用于更新的sql命令
我有一个表,我想使用简单的更新命令来更新。
protected void UpdateButton_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("UPDATE KPI_DETAILS_TABLE SET KPI1_Status =
@KPI1_Status, KPI2_Status = @KPI2_Status, KPI3_Status = @KPI3_Status,
KPI4_Status = @KPI4_Status, KPI5_Status = @KPI5_Status, KPI6_Status =
@KPI6_Status, Overall_Status= @Overall_Status WHERE TokenID = '" +
DropDownList1.SelectedItem.Text + "' AND TimeSet = '"
+ currentdate + "'", connection);
cmd.Parameters.AddWithValue("@KPI1_Status", DropboxKPI1.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI2_Status", DropboxKPI2.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI3_Status", DropboxKPI3.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI4_Status", DropboxKPI4.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI5_Status", DropboxKPI5.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI6_Status", DropboxKPI6.SelectedItem.Text);
cmd.Parameters.AddWithValue("@Overall_Status", FinalStatus.SelectedItem.Text);
try
{
cmd.ExecuteNonQuery();
Error1.Text = "KPI Status Successfully Updated !!";
}
catch { Error1.Text = "Error during Updating status of KPIs"; }
finally { connection.Close(); }
}
但是它抛出以下异常错误:
将 varchar 数据类型转换为 datetime 数据类型导致值超出范围。
数据库中数据类型datetime 的唯一列是TimeSet。但currentdate也是数据类型datetime。
DateTime currentdate = DateTime.Now.ToLocalTime();
那么为什么会出现这个错误呢?请帮忙。
I have a table which I want to update using a simple update command.
protected void UpdateButton_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("UPDATE KPI_DETAILS_TABLE SET KPI1_Status =
@KPI1_Status, KPI2_Status = @KPI2_Status, KPI3_Status = @KPI3_Status,
KPI4_Status = @KPI4_Status, KPI5_Status = @KPI5_Status, KPI6_Status =
@KPI6_Status, Overall_Status= @Overall_Status WHERE TokenID = '" +
DropDownList1.SelectedItem.Text + "' AND TimeSet = '"
+ currentdate + "'", connection);
cmd.Parameters.AddWithValue("@KPI1_Status", DropboxKPI1.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI2_Status", DropboxKPI2.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI3_Status", DropboxKPI3.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI4_Status", DropboxKPI4.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI5_Status", DropboxKPI5.SelectedItem.Text);
cmd.Parameters.AddWithValue("@KPI6_Status", DropboxKPI6.SelectedItem.Text);
cmd.Parameters.AddWithValue("@Overall_Status", FinalStatus.SelectedItem.Text);
try
{
cmd.ExecuteNonQuery();
Error1.Text = "KPI Status Successfully Updated !!";
}
catch { Error1.Text = "Error during Updating status of KPIs"; }
finally { connection.Close(); }
}
However it's throwing the following exception error:
The conversion of a varchar data type to a datetime data type resulted in an out-of-range value.
The only column of datatype datetime in the database is TimeSet. But currentdate is also of data type datetime.
DateTime currentdate = DateTime.Now.ToLocalTime();
Then why is this error popping up? Please help.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
a) 对
WHERE子句中的值以及SET部分使用参数,b) 然后使用
cmd.Parameters.AddWithValue("@ TimeSet", DateTime.Now.ToLocalTime());这也将保护您免受 SQL 注入。
即,如果您有一个日期时间值,请尝试将其保留为日期时间值,并且不要在任何时候尝试将其视为字符串。让 ADO.Net 和 SQL Server 处理任何必要的转换。
a) Use parameters for the values in your
WHEREclause, as well as for theSETpart, andb) Then use
cmd.Parameters.AddWithValue("@TimeSet", DateTime.Now.ToLocalTime());This will also protect you from SQL injection.
I.e. if you've got a datetime value, try to keep it as a datetime value, and don't muck about with trying to treat it as a string at any point. Let ADO.Net and SQL Server deal with any necessary conversions.
您的代码应如下所示:
SqlCommand对象字符串中的混乱情况。SqlCommand添加局部变量,而是添加了新的SqlParameters并定义了它们从何处获取值(@ID、@Time)。Your code should look like this:
SqlCommandobject.SqlCommandI added newSqlParametersand defined where they'd get their values from (@ID, @Time).相反,您使用
DateTime.Now.ToString();给出 Currentdate 并重试。Instead you use
DateTime.Now.ToString();for giving the Currentdate and try again.