Create an Insert SQL - Statement for insert a date
-
Hi all, I was trying and trying ... in Visual c# .net I use a date which should besaved to the database: DateTime TimeForTheDatabase = DateTime.Now; ... this is only an example ... Now I will Insert "TimeForTheDatabase" to the Database: SqlCommand dataCommand = new SqlCommand("Insert INTO table1 (Text,Datum) VALUES ("Info",TimeForTheDatabase)",dataConnection); But I get an Error :( Can somebody give me a sample how to insert my "TimeForTheDatabase" into my DB ? Thanks
-
Hi all, I was trying and trying ... in Visual c# .net I use a date which should besaved to the database: DateTime TimeForTheDatabase = DateTime.Now; ... this is only an example ... Now I will Insert "TimeForTheDatabase" to the Database: SqlCommand dataCommand = new SqlCommand("Insert INTO table1 (Text,Datum) VALUES ("Info",TimeForTheDatabase)",dataConnection); But I get an Error :( Can somebody give me a sample how to insert my "TimeForTheDatabase" into my DB ? Thanks
whats the error????? without error description how people can help you ?
Thanks, Arindam D Tewary
-
Hi all, I was trying and trying ... in Visual c# .net I use a date which should besaved to the database: DateTime TimeForTheDatabase = DateTime.Now; ... this is only an example ... Now I will Insert "TimeForTheDatabase" to the Database: SqlCommand dataCommand = new SqlCommand("Insert INTO table1 (Text,Datum) VALUES ("Info",TimeForTheDatabase)",dataConnection); But I get an Error :( Can somebody give me a sample how to insert my "TimeForTheDatabase" into my DB ? Thanks
the problem is format. if u simply want to store datatime do in in db side example Insert INTO table1 (Text,Datum) VALUES ("Info",getdate())
-
Hi all, I was trying and trying ... in Visual c# .net I use a date which should besaved to the database: DateTime TimeForTheDatabase = DateTime.Now; ... this is only an example ... Now I will Insert "TimeForTheDatabase" to the Database: SqlCommand dataCommand = new SqlCommand("Insert INTO table1 (Text,Datum) VALUES ("Info",TimeForTheDatabase)",dataConnection); But I get an Error :( Can somebody give me a sample how to insert my "TimeForTheDatabase" into my DB ? Thanks
OK, there are a few problems here. Do it this way:
SqlCommand dataCommand = new SqlCommand("INSERT INTO table1 (Text,Datum) VALUES (@TX,@DT)");
dataCommand.Parameters.AddWithValue("@TX", "Info");
dataCommand.Parameters.AddWithValue("@DT", TimeForTheDatabase);That way you won't get the syntax error, and you can start to avoid SQL injection attacks later on. [edit]I forgot the .Parameters bit. :doh: [/edit]
All those who believe in psycho kinesis, raise my hand.
modified on Thursday, December 17, 2009 10:07 AM
-
Hi all, I was trying and trying ... in Visual c# .net I use a date which should besaved to the database: DateTime TimeForTheDatabase = DateTime.Now; ... this is only an example ... Now I will Insert "TimeForTheDatabase" to the Database: SqlCommand dataCommand = new SqlCommand("Insert INTO table1 (Text,Datum) VALUES ("Info",TimeForTheDatabase)",dataConnection); But I get an Error :( Can somebody give me a sample how to insert my "TimeForTheDatabase" into my DB ? Thanks
-
OK, there are a few problems here. Do it this way:
SqlCommand dataCommand = new SqlCommand("INSERT INTO table1 (Text,Datum) VALUES (@TX,@DT)");
dataCommand.Parameters.AddWithValue("@TX", "Info");
dataCommand.Parameters.AddWithValue("@DT", TimeForTheDatabase);That way you won't get the syntax error, and you can start to avoid SQL injection attacks later on. [edit]I forgot the .Parameters bit. :doh: [/edit]
All those who believe in psycho kinesis, raise my hand.
modified on Thursday, December 17, 2009 10:07 AM
I am not sure SqlCommand has a AddWithValue method. You are supposed to add to the Parameters collection, not to the command object.
-
I am not sure SqlCommand has a AddWithValue method. You are supposed to add to the Parameters collection, not to the command object.
:doh: Corrected - thanks!
All those who believe in psycho kinesis, raise my hand.
-
That is because the time format isn't converted to string. Try this: SqlCommand dataCommand = new SqlCommand(string.Format("Insert INTO table1 (Text,Datum) VALUES ('Info',{0})",TimeForTheDatabase),dataConnection);
No, never do that. Use parameters.
-
That is because the time format isn't converted to string. Try this: SqlCommand dataCommand = new SqlCommand(string.Format("Insert INTO table1 (Text,Datum) VALUES ('Info',{0})",TimeForTheDatabase),dataConnection);
Not really recommended - firstly beacause it involves an unnecessary string conversion, and secondly because it is better practise to use parameters at all times. In this case there is no risk of an SQL injection attack, but all it would take is a small change to the logic... See the XKCD cartoon "Bobby Tables"[^]
All those who believe in psycho kinesis, raise my hand.
-
Not really recommended - firstly beacause it involves an unnecessary string conversion, and secondly because it is better practise to use parameters at all times. In this case there is no risk of an SQL injection attack, but all it would take is a small change to the logic... See the XKCD cartoon "Bobby Tables"[^]
All those who believe in psycho kinesis, raise my hand.
Yes, for those reasons, plus performance in a loop: If you concatenate SQL strings to insert a million such rows the server has to prepare a million SQL statements, but by using a parameterized statement the server prepares the statement once and uses the cached execution plan a million times (at least in theory).
