使用带有日期时间选择器控件的sqlquery [英] using sqlquery with date time picker control
问题描述
我在sql中的桌面应用程序中遇到错误
问题是sql查询中的Sytax错误.
问题是由于日期时间选择器造成的.
查询是
i am getting error in desktop application in sql
the problem is Sytax error in sql query.
the problem is due to datetime picker..
the query is
MAcmd = MAconn.CreateCommand();
MAcmd.CommandText = "INSERT INTO maintable VALUES('" + txtfileno.Text + "','" + txtname.Text + "','" + txtfathername.Text + "','" + txtaddress.Text + "','" + dateTimePicker1.Text + "','" + txtperscription.Text + "'," + txtfee.Text + ")";
MAcmd.ExecuteNonQuery();
MessageBox.Show("Information Inserted Successfully");
MAconn.Close();
我将日期的客户格式设置为
i made customer format of date as
dateTimePicker1.CustomFormat = "MM/dd/yyyy";
在数据库中,日期字段的类型为日期/时间
它的插入查询在使用文本框插入日期时效果很好,但是我想使用日期时间选择器添加它.
in database the date field is of type date/time
its insert query is working fine with inserting date with text box but i want to add it using date time picker.
推荐答案
从不,永远不要在SQL中使用未经验证的用户输入陈述.您应该使用存储过程或至少一个参数化查询.这也将帮助您发现问题.
另外,如果必须形成字符串值,请使用String.Format而不是这种难以理解的字符串连接混乱.
NEVER, EVER use unvalidated user input in a SQL statement. You should be using a stored procedure or at least a parametrized query. This will also help you find the problem.
Also, use String.Format rather than this unreadable mess of string concatenation if you must form a string value.
正如Mark所提到的关于SP或PQ的那样,这是处理SQL查询的方法.此外,根据您提供的查询的外观,
缺少单引号('')
As Mark mentioned about the SP or PQ, that is way to handle SQL query. In addition by looks of the query you provided, there is a single quote ( '' ) missing for
+ "''," + txtfee.Text + ")";
txtfee(假设txtfee的类型是DB中的文本).基于此,
txtfee(assume the type of txtfee is text in DB). So based on that,
+ "'',''" + txtfee.Text + "'')";
可能会解决您的问题.
最后,我也强烈建议您使用PQ,请在此处 [^ ].
:)
might fix your problem.
At last, I also strongly suggest you to use PQ, please have look in here[^].
:)
这篇关于使用带有日期时间选择器控件的sqlquery的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!