将C＃字符串转换为与Oracle日期格式匹配的日期类型

Question

我正在尝试编写通过C＃/ ASP.NET程序执行的Oracle SQL查询，以将数据插入Oracle Db。 我在查找C＃方法时遇到问题，该方法将转换字符串（来自表单的用户输入，格式为11/11/2012）以匹配Oracle的日期数据类型。 我试图通过Convert.ToDateTime（object）方法进行转换，但没有成功。

这是我的代码：

<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace="System.Data.OleDb" %>
<script runat="server">

   void Page_Load(Object sender, EventArgs e) {

       //Get user's input form form fields
       var saleID = Convert.ToInt32(Request.Form["saleID_aspx"]);
       var custID = Convert.ToInt32(Request.Form["custID_aspx"]);
       var agentID = Convert.ToInt32(Request.Form["agentID_aspx"]);
       var saleDate = Convert.ToDateTime("11/11/2012"); //Originally Request.Form["saleDate_aspx"]
       var homeID = Convert.ToInt32(Request.Form["homeID_aspx"]);
       var actualAmount = Convert.ToInt32(Request.Form["actualAmount_aspx"]);
       var contractID = Convert.ToInt32(Request.Form["contractID_aspx"]);
       var valueCommand = "VALUES(" + saleID + "," + custID + "," + agentID + "," + saleDate + "," + contractID + "," + homeID + "," + actualAmount + ")";
      // Declaration section
      OleDbConnection objDBConn;
      OleDbCommand    objCmd;
      OleDbCommand objCmdSelect;
      OleDbDataReader objDR;

      // Set up OLE DB Connection object
      objDBConn = new OleDbConnection("Provider=*****1;" +
                                      "User ID=********;" +
                                      "Password=*******;" +
                                      "Data Source=****");


      // Open DB connection
      objDBConn.Open();

      // Create OleDbCommand object with SQL to execute
      objCmd = new OleDbCommand("INSERT INTO Sale (saleID, cust_ID, agent_ID, saleDate, contractID, homeID, actualamount)" +
            valueCommand, objDBConn);


      // Create a DataReader and execute the command
      objDR = objCmd.ExecuteReader();

      // Copy results from DataReader to DataGrid object
      gridCusts.DataSource = objDR;
      gridCusts.DataBind();

      // Close all objects
      objDR.Close();
      objCmd.Dispose();

      ////////////////////////////////////////////////////////////
      // Create OleDbCommand object with SQL to execute
      objCmdSelect = new OleDbCommand("SELECT * " +
                                "  FROM Sale " +
                                " ORDER BY saleID", objDBConn);

      // Create a DataReader and execute the command
      objDR = objCmdSelect.ExecuteReader();

      // Copy results from DataReader to DataGrid object
      gridCusts.DataSource = objDR;
      gridCusts.DataBind();

      // Close all objects
      objDR.Close();
      objCmdSelect.Dispose();
      /////////////////////////////////////////////////////////// 
      objDBConn.Close();        
   }

</script>
<html>
<head>
<title>CUSTOMERS table</title>
<link href="bootstrap/css/bootstrap.css" type="text/css" rel="stylesheet">
</head>
<body>
    <div id="container">
        <h2>Oracle SALES table contents via C#.NET and OLE DB</h2>
        <div style="margin:0 auto text-align:center;">
            <asp:DataGrid id="gridCusts" class='table' runat="server" />
        </div>
        <a href="index.html" target="_self" class="btn">Go Back</a>
    </div>
</body>
</html>

Answer 1

您可以简单地使用oracle函数to_date 。

var valueCommand = "VALUES(" + saleID + "," + custID + "," + agentID + ", 
    to_date('" + saleDate.ToString("MM/dd/yyyy") + "', 'mm/dd/yyyy')," + contractID + "," + homeID + "," + actualAmount + ")";

Answer 2

我已经在您的代码中看到许多导致程序失败的问题。

1. 硬编码的SQL字符串，导致类型转换，转义和SQL注入问题 。 如何：保护ASP.NET中的SQL注入
2. 命令方法的选择-何时使用ExecuteNonQuery，ExecuteScalar和ExecuteReader？ 调用ExecuteNonQuery()方法以执行SELECT以外的SQL语句。
3. 处置数据库资源的方式不正确。 使用using块。 （SO线程- 什么是C＃Using块，为什么要使用它？以及C＃-关闭Sql对象的最佳实践 。