I'm localized in Greece and the date format used is dd/mm/yyyy.
So I have is that I made a page with a callendar. The user picks a date and this date is stored to an SQL server. But here comes the problem. When I try to write to the server the above format ( dd/mm/yyyy ) is not accepted because SQL wants date in format ( mm/dd/yyyy). So if day is bigger than 12 I get error or if is less than 13 wrong date is stored in the SQL.
Any ideas?
Thanks in advanceWhen you are in code, be it SQL or C#/VB, always use the date data type NOT a string. When you display the contents of a date data type always use the appropriate culture. When you pass a value to SQL use an ado paramater of datetime. There should be no problem then. If, and I can't think why, you really want to pass a string to SQL with a date in it, then use a culture invariant such as YYYY-MM-DD|||Thanks for your quick reply.
No I'm not passing string to the SQL. Passing date data type. I read it as date, I use it as date in the calendar, and I try to write it as date in the SQL. but fail. :(|||That doesn't make any sense. Can you post how you are using it in SQL server?|||I read it as follow:
Dim cmd As New OleDbCommand("SELECT * from NEWS where id = " & Convert.ToInt64(myGlobalId), con1)
And I get no problem there. It reads correctly and displays correctly. all the fields.
And I write to the db as follow:
Dim cmd As New OleDbCommand("INSERT INTO NEWS (id, title, body, news_date) VALUES (" & newid & ",'" & titlebox.Text & "','" & bodybox.Text & "','" & mySdate & "')", con1)
mySdate has been declared as date and as datetime but no use. Also it has been test with and without quotes ('). Without quotes I get a new record but date is always 1/1/1900. With quotes I get an error when day is bigger than the month.
Thanks for your time...|||You are using a string! You must try to use params, for many many reasons, one of them is sorting out formating problems like you've got. Switch to using params and the problem will go away.
PS You really should worry about SQL Injection hacks so using params will get you around 99% of those too.|||What do you mean about security? Do you have a link so I read more about SQL Injection hacks?
I guess I'm sending a string as long as I use ['mySdate'] but I do not as long I send [mySdate]. When I send just [mySdate] I get a 1/1/1900 date in the SQL db. So the error should be elsewere. Also I found is that when a ODBC/System DNS is created there is an option "Use regional settings when outputing currency, numbers, dates and times" that can be checked/unchecked. But can't find somthing similar when creating my connection in visual studio...
Once more thanks for helping a newbie :)|||There are plenty of resources on SQL Injection, just type it into google and choose the one at the level most suited. Basically imagine someone has entered "'Delete from Stock" as a text string, it could actually run the SQL typed in, not what you want at all!
I didn't really follow what your statement, but trust me use paramaters. Look up SQLParameter and Commands. Your SQL should look more like...
"select * from table where column=?"
The question mark is a place holder for your first param. Look it up, honestly its much easier than I'm making it. But you really need to spend 20 mins and have a good read.|||You were right.
I used parameters and date problem solved. I have put the ? as you suggested and after I have the command:
"cmd.Parameters.Add("@.news_date", OleDbType.Date).Value = mydate"
Also seems that there is a protection for SQL injections... :)
The same for the other fields of course. :) Seems to work great now!
Thanks for your help.
No comments:
Post a Comment