Reputation: 1016
How to store DateTime of .net in sql server 2008 R2
I am new to .net and sql. I am trying to store the DateTime into database but i am getting exception as "Incorrect syntax near '11' " at 11:21:57 AM i run my code so, i am getting error at time. This is my code for storing into database. Below method will return a query.
public string InsertADData(string strdateLogin, string strdateLogout, string strName, string strUsername)
{
DateTime dateLogin = Convert.ToDateTime(strdateLogin);
DateTime dateLogout = Convert.ToDateTime(strdateLogout);
return string.Format(@"INSERT INTO ADTimeData (LoginDate, LogoutDate,name,username)
VALUES ({0},{1},'{2}','{3}')", dateLogin,
dateLogout,
strName.Replace("'", "''"),
strUsername.Replace("'", "''"));
}
This method is for insert the records into database. Here CheckDBConnection() will open sql connection.
public void InsertRecords(String strQuery)
{
CheckDBConnection();
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = _con;
cmd.CommandText = strQuery;
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
}
}
When i debug the code which i have written i am getting query i.e sqlQuery value Like this
INSERT INTO ADTimeData (LoginDate, LogoutDate,name,username)
VALUES (1/4/2013 11:21:57 AM,1/4/2013 11:21:57 AM,'raivnder','[email protected]')
But i am getting exception at
cmd.ExecuteNonQuery();
The exception is shown in below image.
Please help me.
Upvotes: 1
Views: 481
Answers (3)
Reputation: 551
public string InsertADData(string strdateLogin, string strdateLogout, string strName, string strUsername)
{
DateTime dateLogin = Convert.ToDateTime(strdateLogin);
DateTime dateLogout = Convert.ToDateTime(strdateLogout);
return string.Format(@"INSERT INTO ADTimeData (LoginDate, LogoutDate,name,username)
VALUES ('{0}','{1}','{2}','{3}')", dateLogin,
dateLogout,
strName.Replace("'", "''"),
strUsername.Replace("'", "''"));
}
Upvotes: -1
Reputation: 755421
By all means - use parametrized queries to avoid SQL injection attacks (and to speed up performance, too!):
public string InsertADData(string strdateLogin, string strdateLogout, string strName, string strUsername)
{
DateTime dateLogin = Convert.ToDateTime(strdateLogin);
DateTime dateLogout = Convert.ToDateTime(strdateLogout);
string query = @"INSERT INTO ADTimeData (LoginDate, LogoutDate,name,username)
VALUES (@LoginDate, @LogoutDate, @name, @username)";
using (SqlConnection conn = new SqlConnection(.....))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
cmd.Parameters.Add("@LoginDate", SqlDbType.DateTime).Value = dateLogin;
cmd.Parameters.Add("@LogoutDate", SqlDbType.DateTime).Value = dateLogout;
cmd.Parameters.Add("@Name", SqlDbType.VarChar, 50).Value = name;
cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 50).Value = username;
conn.Open();
cmd.ExecuteQuery();
conn.Close();
}
Never concatenate together your SQL statement with the values! This is a really really horribly bad practice - stop doing that. You should always use parametrized queries - no exception
Upvotes: 2
Reputation: 5843
In short: The issue is in datetime format that you are passing in insert statement.
It should be done through a parametrized query. Something similare to the following sample query:
SqlCommand cmd = new SqlCommand("INSERT INTO <table> (<column>) VALUES (@value)", connection);
cmd.Parameters.AddWithValue("@value", dateTimeVariable);
cmd.ExecuteNonQuery();
Upvotes: 2
Related Questions
- how to insert datetime into the SQL Database table?
- Saving Dates in SQLServer
- Store date and time in sql server 2012 using c#
- Datetime in SQL Server and C#
- datetime value in database
- SQL Server date store in c#
- How to insert datetime property from asp.net c# to a date column in sql server?
- DateTime in SQLServer and VB.net
- How to store datetime into sql database?
- Storing datetime in database?