATE values as a DATE when you, probably, should be passing them as a string (i.e. surround the value with single quotes). But, as Tara pointed out, you can avoid all this nonsense by using parameterized queries. |
|
|
|
|
|
|
|
|
insert date/time data to sql database