Error Conversion failed when converting date and/or time from character string.

Question

1.00/5 (2 votes)

See more:

This is my payment.aspx.cs file

C#

public partial class Categories_Payment : System.Web.UI.Page
{

    DataTable dt;

    SignIn sgn = new SignIn();
    UserADO ado = new UserADO();
    Utility utils = new Utility();
    protected void Page_Load(object sender, EventArgs e)
    {

        if (!IsPostBack)
        {

            txtcurrentdate.Text = DateTime.Now.ToShortDateString();
            txtcurrentdate.Enabled = false;

            dt = new DataTable();
            dt = (DataTable)Session["addtocart"];

            GridView1.DataSource = dt;
            GridView1.DataBind();
            Session["addtocart"] = dt;
            Txtdate.Enabled = false;

            DropDownList1.Items.Insert(0, "--Select--");
            DropDownList1.Items.Insert(1, "Master Card");
            DropDownList1.Items.Insert(2, "Credit Card");
            DropDownList1.Items.Insert(3, "Debit Card");

        }
    }
    protected void Calendar1_SelectionChanged(object sender, EventArgs e)
    {
        if (Calendar1.SelectedDate > DateTime.Now)
        {
            Txtdate.Enabled = true;
            Txtdate.Text = Calendar1.SelectedDate.ToLongDateString();
        }
        else
        {
            Txtdate.Text = "";
        }
    }
    protected void Calendar1_DayRender(object sender, DayRenderEventArgs e)
    {
        if (e.Day.Date < DateTime.Now.Date)
        {
            e.Cell.Enabled = false;
            e.Cell.BackColor = Color.White;
        }
    }
       protected void Btn_checkout_Click(object sender, EventArgs e)
    {
        dt = new DataTable();
        dt = (DataTable)Session["addtocart"];
        string str = Session["UID"].ToString();
        //string adrress = Session["shippingaddress"].ToString();
        if (Txtcardnumber.Text.Length == 15)
        {
            lblMessage.Text = "<font color="red">Please enter your 16 digit card number.</font>";
            return;
        }
        if (Txtpwd.Text.Length == 3)
        {
            lblMessage.Text = "<font color="red">Please enter 4 digit Password.</font>";
            return;
        }

        string dates;
        dates = txtcurrentdate.Text;
        string QueryOrder = "insert into order_detail values ('" + str + "','" + dates + "') select scope_identity()";

        string oid = ado.ExecuteScalerByQuery(QueryOrder);

        string dp;
        dp = Txtdate.Text;
        
        string QueryPayment = "insert into paymentdetail values('" + str + "','" + oid + "','" + DropDownList1.SelectedValue + "','" + Txtcardnumber.Text + "','" + dp + "')";
        ado.InsertUpdateByQuery(QueryPayment);
        //string QueryShipping = "insert into shippingdetail values('" + oid + "','" + adrress + "')";
        //ado.InsertUpdateByQuery(QueryShipping);
        Session["billnum"] = oid.ToString();
        Session["paymentmode"] = DropDownList1.SelectedItem.Text;
        Session["cardnumber"] = Txtcardnumber.Text;
        Session["xpirydate"] = Txtdate.Text;
        Session["currentdate"] = txtcurrentdate.Text;

        string ODetail = "";
        foreach (DataRow dr in dt.Rows)
        {
            ODetail = "insert into oderdetail values('" + oid + "','" + dr["Tilte"].ToString() + "','" + Convert.ToInt32(dr["Qty"]) + "','" + Convert.ToDouble(dr["total"]) + "')";
            ado.InsertUpdateByQuery(ODetail);
        }
             
        Response.Redirect("billgeneration.aspx");
    }
}

This error occurs when i run

C#

Server Error in '/ebook1' Application.

Conversion failed when converting date and/or time from character string.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.Data.SqlClient.SqlException: Conversion failed when converting date and/or time from character string.

Source Error:


Line 148:        _command.CommandType = CommandType.Text;
Line 149:        _command.CommandText = strQry;
Line 150:        int i = _command.ExecuteNonQuery();
Line 151:        CloseConnection();
Line 152:        return i;


Source File: g:\ebook1\App_Code\DL\UserADO.cs    Line: 150

Posted 6-May-13 19:38pm

sarita shinde

Updated 6-May-13 19:39pm

Tadit Dash (ତଡିତ୍ କୁମାର ଦାଶ)

v2

Add a Solution

Comments

Bernhard Hiller 7-May-13 2:29am

You'll find "laks" of hints that you ought use parameterized queries instead of simple string concatenations.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2013-05-06T21:40:00

You don't show us the line that generates the error, you don't indicate which SQL statement it relates to. This doesn't help.

But it's pretty clear what the problem is likely to be: you are sending user input text directly to SQL and expecting it to process it as a date field.
There are a number of things wrong with your approach:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Even if the user types it correctly, he will type the date in a format which makes sense to him (and possibly to the PC he is working on) - that does not mean that it is in a "sensible" or even "readable" format for SQL, which is likely to be on a different PC which may be configured for a different locale.

So: you need to do two things.
Firstly, you need to do a check-and-convert of the user input from a string to a DateTime - use DateTime.TryParse and report any problems to the user instead of continuing. If you can't understand the user input, SQL server has no chance whatsoever. Do a bunch of checks at the top, report specific problems and do not even try to do the rest of the method until teh user has fixed the problems.

Secondly, replace all you string concatenations with parametrized queries, and pass the values though processed into the correct datatypes for the SQL fields. So if a field is a DateTime, pass a DateTime as a parameter. If it is an integer, pass and integer.

It would also be worth your looking at changing your user interface - textboxes are not a "friendly" way to get a user to input a date for example. A DateTimePicker is a lot better, as well as providing a DateTime value directly which can never be invalid.