使用带有日期时间选择器控件的sqlquery [英] using sqlquery with date time picker control

问题描述

我在sql中的桌面应用程序中遇到错误
问题是sql查询中的Sytax错误.

问题是由于日期时间选择器造成的.

查询是

i am getting error in desktop application in sql
the problem is Sytax error in sql query.

the problem is due to datetime picker..

the query is

MAcmd = MAconn.CreateCommand();
               MAcmd.CommandText = "INSERT INTO maintable VALUES('" + txtfileno.Text + "','" + txtname.Text + "','" + txtfathername.Text + "','" + txtaddress.Text + "','" + dateTimePicker1.Text + "','" + txtperscription.Text + "'," + txtfee.Text + ")";
               MAcmd.ExecuteNonQuery();
               MessageBox.Show("Information Inserted Successfully");
               MAconn.Close();

我将日期的客户格式设置为

i made customer format of date as

dateTimePicker1.CustomFormat = "MM/dd/yyyy";

在数据库中，日期字段的类型为日期/时间

它的插入查询在使用文本框插入日期时效果很好，但是我想使用日期时间选择器添加它.

in database the date field is of type date/time

its insert query is working fine with inserting date with text box but i want to add it using date time picker.

推荐答案

从不，永远不要在SQL中使用未经验证的用户输入陈述.您应该使用存储过程或至少一个参数化查询.这也将帮助您发现问题.

另外，如果必须形成字符串值，请使用String.Format而不是这种难以理解的字符串连接混乱.

NEVER, EVER use unvalidated user input in a SQL statement. You should be using a stored procedure or at least a parametrized query. This will also help you find the problem.

Also, use String.Format rather than this unreadable mess of string concatenation if you must form a string value.

正如Mark所提到的关于SP或PQ的那样，这是处理SQL查询的方法.此外，根据您提供的查询的外观，
缺少单引号('')

As Mark mentioned about the SP or PQ, that is way to handle SQL query. In addition by looks of the query you provided, there is a single quote ( '' ) missing for

+ "''," + txtfee.Text + ")";

txtfee(假设txtfee的类型是DB中的文本).基于此，

txtfee(assume the type of txtfee is text in DB). So based on that,

+ "'',''" + txtfee.Text + "'')";

可能会解决您的问题.
最后，我也强烈建议您使用PQ，请在此处 [^ ].

:)

might fix your problem.
At last, I also strongly suggest you to use PQ, please have look in here[^].

:)

这篇关于使用带有日期时间选择器控件的sqlquery的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！