Compare entered date and databse date

Question

0.00/5 (No votes)

See more:

In a booking form, i want to compare the entered date in the textbox(text mode is date) and all the dates in the database. So if there is an order already booked on that day, it will display already booked select another date otherwise it will carry on the form filling.(in vb.net-visual studio 2012)

What I have tried:

VB

Protected Sub tbdate_TextChanged(sender As Object, e As EventArgs) Handles tbdate.TextChanged

        Dim adaptor As New SqlDataAdapter
        Dim ds As New DataSet
        Try
            objConn.Open()
            Dim sqlcmd As New SqlCommand("select * from bookorder where=' " & tbdate.Text & "'", objConn)
            sqlcmd.ExecuteNonQuery()
            adaptor.SelectCommand = sqlcmd
            adaptor.Fill(ds)
            If ds.Tables(0).Rows.Count > 0 Then
                Label8.Visible = True
                Label8.Text = "Enter  different date"
            End If
            adaptor.Dispose()
            ds.Clear()

        Catch
            e.ToString()
        Finally
            objConn.Close()
        End Try
    End Sub
End Class

Posted 20-Mar-17 21:58pm

Member 13073181

Updated 20-Mar-17 22:49pm

Karthik_Mahalingam

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2017-03-20T22:20:00

Don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

In this case, it gets even worse, because not only can your user destroy your database just by typing, but it's very prone to errors as well, as the date format the SQL expects is quite likely to be different from what the user entered.

Convert the user input to a DateTime value using DateTime.TryParse (reporting errors to the user) and then pass that dateTime value to SQL via a parameterised query.
Be aware that you may need to CONVERT your database stored value to a DATE for comparison if it has a time component, as the equality comparison expects an exact match on the whole date and time value: 2017-03-21 00:00:00.000 is not the same as 2017-03-21 00:00:00.001 and will not match! CONVERTing it to a DATE strips out the time info so it matches.