将datetime类型char从表单插入数据库 [英] Inserting datetime type char from form into database

问题描述

我试图在我的数据库表中插入一个datetime值，但我是一个问题。
每次尝试这样做，此消息都会弹出：

将varchar数据类型转换为datetime数据类型导致超出范围值。
语句已终止。

这是我的代码：

  public static void DoQuery（string fileName，string sql）
 {
 
 SqlConnection conn = ConnectToDb（fileName）; 
 conn.Open（）; 
 SqlCommand com = new SqlCommand（sql，conn）; 
 com.ExecuteNonQuery（）; 
 com.Dispose（）; 
 conn.Close（）; 
 
} 
 private void button1_Click（object sender，EventArgs e）
 {
 SqlConnection cn = new SqlConnection（）; 
 cn.ConnectionString = @Data Source = .\SQLEXPRESS; AttachDbFilename ='c：\users\ *** \ *** \visual studio 2010 \Projects\ *** \\ \\ *** \Database.mdf'; Integrated Security = True; User Instance = True; 
 cn.Open（）; 
 string [] dateArr = dateBox.Text.Split（'/'）; 
 int [] dateInt = new int [3]; 
 for（int i = 0; i <3; i ++）
 {
 dateInt [i] = Int16.Parse（dateArr [i]）; 
 MessageBox.Show（dateInt [i] +）; 
} 
 DateTime date = new DateTime（dateInt [2]，dateInt [1]，dateInt [0]）; 
 
 string sql =INSERT INTO existProducts（name，date，price，amount）VALUES（'+ nameBox.Text +'，'+ date +'，'+ priceBox.Text +'，'+ amountBox.Text +'）; 
 
 MyAdoHelper.DoQuery（Database.mdf，sql）; 
 MessageBox.Show（Success！）; 
 
 cn.Close（）; 
} 
  

注意1：我有一个exeption处理，我删除它，因为我总是有
来处理这个异常，程序运行不好。

注意2：我检查连接字符串，但是

使用

/msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlparameter.aspxrel =nofollow>参数和 most probabbly 您的问题将被解决， 和（另一个重要的事情），你将从注射atack 安全。

I'm trying to insert a datetime value into my database table, but I'm ancountring a problem. Each time I try to do this, this message pops up:

The conversion of a varchar data type to a datetime data type resulted in an out-of-range value. The statement has been terminated.

This is my code:

public static void  DoQuery(string fileName, string sql)
{

    SqlConnection conn = ConnectToDb(fileName);
    conn.Open();
    SqlCommand com = new SqlCommand(sql, conn);
    com.ExecuteNonQuery();
    com.Dispose();
    conn.Close();

}
    private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection cn = new SqlConnection();
        cn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename='c:\users\***\***\visual studio 2010\Projects\***\***\Database.mdf';Integrated Security=True;User Instance=True";
        cn.Open();
        string[] dateArr = dateBox.Text.Split('/');
        int[] dateInt = new int[3];
        for (int i = 0; i < 3; i++)
        {
            dateInt[i] = Int16.Parse(dateArr[i]);
            MessageBox.Show(dateInt[i]+"");
        }
        DateTime date = new DateTime(dateInt[2],dateInt[1],dateInt[0]);

        string sql = "INSERT INTO existProducts(name,date,price,amount) VALUES ('" + nameBox.Text + "','" + date + "','" + priceBox.Text + "','" + amountBox.Text + "')";

        MyAdoHelper.DoQuery("Database.mdf", sql);
        MessageBox.Show("Success!");

        cn.Close();
    }

Note 1: I had an exeption handling but I removed it because I always had to handle this exception and the program didn't run well.

Note 2: I censored the connection string, but there is a connection and it works fine.

解决方案

Use Parameters and most probabbly your problem wil be solved, and (another important thing) you will be secure yourself from the injection atack too.

这篇关于将datetime类型char从表单插入数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！