堆栈内存溢出
  简体   繁体   English

DateTime.Now成smalldatetime吗?

[英]DateTime.Now into smalldatetime?

 原文  2012-08-06 13:16:31       c#/ sql-server-2008/ ado.net

问题描述

Im trying to get the date and the time using C# , and then insert it into a smalldatetime data type in SQL SERVER. 我试图使用C#获取日期和时间,然后将其插入SQL SERVER中的smalldatetime数据类型。

This is how I try to do it : 这就是我尝试做到的方式: 

DateTime date = DateTime.Now;

        sql = "INSERT INTO YTOODLE_LINKS (YTOODLE_LINKS.TASK_ID,YTOODLE_LINKS.LINK_TITLE,YTOODLE_LINKS.LINK_DESC,YTOODLE_LINKS.LINK_PATH,YTOODLE_LINKS.USER_ID,YTOODLE_LINKS.LAST_USER_EDIT)VALUES (1,'','','',2,'1',"+ date +")";

        dataObj = new DataObj();
        dataObj.InsertCommand(sql);


  connection = new SqlConnection(conn);
        connection.Open();

        cmd = new SqlCommand(sql, connection);
        cmd.ExecuteNonQuery();
        connection.Close();

and then then it gives me : "Incorrect syntax near '16'." 然后它给我:“'16'附近的语法不正确。” I guess it refers to my current time , which is 16:15 right now.. 我想这是指我现在的时间,即现在的16:15。

2 个解决方案

解决方案1
 3 已采纳  2012-08-06 13:19:25

I would suggest using parameters. 我建议使用参数。 cmd.Parameters.AddWithValue("@date", date.toString); The AddWithField will take care of the proper conversion. AddWithField将负责正确的转换。

Your InsertSQL statment becomes: 您的InsertSQL语句变为: 

sql = "INSERT INTO YTOODLE_LINKS (YTOODLE_LINKS.TASK_ID,YTOODLE_LINKS.LINK_TITLE,YTOODLE_LINKS.LINK_DESC,YTOODLE_LINKS.LINK_PATH,YTOODLE_LINKS.USER_ID,YTOODLE_LINKS.LAST_USER_EDIT)VALUES (1,'','','',2,'1',@date)";

解决方案2
 1  2012-08-06 13:25:32

It doesn't work for 2 reasons: 它不起作用有两个原因:

  1. Your date parameter needs to call date.ToString() 您的date参数需要调用date.ToString()

  2. You must add single quotes before and after the date string is inserted in your inline query as so: 您必须在插入日期查询中的日期字符串前后添加单引号,如下所示: 

     sql = "INSERT INTO YTOODLE_LINKS (YTOODLE_LINKS.TASK_ID,YTOODLE_LINKS.LINK_TITLE,YTOODLE_LINKS.LINK_DESC, YTOODLE_LINKS.LINK_PATH,YTOODLE_LINKS.USER_ID,YTOODLE_LINKS.LAST_USER_EDIT) VALUES (1,'','','',2,'1','"+ date +"')";

But the above strategy is not good because it exposes you to SQL Injection attacks by concatenating strings the way you are doing it and also because you have to worry about adding single quotes, etc., etc. 但是上述策略不是很好,因为它通过将字符串连接起来使您暴露于SQL Injection攻击,并且还因为您担心添加单引号等问题。

A better approach is to use parameters as so: 更好的方法是这样使用参数: 

sql = "INSERT INTO YTOODLE_LINKS (YTOODLE_LINKS.TASK_ID,YTOODLE_LINKS.LINK_TITLE,YTOODLE_LINKS.LINK_DESC,
    YTOODLE_LINKS.LINK_PATH,YTOODLE_LINKS.USER_ID,YTOODLE_LINKS.LAST_USER_EDIT)
    VALUES (@First,@Second,@Third,@Fourth,@Fifth,@Sixth,@YourDate)";

cmd.Parameters.AddWithValue("@First", 1);
// ... and so on
cmd.Parameters.AddWithValue("@YourDate", date);

Now you don't have to worry about sql injection attacks or adding single quotes to some parameters depending on the data type, etc. It's all transparent to you, you are safer and the database engine will be able to optimize the execution plan for your query. 现在,您不必担心sql注入攻击或根据数据类型等在某些参数中添加单引号等。这对您完全透明,您更加安全,数据库引擎将能够优化您的执行计划查询。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 格式化DateTime.Now - Format DateTime.Now DateTime.Now和NullReferenceException - DateTime.Now and NullReferenceException 解析“DateTime.Now”? - Parsing “DateTime.Now”? DateTime.Now to mysql datetime - DateTime.Now to mysql datetime 将DateTime.Now转换为秒 - Convert DateTime.Now to Seconds DateTime.Now在类构造函数中 - DateTime.Now in class constructor 服务器上的DateTime.Now问题 - Problem with DateTime.Now on Server DateTime.Now作为文件名 - DateTime.Now as file name 带有DateTime.Now的自定义代码段 - Custom Snippet with DateTime.Now 优化DateTime.Now的替代方案 - Optimizing alternatives to DateTime.Now
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM