将varchar数据类型转换为日期时间数据类型会导致超出范围的值。该语句已终止。 [英] The conversion of a varchar data type to a datetime data type resulted in an out-of-range value. The statement has been terminated.

问题描述

protected void btnregister_Click(object sender, EventArgs e)
{

    con.Open();
    SqlCommand cmd = new SqlCommand("insert into reg values('" + lbl_id.Text + "','" + lbl_dat.Text + "','" + txt_name.Text + "','" + txt_pwd.Text + "','" + txt_num.Text + "','" + txt_city.Text + "','" + txt_email.Text + "')", con);
    cmd.ExecuteNonQuery();
    con.Close();
    MsgBox.Show("registered successfully");
    Response.Redirect("login.aspx");


}

probelm at cmd.ExecuteNonQuery（）;

probelm at cmd.ExecuteNonQuery();

推荐答案

永远不要这样做。永远不要连接字符串以形成SQL命令：你会对SQL注入攻击敞开大门，这可能会破坏或破坏你的数据库，并导致像这样的问题。总是使用参数化查询。



首先，使用DateTime.TryParse将日期元素转换为DateTime值，并使用合理的错误消息向用户报告任何问题。然后将DateTime值作为参数传递给SQL作为SQLCommand对象，以及文本字段作为参数。

Never do that. Never concatenate strings to form an SQL command: you leave yourself wide open to SQL Injection Attack which can damage or destroy your database, as well as causing problems like this. Always use parametrized queries instead.

So first, convert your date elements to a DateTime value, using DateTime.TryParse and reporting any problems to the user with a sensible error message. Then pass the DateTime value through to SQL as a Parameter to the SQLCommand object, along with the text field as parameters as well.

这篇关于将varchar数据类型转换为日期时间数据类型会导致超出范围的值。该语句已终止。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！