C# 插入日期时间失败
我有一个数据库,其中有一个名为 Fio_FinalSched 的表,该表又包含一个名为 FinalDate 的列,其类型为smalldatetime。我通过以下方式将日期字符串转换为 DateTime 类型:
DateTime theDate = Convert.ToDateTime("2010-01-05 23:50:00");
然后,通过以下方式创建命令字符串:
string testCommand = "INSERT INTO Fio_FinalSched (FinalDate) Values ("+theDate+")";
然后,将其转换为 SQL 命令:
SqlCommand myCommand = new SqlCommand(testCommand,conn);
其中 conn 是数据库连接。最后,我执行命令:
myCommand.ExecuteNonQuery();
当我运行这个命令时,它到达执行行,然后给我错误:
Incorrect syntax near '11'.
我尝试了多种方式更改日期字符串的格式,但无济于事。是否因为我的数据库需要 smalldatetime 类型而不是 datetime 类型? C# 似乎没有我可以使用的 smalldatetime 类型。任何见解将不胜感激!
I've got a database with a table called Fio_FinalSched which in turn has a column named FinalDate with type smalldatetime. I convert the date string to a DateTime type by:
DateTime theDate = Convert.ToDateTime("2010-01-05 23:50:00");
I then create the command string by:
string testCommand = "INSERT INTO Fio_FinalSched (FinalDate) Values ("+theDate+")";
Then, turn it into an SQL command:
SqlCommand myCommand = new SqlCommand(testCommand,conn);
where conn is the db connection. Finally, I execute the command:
myCommand.ExecuteNonQuery();
When I run this, it gets to the execution line, and then give me the error:
Incorrect syntax near '11'.
I've tried altering the format of my date string several ways, to no avail. Is it because my database is wanting a smalldatetime type and not a datetime type? C# doesn't seem to have a smalldatetime type that I can use. Any insight would be appreciated!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(6)
您需要使用单引号将日期括在 SQL 字符串文字中...
或使用参数..
You need to wrap the date in a SQL string literal using single quotes...
Or use Parameters..
尝试在字符串中的日期两边加上单引号...
Try putting single quotes around the date in the string...
使用 DateTime 类型和数据库中的其他几个类型,强烈建议使用 @Parameters 以及所有转换(如果需要),例如:时区、格式或在客户端执行的任何操作。
还因为,正如您在帖子中提到的,该列是 smalldatetime 类型,而不是字符串。
简而言之,尝试使用@Parameters,你很可能会成功。
问候。
Working with DateTime type and several others in DataBase its strongly recomended using @Parameters, and all convertions, if you need, like: timezone, formatting or whatever do on client side.
Also because, as you mantioned in your post, the column is of smalldatetime type and not string.
In short try to use @Parameters and most likely you will succeed.
Regards.
使用参数而不是字符串,示例 SqlParameterCollection.AddWithValue 方法。
Use parameters instead of string, for example SqlParameterCollection.AddWithValue method.
首先在日期两边加上单引号。
例如
('"+theDate+"')";
这通常对于 ISO 来说就足够了。您可能需要研究转换器函数。
请注意 theDate 信息的来源。如果它来自可编辑字段(等),则这是 SQL 注入攻击的候选者。
但是,如果转换为 dateTime,然后粘贴到 SQL 字符串中,这不是一层编码吗?
start by putting single quotes around the date.
e.g.
('"+theDate+"')";
that's usually enough for ISO. You might have to look into converter functions.
Be careful of where the info comes from for theDate. If it comes from an editable field (etc.), then this is a candidate for SQL injection attacks.
However, if you convert to dateTime, and then paste into a SQL string, isn't that a layer of encoding?
我建议使用命名参数:
I'd recommend using named parameters: