C＃中的SQL更新语句的日期问题

Question

I have a Date field in a table that is displayed as Day-Month-Year Hour.Minute.Seconds and I am trying to update the HOUR field when there is the same Ertnumber and Date. I can get the field to update with the same Ertnumber but when I try to make sure the date is the same I get an error. I am having troubles making my DateTime format the same as sqls. I create the DateTime in c# by:

DateTime dateStamp = new DateTime(2013, 2, 14, 1, 0, 0);

Here is my update string.

String.Format("update sdeadmin.meter_data_fixed_network set HOUR{2} = {0} where ERTNUMBER = '{1}' and DATETIME = '{3}'", this.Read, this.ertNumber, this.Stamp.Hour, this.DateStamp.ToString("MMddyyyyHHmmss"));

Answer 1

尝试执行以下操作： SQL查询的Datetime参数您应该执行参数化查询，而不是String.Format（）

Answer 2

Parameterization of your query should resolve this issue; however, your problem is actually in two parts; you need to first build the query which references a column name that can change, HOUR+stamp.Hour, and the query parameters.

Therefore, something like the following should work for you:

string query = 
   String.Format("update sdeadmin.meter_data_fixed_network SET HOUR{0} = @read WHERE ERTNUMBER = @ertnumber AND DATETIME = @date;", this.Stamp.Hour);

This builds your basic query - you know have a parameterized query that will update the respective HOUR column of sdeadmin.meter_data_fixed_network . All that remains is create a connection object, a command object, and add the parameters to it before executing it.

For example:

//Create the connection
using(SqlDbConnection connection = new SqlDbConnection("your_connection_string"))
{
    //Create the Command
    using(SqlDbCommand command = new SqlDbCommand(query))
    {
      //Set up the properties of the command and the parameters
      command.CommandType = CommandType.Text;
      command.Connection = connection;
      command.Parameters.AddWithValue("@read", Read);
      command.Parameters.AddWithValue("@ertnumber", ertNumber);
      command.Parameters.AddWithValue("@date", DateStamp);
      //Have to open the connection before we do anything with it
      connection.Open();
      //Execute the command. As we don't need any results back we use ExecuteNonQuery   
      command.ExecuteNonQuery();

    }
}//At this point, connection will be closed and disposed - you've cleaned up

There are several advantages to parameterizing your query:

1. You can help prevent sql injection attacks
2. Many database engines can reuse execution plans for parameterized queries, improving performance

@JeffAtwood wrote on this subject a few years ago: http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html

Also note the use of the USING statement. This will ensure that the connection and command objects are disposed as soon as you leave the scope of the respective usings. This is important as, although .Net will manage the resources it has control over, it cannot manage external resources like file handles, database connections etc, so it's important you clean up after yourself. The Dispose for Connection will also explicitly close it.

Answer 3

(Assuming you mean SQL Server): The best date format to use with SQL Server is ISO 8601:

yyyyMMdd HHmmss.

HOWEVER, writing your SQL with String.Format is a terrible practice. Use System.Data.SQLClient.SQLCommand with parameters and the format won't bother you.

DateTime dateStamp = new DateTime(2013, 2, 14, 1, 0, 0);

System.Data.SQLClient.SQLConnection cxn; // make sure to set this up and open it

System.Data.SQLClient.SQLCommand cmd = new System.Data.SQLClient.SQLCommand(
     String.Format("update sdeadmin.meter_data_fixed_network set HOUR{0} = @value where ERTNUMBER = @ert and DATETIME = @date", this.Stamp.Hour)
     ,cxn );

cmd.Parameters.Add(new SqlParameter("@value", this.Read);
cmd.Parameters.Add(new SqlParameter("@ert", this.ertNumber);
cmd.Parameters.Add(new SqlParameter("@date", this.Stamp);
cmd.ExecuteNonQuery();