日期保存中的问题。 [英] Problem in date saveing.

问题描述

嗨

我正在使用dataetimepicker来保存日期。

但是当我保存datepicker日期中的时间是系统当前日期和数据库01/01时的日期/ 1900



这是插入字符串

Hi
I am using dataetimepicker to save date.
But when i am save the date that time in datepicker date is system current date and in database 01/01/1900

This is the string of insert

Query = "Insert Into TableBill (ID,TableNo,BillDate,ItemName,Quantity,UnitMl,DrinkAmount,FoodDet,FoodAmount,TotalBill) Values (" & txtid.Text & "," & txttableno.Text & "," & DateTimePicker1.value& ",'" & rw.Cells(0).Value & "','" & rw.Cells(1).Value & "','" & rw.Cells(2).Value & "','" & rw.Cells(3).Value & "','" & rw.Cells(4).Value & "','" & rw.Cells(5).Value & "'," & txtfinalbill.Text & ")"

有什么问题我没有得到请帮助我..

提前谢谢..

What is the problem i am not getting please help me..
Thanks in advance..

推荐答案

主要问题是你要串联到形式你的SQL命令。不要。

首先，因为它会让你对SQL注入攻击持开放态度，这会对你的数据库造成破坏或破坏。

其次因为它让你对这样的问题敞开大门这个。



当你连接字符串时，它会构建一个字符串值来传递给SQL。所以，要减少你的代码：

The major problem is that you are concatenating strings to form your SQL command. Don't.
Firstly, because it leave you wide open to SQL Injection attacks which can damage or destroy your database.
Secondly because it leaves you wide open to problems like this.

When you concatenate strings, it builds a string value to pass to SQL. So, to cut down your code a little:

Query = "Insert Into TableBill (TableNo,BillDate,ItemName) Values (txttableno.Text & "," & DateTimePicker1.value& ",'" & rw.Cells(0).Value & "')"

这会在幕后进行一系列ToString调用，最终会得到相当于：

This does a bunch of ToString calls behind the scenes and you end up with the equivalent of:

Query = "Insert Into TableBill (TableNo,BillDate,ItemName) Values (1234,1/12/2013,'The Item I Want')"

将其传递给SQL进行解析。它查看它，取整数值1，将其除以12得0，然后除以2013然后仍然给出0.它然后将零转换为日期并出现错误的值。如果您的系统设置为U，则会发生同样的情况S：12/1/2013仍为零，依此类推。



使用参数化查询。不仅不会出现这样的问题，而且您的数据库可以安全地输入命令将其销毁到文本框中...

Which is passed to SQL for parsing. It looks at it, takes an integer value 1, divides it by 12 to give 0, which it then divides by 2013 to still give 0. It then converts the zero to a date and comes up with the wrong value. The same thing happens if your system is set to US: 12/1/2013 is still zero, and so forth.

Use parameterized queries. Not only do such problems not occur, but your database is safe from me typing commands to destroy it into your text boxes...

Query = "Insert Into TableBill (ID,TableNo,BillDate,ItemName,Quantity,UnitMl,DrinkAmount,FoodDet,FoodAmount,TotalBill) Values (" & txtid.Text & "," & txttableno.Text & ",'" & DateTimePicker1.Text & "','" & rw.Cells(0).Value & "','" & rw.Cells(1).Value & "','" & rw.Cells(2).Value & "','" & rw.Cells(3).Value & "','" & rw.Cells(4).Value & "','" & rw.Cells(5).Value & "'," & txtfinalbill.Text & ")"

这里我需要给出单引号。



喜欢这个..

Here I need to give the single quote.

like this..

'" DateTimePicker1.Text "'

或

or

'" & DateTimePicker1.Value & "'

这篇关于日期保存中的问题。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！