DateTime格式转换为SQL Server
[英]DateTime format into SQL Server
问题描述
I am trying to insert into a SQL Server database using a C# application. 
我正在尝试使用C#应用程序插入SQL Server数据库中。
In C# I am using datetime.now to get the current datetime: 在C#中,我使用datetime.now来获取当前日期时间:
order.PendingDateTime = DateTime.Now;
This gives me 25/07/2014 11:30:17 . 这给了我25/07/2014 11:30:17 。
In the SQL Server table the datatype is datetime . 在SQL Server表中,数据类型为datetime 。 Which holds the data as 2014-07-23 14:54:01.607 for example. 例如,其中保存的数据为2014-07-23 14:54:01.607 。
However running the value 25/07/2014 11:30:17 using a normal insert script it inserts into the SQL Server table fine but displays in the table as 2014-07-25 11:30:17 . 但是,使用普通的插入脚本运行值25/07/2014 11:30:17可以将其插入SQL Server表中,但在表中显示为2014-07-25 11:30:17 。 (This is ok) (还行吧)
However when I use SqlConnection 但是当我使用SqlConnection
using (con)
{
con.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandText = @sql;
cmd.ExecuteScalar();
}
}
It fails, it says 它失败了,它说
The conversion of a varchar data type to a datetime data type resulted in an out-of-range value.
I think this is because Visual Studio 2010 and SQL Server uses a different datetime format to each other. 我认为这是因为Visual Studio 2010和SQL Server使用彼此不同的日期时间格式。
How do I fix this? 我该如何解决?
Current Code: 当前代码:
string sql = "INSERT INTO Order ([LedgerNumber], [OrderNumber], [OrderDate], [PendingDateTime], [EmailAddress]) VALUES (1, '" + rec.OrderNumber + "', CONVERT(datetime, '" + rec.OrderDate + "', 120), CONVERT(datetime, '" + rec.PendingDateTime + "', 120), '" + rec.EmailAddress + "')";
try
{
SqlConnection con2 = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["OrderContext"].ConnectionString);
using (con2)
{con2.Open();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con2;
cmd.CommandText = @sql;
cmd.Parameters.AddWithValue("rec.PendingDateTime", DateTime.Now);
cmd.Parameters.AddWithValue("rec.OrderDate", rec.OrderDate);
cmd.ExecuteScalar();
}
1 个解决方案
解决方案1
4 已采纳 2014-07-25 10:52:54
Always use sql-parameters instead of string-concatenation. 始终使用sql-parameters而不是字符串连接。 It prevents you from such issues and - more important - from sql-injection: 它可以防止出现此类问题,更重要的是,可以防止sql-injection:
string sql = @"INSERT INTO Order ([LedgerNumber], [OrderNumber], [OrderDate], [PendingDateTime], [EmailAddress])
VALUES (1, @OrderNumber, @OrderDate, @PendingDateTime, @EmailAddress)";
using (var con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["OrderContext"].ConnectionString))
using (SqlCommand cmd = new SqlCommand(sql, con))
{
cmd.Parameters.AddWithValue("@OrderNumber", rec.OrderNumber);
cmd.Parameters.AddWithValue("@OrderDate", rec.OrderDate);
cmd.Parameters.AddWithValue("@PendingDateTime", rec.PendingDateTime);
cmd.Parameters.AddWithValue("@EmailAddress", rec.EmailAddress);
con.Open();
cmd.ExecuteNonQuery();
}
You: " if I wasn't using datetime.now and get a datetime from a value entered by user. Say '24/07/2014 10:30' how do I use the AddWithValue to achieve this? " 您:“ 如果我不使用datetime.now并从用户输入的值中获取日期时间。请说'24 / 07/2014 10:30'我如何使用AddWithValue实现此目的? ”
You have to parse the input to DateTime first. 您必须首先将输入解析为DateTime 。 Therefore use DateTime.Parse or DateTime.TryParse , DateTime.ParseExact or DateTime.TryParseExact . 因此,请使用DateTime.Parse或DateTime.TryParse , DateTime.ParseExact或DateTime.TryParseExact 。 The TryParse -methods enable you to check if the input is a valid DateTime . TryParse方法使您可以检查输入是否为有效的DateTime 。
For example: 例如:
DateTime pendingDateTime;
if(!DateTime.TryParse(TxtPendingDateTime.Text, out pendingDateTime))
{
MessageBox.Show("Please enter a valid Pending-Date in the format: yourformat");
return;
}
// here you can go on with the code above
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.