使用nvarchar欺骗数据库（假设）日期 [英] Cheating database (supposed) date by using nvarchar

问题描述

嗨。，

我的数据库中有一个字段，应该是datetime的数据类型。但是，因为我无法绕过那个邪恶的在插入datetime 错误时从字符串转换日期和/或时间时转换失败。我有类似

Hi.,
I have a field in my database that is supposed to be a datatype of datetime. but, because i can't get around that evil Conversion failed when converting date and/or time from character string while inserting datetime error. i have something like

[DateUP] NVARCHAR(25)

我的搜索表单现在可以使用

My search form now works using

"select * from tblUsers WHERE dateUP BETWEEN '" & txtDateUp.Text & "' AND  '" & txtDateUp.Text & "23:59:59'"

我的问题是：

1.可能出现的负面影响是什么？

2.这是否为否 - 否？或者这取决于你如何使用它？对我而言，它只是用于日志记录以及之后的搜索和按DateUp过滤。

3.如果我现在使用nvarchar。 （如果我还有时间）我可以在不影响内部数据的情况下将其更改为日期时间吗？



我尝试了什么：



我只使用这个，因为我在插入日期时从字符串转换日期和/或时间时无法通过转换失败。

I没有时间完成这个项目。

My Question are:
1. What can be the Negative implications that could happen?
2. Is this a total No-No? or it depends upon how you use it for? For me its just for logging and later on search and filter by DateUp.
3. If I use nvarchar for now. (If I still have time) Can I still change it to datetime without affecting the data inside?

What I have tried:

I only use this because I could not get pass the Conversion failed when converting date and/or time from character string while inserting datetime.
I have little time to finish this project.

推荐答案

对我来说这是不行的。您只需将问题移至应用程序的另一部分，除此之外，您需要在选择/更新数据库的每个位置与此未定义日期作斗争。



为什么不使用确认输入的 DateTimePicker ？



BTW：不要直接使用用户输入构建您的SQL语句。使用参数化查询来避免SQL注入。

我希望它有所帮助。

For me it is a no go. You simply move the Problems to another section of your app, more than this, you Need to fight with this "undefined" Dates in every place you select/update the database.

Why not using a DateTimePicker which does validate the Input?

BTW: Do not use user Input directly to build your SQL Statement. Use parametrized query to avoid SQL injection.
I hope it helps.

这篇关于使用nvarchar欺骗数据库（假设）日期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！