Getting a date from a datetimepicker into mysql

Question

I have a datetimepicker in my app which end users will use to choose when an item will be deferred to.

If the user picks a date and hits confirm, the date should be dropped into the mysql record for this entry, but I cant seem to get VB to update the DATE value :(

I'm thinking its probably a formatting thing, but I'm not sure how to best overcome this.

He're the code behind the 'confirm' button.

  Private Sub ConfirmDefer_Click(sender As Object, e As EventArgs) Handles ConfirmDefer.Click

  Dim deferdate As Date = Format(nb_deferdatepicker.Value, "yyyy-MM-dd")
  updatesql("newbusiness_dataset", "action_date", deferdate, "id='" &       nb_prospectid.Text & "'")

  nb_defer_schedule.Visible = False
  nb_defer_schedule.Enabled = False

  End Sub

The 'UpdateSQL' bit is a function I use to simplify updating the db. Its output SQL command is as follows:

  UPDATE newbusiness_dataset SET action_date='20/02/2016' WHERE id='100001'

Any help appreciated! Thanks in advance

Answer 1

output SQL command is as follows:
UPDATE newbusiness_dataset SET action_date='20/02/2016' WHERE id='100001'

The way your function is updating is likely incorrect. Ticks are not all-purpose SQL variable delimiters. They are used to indicate text: so your method is converting the Date to string, and possibly the same for Id which are typically numeric. Similarly, this code:

Dim deferdate As Date = Format(nb_deferdatepicker.Value, "yyyy-MM-dd")

Using Option Strict On this will not compile. Format is a function returning a string, but the code is assigning the result to a DateTime var. There is simply no reason to try to format a DateTimePicker value, because it already is a date, and the MySQL NET data provider objects know how to pass a NET date to the db.

Given the resulting SQL, I also suspect you are using concatenation to glue bits of string together for the query. This is very dangerous and can lead to SQL injection attacks. It will also fail on names like Charles D'Artagnan or Pete's Plumbing.

SQL Parameters prevent this, allow you to pass typed data to the data provider and result in easy to read and maintain SQL. The general approach would be like this:

Dim rows As Int32
Dim SQL = "UPDATE Table_Name SET colA = @p1, colB = @p2, colC = @p3 WHERE Id = @p4"

Using dbcon As New MySqlConnection(connStr)
    Using cmd As New MySqlCommand(SQL, dbcon)

        cmd.Parameters.Add("@p1", MySqlDbType.String).Value = myFrm.TextBox1.Text
        cmd.Parameters.Add("@p2", MySqlDbType.Int32).Value = intVar
        cmd.Parameters.Add("@p3", MySqlDbType.DateTime).Value = DateTime.Now
        ' the where:
        cmd.Parameters.Add("@p4", MySqlDbType.Int32).Value = intVarA

        dbcon.Open()
        rows = cmd.ExecuteNonQuery()

    End Using
End Using

• The USING blocks dispose of the things which should be disposed of to free resources
• A new connection and command object are created, used and disposed of. Often helpers like to reuse these, but especially with the DBCommand object there is nothing reusable about them.
• Since ExecuteNonQuery will report how many rows are affected, rows captures that result.

The magic, such as it is, is here:

cmd.Parameters.Add("@p3", MySqlDbType.Date).Value = datetimeVar

Using parameters you can pass an actual DateTime variable instead of text. You can use myDateTimePicker.Value because the value is a DateTime.

• For a Date column, using MySqlDbType.Date the parameter will pass just the Date portion to the database.
• MySqlDbType.DateTime will save whatever portion of the DateTime the DB is setup to accept.

The same is true using MySqlDbType.Int32 for the Id: rather than converting to string, you can pass the correct data type.