|
I have a table in MS SQL Server database like this;
ID int PK
User_ID int
Discussion_ID int
Message text
Date datetime
I want to execute this query in my source code;
DateTime currentTime = System.DateTime.Now;
sql = "INSERT INTO TBL_POSTS(User_ID, Discussion_ID, Message, Date) VALUES('";
sql += User.Identity.Name + "','";
sql += discussionId + "','";
sql += message + "','";
sql += "#" + currentTime + "#')";
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
ERROR: Conversion failed when converting datetime from character string.
How can I add DateTime field to databse.
|
|
|
|
|
I am not sure where the # comes from, that's not correct syntax ?
Is message in some way parsed to stop people using your form from using an injection attack to erase your database ?
your best option is to use a parameterised query or stored proc, and just passng the date through as a date.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
Christian Graus wrote: I am not sure where the # comes from, that's not correct syntax ?
That's the syntax used with an MS Access database.
---
"Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're thirty-five is against the natural order of things."
-- Douglas Adams
|
|
|
|
|
dataminers wrote: sql += message + "','";
sql += "#" + currentTime + "#')";
SQL Injection Attack Heaven... There are hackers out there who are just wetting themselves in anticipation of that code to going live so they can compromise your system.
Tips on how to prevent SQL Injection Attack[^] - And it will solve your data conversion problem too!
|
|
|
|
|
An Access database uses # around a date literal, MS SQL uses apostrophes. No database (to my knowledge) uses both.
For an Access database, the correct syntax would be:
...<br />
sql += message + "',#";<br />
sql += currentTime + "#)";
For an MS SQL database, the correct syntax is:
...<br />
sql += message + "','";<br />
sql += currentTime + "')";
However, I fully agree with the other posters that you should use a parameterised query. It both solves problem with date formats and the problem with SQL injection vonurability that you get when putting the values in the query without encoding them properly.
---
"Anything that is in the world when you're born is normal and ordinary and is just a natural part of the way the world works. Anything that's invented between when you're fifteen and thirty-five is new and exciting and revolutionary and you can probably get a career in it. Anything invented after you're thirty-five is against the natural order of things."
-- Douglas Adams
|
|
|
|
|
how do i get data from the database
-- modified at 5:28 Wednesday 24th October, 2007
alok2171
|
|
|
|
|
alok2171 wrote: how do i get data from the database into the drop down box.
Use ADO.NET[^].
Also consider reading rule 2 of the forum guidelines.
Paul Marfleet
|
|
|
|
|
hi friends i am using property grid in my programming and there is no event for the background image change actually i need to store the path of the image as there is no event so its creating a problem
if anyone knows this plz tell me
regards
sindhu tiwari
its me sid
|
|
|
|
|
No event, or no property ?
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
sir there is a property but no event associated with it ..
my aim is to store the address of the image file when the background image is changed.
if u have any idea abt how to find the image address(physical path) of a picture
box's background image which is added dynamically using a property grid not by a
openfile dialog
plz tell me
its me sid
|
|
|
|
|
OK, then create a class that derives from this control, override the property, and add an event.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
Hi,
I have created window application, now I want to use that window application in my Web application. So how it possible ?
I have get idea that I have to add tag in WebPage named as Object. In that I can assign that window application.
Any idea ??
Thanks,
Sun Rays
|
|
|
|
|
You can embedd a control in your web site, but it means your clients need to download your code and have .NET installed. There's info on MSDN, but I don't know of many people who do it.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
I've tried this once, there are *lots* of security issues you'd have to resolve on each client, depending on what the applications does - network, IO ,alotothersstuff...
if you just want to start the app from the browser look at clickonce deployment. clickclick done
If it' stuck, DO NOT pull harder!
|
|
|
|
|
Of course you could just write another UI layer for the web for your application, because of course all your business logic is separated out of the presentation layer....
|
|
|
|
|
hi,
i have two textboxes form1 and form2
in form1 and form2 i have two textboxes....
what ever i enter in textbox in form2 should be updated into textbox in form2...
i dont want to use delegates....
i have an idea ie....whatever is in textbox in form2 has to be called in form1...for that i need to create an object...but where and how and how to make it display....
can anybody give me the structure of the code in both the forms so taht i can try with that.......
thanking you
C#
|
|
|
|
|
|
kabutar wrote: i dont want to use delegates....
Why not ? Delegates are the best way to do this, why are you setting out to write bad code ?
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
yes Christian i understand that but i want to try it this way also.....
just for once so that i know how exactly it works.....
just curious may be......
thanks in advance for your repeated help...
C#
|
|
|
|
|
Is the form1 parent of form2 ?
Koushik
|
|
|
|
|
yes Koushik .....
form1 is the parent form and form2 is the child form....
when we click on a button in form1 the form2 will pop up.....
thanks in advance...
C#
|
|
|
|
|
f you want to write nasty code, you can pass a reference to form1 in to form2. Again, why won't you use a delegate ?
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
its something like this Christian....
i wrote it with delegates but i was not very clear withy certain things in the code or how they work.....because i got the code form google...
so i wanted to try it again with and without trying delegates....
since u r insisting so much that its a bad practise i think i should stick with delegates and not waste my time the other way round...
thanks Chris..
C#
|
|
|
|
|
kabutar wrote: because i got the code form google...
OK - in that case, I recommend you bookmark the MSDN site. If you find code that works for you via google, then you should read MSDN to learn how the various parts of that code work. Any source of info will do, but MSDN will give you exact definitions of the classes and methods you see being used.
Delegates can be a little confusng at first, but once you get the hang of them, you'll find they are very useful.
Christian Graus - Microsoft MVP - C++
"also I don't think "TranslateOneToTwoBillionOneHundredAndFortySevenMillionFourHundredAndEightyThreeThousandSixHundredAndFortySeven()" is a very good choice for a function name" - SpacixOne ( offering help to someone who really needed it )
|
|
|
|
|
kabutar wrote: i wrote it with delegates but i was not very clear withy certain things in the code or how they work.....because i got the code form google...
You should not use a code that is not fully understood. Check this example and try you can make it. I presume you created two forms say Form1 and Form2. You are going to declare delegate on Form2 as public. See the below code
public delegate void InformParent();
public InformParent ParentDelegate;
ParentDelegate is an object for InformParent delegate. In this sample I have not passed any parameters. You can pass whatever values you want. Now check the below code to see how this can be invoked.
Form2 frm = new Form2();
frm.ParentDelegate = new WindowsApplication1.Form2.InformParent(this.InformParent);
frm.Show();
In this InformParent() is a private method for Form1. See below
private void InformParent()
{
}
When delegate is invoked, this function will be called. When you want to inform the changes to Form1 from Form2, call ParentDelegate() , which will call method in Form1.
Hope this makes it clear
|
|
|
|