将 Varchar 数据类型转换为日期时间导致超出范围
我有问题。我无法识别我的错误...
int dt = Convert.ToInt32(Items.Rows[T1]["F14"].ToString().Trim());
int mn = Convert.ToInt32(Items.Rows[T1]["F15"].ToString().Trim());
int yr = Convert.ToInt32(Items.Rows[T1]["F16"].ToString().Trim());
string DtString = mn.ToString().Trim() + "/" + dt.ToString().Trim() + "/" + yr.ToString().Trim();
DateTime RegExp = Convert.ToDateTime(DtString);
exp_date is datetime field in sqlserver.
string MyDtQry = "UPDATE MyTable SET exp_date='" + RegExp + "' where MyTable.id_no='" + AlmIDNo + "'";
但我收到错误:
将 Varchar 数据类型转换为日期时间结果超出范围
I have problem. I can' identify my mistake...
int dt = Convert.ToInt32(Items.Rows[T1]["F14"].ToString().Trim());
int mn = Convert.ToInt32(Items.Rows[T1]["F15"].ToString().Trim());
int yr = Convert.ToInt32(Items.Rows[T1]["F16"].ToString().Trim());
string DtString = mn.ToString().Trim() + "/" + dt.ToString().Trim() + "/" + yr.ToString().Trim();
DateTime RegExp = Convert.ToDateTime(DtString);
exp_date is datetime field in sqlserver.
string MyDtQry = "UPDATE MyTable SET exp_date='" + RegExp + "' where MyTable.id_no='" + AlmIDNo + "'";
But I'am getting the error:
Conversion of a Varchar Datatype to a datetime resultant in an out of range
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
好吧,我会以非常不同的方式处理这个任务:
在将日、月和年作为整数获取之后,我绝对不会将它们重新组合在一起并解析它们。只需使用:
更新数据库时,我不会将值直接放入SQL 语句中。请改用参数化 SQL 语句,并将参数设置为
date。这样,您就不必担心数据库需要与您提供的日期格式不同的日期格式。一般来说,您应该始终使用参数化 SQL,而不是将值直接嵌入到 SQL 中 - 以及帮助解决这种情况,它可以避免 SQL 注入攻击。现在,在完成所有这些操作之后,如果您仍然收到错误,则应该检查您尝试插入的实际数据。也许
Items中的数据确实超出了SQL Server的范围。Well, I would approach the task very differently:
After getting the day, month and year as integers I definitely wouldn't stick them back together and parse them. Just use:
When updating the database, I wouldn't put the value directly into the SQL statement. Use a parameterized SQL statement instead, and set the parameter to
date. That way you don't need to worry about the database expecting a different date format to the one you provide. In general, you should always use parameterized SQL rather than embedding the values directly into the SQL - as well as helping with this kind of situation, it avoids SQL injection attacks.Now, after doing all of that, if you're still getting an error, you should check what actual data you're trying to insert. Maybe the data in
Itemsreally is out of range for SQL Server.由于您没有显示任何输入,所以很难准确地看到;然而,以下内容显然是危险的:
即使我们掩盖了您应该使用参数(您确实应该)的事实,您也需要以 SQL Server 期望的方式格式化此日期 - 这可能与本地的非常不同格式。
然而;不用麻烦格式化它!为此使用一个参数,它就会消失。这并不难 - 例如使用 dapper:
就完成了;完全安全,免受注入和(在这种情况下更有可能)将数据格式化为字符串的问题。
It is hard to see exactly since you don't show any of your inputs; however, the following is clearly dangerous:
Even if we gloss over the fact that you should be using parameters (you really should), you would need to format this date in the way that SQL server expects - which could be very different to the local format.
However; don't bother formatting it! Use a parameter for this, and it'll go away. This doesn't need to be hard - for example with dapper:
and done; fully safe from both injection and the (more likely in this case) issue of formatting data as strings.
这一定是您指定的格式的问题,例如您可能保存的是日期值列而不是月份列。
This must be problem of the format you are specifying, like instead of month column you might be saving date value column.