使用nvarchar欺骗数据库(假设)日期 [英] Cheating database (supposed) date by using nvarchar
问题描述
嗨。,
我的数据库中有一个字段,应该是datetime的数据类型。但是,因为我无法绕过那个邪恶的在插入datetime
错误时从字符串转换日期和/或时间时转换失败。我有类似
Hi.,
I have a field in my database that is supposed to be a datatype of datetime. but, because i can't get around that evil Conversion failed when converting date and/or time from character string while inserting datetime
error. i have something like
[DateUP] NVARCHAR(25)
我的搜索表单现在可以使用
My search form now works using
"select * from tblUsers WHERE dateUP BETWEEN '" & txtDateUp.Text & "' AND '" & txtDateUp.Text & "23:59:59'"
我的问题是:
1.可能出现的负面影响是什么?
2.这是否为否 - 否?或者这取决于你如何使用它?对我而言,它只是用于日志记录以及之后的搜索和按DateUp过滤。
3.如果我现在使用nvarchar。 (如果我还有时间)我可以在不影响内部数据的情况下将其更改为日期时间吗?
我尝试了什么:
我只使用这个,因为我在插入日期时从字符串转换日期和/或时间时无法通过转换失败。
I没有时间完成这个项目。
My Question are:
1. What can be the Negative implications that could happen?
2. Is this a total No-No? or it depends upon how you use it for? For me its just for logging and later on search and filter by DateUp.
3. If I use nvarchar for now. (If I still have time) Can I still change it to datetime without affecting the data inside?
What I have tried:
I only use this because I could not get pass the Conversion failed when converting date and/or time from character string while inserting datetime.
I have little time to finish this project.
推荐答案
对我来说这是不行的。您只需将问题移至应用程序的另一部分,除此之外,您需要在选择/更新数据库的每个位置与此未定义日期作斗争。
为什么不使用确认输入的DateTimePicker
?
BTW:不要直接使用用户输入构建您的SQL语句。使用参数化查询来避免SQL注入。
我希望它有所帮助。
For me it is a no go. You simply move the Problems to another section of your app, more than this, you Need to fight with this "undefined" Dates in every place you select/update the database.
Why not using aDateTimePicker
which does validate the Input?
BTW: Do not use user Input directly to build your SQL Statement. Use parametrized query to avoid SQL injection.
I hope it helps.
这篇关于使用nvarchar欺骗数据库(假设)日期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!