I would take a look at the value of the
(assuming it is a string
) and see if there has a single quote in it. If so, you need to escape it by replacing it with two single quotes. On the other hand, if it is an enum
variable, then you should use the ToString() function to get its value. Next, look at the
. If this is a DateTime object, then you will need to use one of the ToString() functions (possibly with the necessary format string) to get the value.
is a datetime
datatype, then you may need to do your comparison filter by converting it to a date
datatype to ignore the time element:
"...AND CONVERT([date], SalesDate) = CONVERT([date], '" + Date + "')"
Having said this, it is worth noting that sql queries like this are subject to sql injection attacks. Using parameters is a better method.