如何使用VB.NET在存储过程中传递日期值 [英] How to pass date value in stored procedure using VB.NET
问题描述
将日期值从vb.net中的日期时间选择器传递到存储过程我收到以下错误。
System.Data.dll中发生了'System.Data.OleDb.OleDbException'类型的未处理异常
附加信息:不正确'/'附近的语法。
vb.net代码
Dim cmd作为OleDbCommand
SP =SP_ExpEntry @OperationId =+ Str(Val(1))+,@ Eid =+ Str(Me.TxtEXid.Text)+,@ ExDt =+ Me.PKREXdt.Value + ,@ EnDT =+ Me.PkrEntryDt.Value +
cmd =新OleDbCommand(SP,con)
cmd。 ExecuteNonQuery()
我尝试了什么:
尝试传入特殊格式
格式(Me.PkrEntryDt.Value,dd / MM / yyyy)
转换为日期时间
Hi,
while passing the date value from datetime picker in vb.net to stored procedure i am getting the below error.
An unhandled exception of type 'System.Data.OleDb.OleDbException' occurred in System.Data.dll
Additional information: Incorrect syntax near '/'.
vb.net code
Dim cmd As OleDbCommand
SP = "SP_ExpEntry @OperationId =" + Str(Val(1)) + ", @Eid= " + Str(Me.TxtEXid.Text) + ",@ExDt= " + Me.PKREXdt.Value + ",@EnDT= " + Me.PkrEntryDt.Value + ""
cmd = New OleDbCommand(SP, con)
cmd.ExecuteNonQuery()
What I have tried:
tried passing in particular format
Format(Me.PkrEntryDt.Value, "dd/MM/yyyy")
converting to date time
推荐答案
使用参数化查询,它应该是ove解决问题。
OleDbCommand.Parameters属性(System.Data.OleDb) [ ^ ]
例如:(未经测试)
Use a parameterized query and it should overcome the problem.
OleDbCommand.Parameters Property (System.Data.OleDb)[^]
Exampe: (untested)
cmd = New OleDbCommand("SP_ExpEntry", con)
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@OperationId", 1)
cmd.Parameters.AddWithValue("@Eid", TxtEXid.Text)
cmd.Parameters.AddWithValue("@ExDt", PKREXdt.Value)
cmd.Parameters.AddWithValue("@EnDT", PkrEntryDt.Value)
正如@losmac所建议的,这里有一些关于SQL注入的资源以及为什么参数化查询最好...
SQL注入 - OWASP [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
bobby-tables.com:防止SQL注入的指南 [ ^ ]
As suggested by @losmac here are some resources about SQL Injection and why parameterized queries are best...
SQL Injection - OWASP[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
bobby-tables.com: A guide to preventing SQL injection[^]
这篇关于如何使用VB.NET在存储过程中传递日期值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!