SQL和日期问题 [英] Problem with SQL and date
问题描述
Hello.
I have a problem with the format of the date which is stored in SQL server. It should send the date as 'dd-MM-yyyy' but when I look in the 'Table Data' it shows like 'mm-DD-yyyy 00:00:00' and I can't figure out why.
My code for sending information to SQL is:
<pre lang="c#"> MessageBox.Show((DateTime.Parse(datoForbrug.Value.ToShortDateString())).ToString("dd-MM-yyyy"));
cmd.CommandText = "insert into " + Forbrug + " (Dato, Aflæsning, Forskel) VALUES ('" + (DateTime.Parse(datoForbrug.Value.ToShortDateString())).ToString("dd-MM-yyyy") + "', '" + IndtastForbrug.Text + "','" + 0 + "')";
当我从SQL接收数据时,代码是:
When I should recieve the data from SQL, the code is:
Gridview_index.Rows [n].Cells [0].Value = String.Format("{0:dd-MM-yyyy}", item [1].ToString());
我尝试了什么:
一切:从更改dateTimePicker中的格式到格式化,从发送信息到SQL,在SQL中,从SQL接收。也在网上搜索。
What I have tried:
Everything: from changing format in the dateTimePicker to format from sending information to SQL, in the SQL and recieving from SQL. Searching the web too.
推荐答案
它应该将日期发送为' dd-MM-yyyy
'当我查看'表格数据'时,它显示为' mm-DD-yyyy 00:00:00
'我无法找出原因。
It should send the date as 'dd-MM-yyyy
' but when I look in the 'Table Data' it shows like 'mm-DD-yyyy 00:00:00
' and I can't figure out why.
日期格式取决于sqk服务器本地化和数据库整理。请参阅: SQL Server的国际注意事项 [ ^ ]。通常,日期(日期时间)数据类型包含日期和时间部分。请检查:数据类型(Transact-SQL)| Microsoft Docs [ ^ ]找出原因。
根据您要实现的目标,您可以更改 datetime
数据类型为 date
。
A date format depends on sqk server localization and database collation. Please see: International Considerations for SQL Server[^]. Usually a date (datetime) data type contains a date and time parts. Check this: Data Types (Transact-SQL) | Microsoft Docs[^] to find out why.
Depending on what you're trying to achieve, you can change datetime
data type into date
.
从SQL中的scriptfile:
From scriptfile in SQL:
INSERT INTO [dbo].[Elforbrug] ([Id], [Dato], [Aflæsning], [Forskel]) VALUES (71, N'2017-02-04 00:00:00', 10, 0)
INSERT INTO [dbo].[Elforbrug] ([Id], [Dato], [Aflæsning], [Forskel]) VALUES (72, N'2017-02-04 00:00:00', 12, 0)
永远不要通过连接用户输入来构建SQL查询,它被命名为SQL注入,这对你来说很危险数据库容易出错。
名称中的单引号和程序崩溃。如果像Brian O'Conner这样的用户输入可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
Never build an SQL query by concatenating with user inputs, it is named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability.
SQL injection - Wikipedia[^]
SQL Injection[^]
这篇关于SQL和日期问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!