如何使用 C# 在 Oracle 关系数据库中插入日期
我在 Oracle 中有 Date Var,当我尝试从 C# 程序插入数据时
sql = "insert into Table(MyDate) values (" + convert.todatetime(txt) + ")";
出现错误,我该怎么办?
I have Date Var in Oracle, and I try to insert Data from my C# program
sql = "insert into Table(MyDate) values (" + convert.todatetime(txt) + ")";
I get an Error, what can i do ?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
使用参数。 它将解决您的问题并防止注射。
Use parameters. It's going to solve your problem and prevent injection.
Oracle 希望它是一个实际的日期值,而不仅仅是一个看起来像日期的字符串。 您必须使用 TO_DATE() 函数来解释字符串的格式,如下所示:
Oracle expects it to be an actual date value, not just a string that looks like a date. You have to use the
TO_DATE()function to explain how your string is formatted, something like this:尝试使用 DateTime.TryParse(text) 或 DateTime.Parse(text)
Try using DateTime.TryParse(text) or DateTime.Parse(text)
我知道这是一个提出得很糟糕的问题,但是当我遇到同样的问题并遇到这个问题时,我看到了一些糟糕的答案。 这就是我解决这个问题的方法,我将使用 OP 的上下文来回答:
将日期解析为
DateTime变量:然后参数化您的查询:
设置一个
OracleParameter:假设您已经有一个
OracleConnection作为连接,请设置您的命令并添加您的参数:执行:
不要在任何
TO_DATE废话。 这适用于直接使用 SQL*Plus 或 Oracle SQL Developer 添加内容时,或者可能希望以TO_DATE期望的精确格式发送 STRING 变量的值(不是 DateTime 变量)的情况并且您在查询或存储过程的TO_DATE构造中进行分配(即to_date('2013-05-13 12:13:14', 'YYYY-MM-DD HH24: MI:SS')。使用DateTime变量并将其分配给OracleDbType为OracleDbType 的,假设您的表中有一个OracleParameter。 DateDATE字段,并且可以将txt解析为DateTime变量,但是,最好是最简单的。I know this was a poorly asked question, but I saw some poor answers when I had the same question and ran into this. This is how I solved it, and I'll answer using the OP's context:
Parse the date in to a
DateTimevariable:Then parameterize your query:
Set up an
OracleParameter:Assuming you already have an
OracleConnectionasconnection, set up your command and add your parameter:Execute:
Do NOT waste your time on any of the
TO_DATEnonsense. This is for when you are adding something using SQL*Plus or Oracle SQL Developer directly, or MAYBE where you want to send in a STRING variable's value (not a DateTime variable) in the EXACT format thatTO_DATEexpects and that you assign within theTO_DATEconstruct within your query or a stored procedure (i.e.to_date('2013-05-13 12:13:14', 'YYYY-MM-DD HH24:MI:SS'). Using aDateTimevariable and assigning that to anOracleParameterwith anOracleDbTypeofOracleDbType.Date, assuming you have aDATEfield in your table and can parsetxtinto aDateTimevariable, however, is best and easiest.最简单的方法:
Easiest way possible:
请绑定你的变量(就像 ocdecio 告诉的那样)! 它不仅可以防止 sql 注入,而且速度也更快。 尤其是在多并发的情况下。 阅读此处的示例: http://download .oracle.com/docs/cd/B28359_01/appdev.111/b28844/building_odp.htm#CEGCGDAB。
“绑定变量是SQL语句中的占位符。当数据库收到一条SQL语句时,它会判断该语句是否已经被执行并存储在内存中。如果该语句确实存在于内存中,Oracle数据库可以重用它并跳过该任务解析和优化语句使用绑定变量使语句可以重用不同的输入值。使用绑定变量还可以提高数据库中的查询性能,无需对输入中的文字引号进行特殊处理,并防止 SQL 注入攻击。”
Please bind your variables (like ocdecio tells) ! Not only does it prevent sql injection it is also much faster. Especially in a multi concurrency situation. Read for example here: http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28844/building_odp.htm#CEGCGDAB .
"Bind variables are placeholders inside a SQL statement. When a database receives a SQL statement, it determines if the statement has already been executed and stored in memory. If the statement does exist in memory, Oracle Database can reuse it and skip the task of parsing and optimizing the statement. Using bind variables makes the statement reusable with different input values. Using bind variables also improves query performance in the database, eliminates the need for special handling of literal quotation marks in the input, and protects against SQL injection attacks."