Click here to Skip to main content
15,878,677 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hello,
this is my materiel table :
Materiel(serviceTag varchar(20),
periodeLeasing int,
periodeGarantie int,
idMarque int,
idTypeMateriel int,
idSerieMateriel int,
idEmplacement int,
reparation char(3),
idEntite int,
dateDGarantie dateTime,
dateFGarantie dateTime);

I want to insert a new record using this query
C#
con.charger("insert into Materiel(serviceTag, periodeLeasing, periodeGarantie, idMarque, idTypeMateriel, idSerieMateriel, " +
               "idEmplacement, reparation, idEntite, dateDGarantie, dateFGarantie) values ('" + txtServiceTag.Text + "', " + txtPeriodeL.Text + ", " + txtPeriodeG.Text + ", "
           + (cmbMarque.SelectedIndex + 1) + "," + cmbDesignation.SelectedIndex + "," + idSerieMat + ", NULL, NULL, " +
           cmbEntite.SelectedIndex + ",'" + Convert.ToDateTime(txtDateD.Text) + "','" + Convert.ToDateTime(txtDateF.Text) + "')", false);


the con is a classe called Connexion, that's where im calling my datasource and datatables / sets / Adapters.

For the asp code, I have a textBox (dateDG and dateFG) with an ajax calendar extender, this is my code
ASP.NET
<asp:TextBox ID="txtDateD" runat="server" CssClass="TextBox" Height="25px" AutoPostBack="true"
                      Width="162px" ontextchanged="txtDateD_TextChanged"></asp:TextBox>
                  <asp:CalendarExtender ID="txtDateD_CalendarExtender" runat="server"
                      Enabled="True" TargetControlID="txtDateD" Format="dd/MM/yyyy ">
                  </asp:CalendarExtender>


When I debug, the query seems to be correct here's an example
SQL
insert into Materiel(serviceTag, periodeLeasing, periodeGarantie, idMarque, idTypeMateriel, idSerieMateriel, idEmplacement, reparation, idEntite, dateDGarantie, dateFGarantie) values ('ER65', 12, 12, 1,12,53, NULL, NULL, 3,'08/07/2014 00:00:00','08/07/2015 00:00:00')

but still gives me the same error "The conversion of a varchar data type to a datetime data type resulted in an out-of-range value." Please I need your help
Posted
Comments
glen205 10-Jul-14 9:40am    
When I write insert statements to SQL server, I always use the ISO date format: yyyy-MM-dd hh:mm:ss.

Reformatting your dates to ISO instead of the format you've listed might help. The format you're using is also ambiguous as 08/07 could mean "8th July" or "7th August" depending on where in the world you are.

Best recommendation:
move to a parameterised query - your current code is very susceptible to a SQL injection attack.
Member 10889990 10-Jul-14 10:03am    
Thank you I changed the date format and it worked, and also I used the parametrised query
Member 10889990 10-Jul-14 10:19am    
@10889990 I am inserting into two different tables. How can I do that ?

How many times am I going to say this today? :sigh:

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

In this case, convert the string to a DateTime in your C# code and report any problems to the user at that point - you have access to the user preferred input format at that point, with SQL doesn't.
You can then pass the DateTime value as a parameter - i.e. still as a DateTime, not a string - to SQL and it doesn't need to do any conversions on it - so there is no SQL error to generate.

Passing strings is dangerous, and prone to this kind of error as well because SQL doesn;t know what format the date is supposed to be:
31/12/11
Is that the end of December? Or 1931? You can tell because you can use the user format - but SQL is on a different computer and doesn't have access. So it "guesses" and frequently gets it wrong.
 
Share this answer
 
Comments
Member 10889990 10-Jul-14 10:03am    
okay Thank you I changed the query and it worked thank you
glen205 10-Jul-14 10:35am    
Nuts - I mentioned ambiguous formats, SQL Injection and Parameterised queries .... and posted a comment instead of a solution. D'oh!
I am inserting into two different tables. I tired this one and it worked. My question is is it correct ???

C#
using (SqlConnection conn = new SqlConnection("data source=.; initial catalog = AxaStock; integrated security = true")) 
            using (SqlCommand cmd = new SqlCommand())
            using (SqlCommand cmd1 = new SqlCommand())
        { 
             cmd.Connection = conn;
             cmd1.Connection = conn;
             cmd1.CommandType = CommandType.Text;
              cmd.CommandType = CommandType.Text;
              cmd.CommandText = @"INSERT INTO Materiel VALUES (@ST, @PL, @PG, @M, @T, @S, @E, @R, @En, @DD, @DF)";  
    
              cmd.Parameters.AddWithValue("@ST", txtServiceTag.Text);  
              cmd.Parameters.AddWithValue("@PL", int.Parse(txtPeriodeL.Text));  
                cmd.Parameters.AddWithValue("@PG", int.Parse(txtPeriodeG.Text));  
                cmd.Parameters.AddWithValue("@M", (cmbMarque.SelectedIndex)+1);  
                cmd.Parameters.AddWithValue("@T", cmbDesignation.SelectedIndex);  
                cmd.Parameters.AddWithValue("@S", idSerieMat);  
                cmd.Parameters.AddWithValue("@E", DBNull.Value);  
                cmd.Parameters.AddWithValue("@R", DBNull.Value);  
                cmd.Parameters.AddWithValue("@EN", (cmbEntite.SelectedIndex+1));  
                cmd.Parameters.AddWithValue("@DD", DateTime.Parse(txtDateD.Text));  
                cmd.Parameters.AddWithValue("@DF", DateTime.Parse(txtDateF.Text));
                cmd1.CommandText = @"INSERT INTO Stocker values(@MG, @ST)";
                cmd1.Parameters.AddWithValue("@MG", 2);
                cmd1.Parameters.AddWithValue("@ST", txtServiceTag.Text);
             try
             {
                 conn.Open();
                 cmd.ExecuteNonQuery();
                 cmd1.ExecuteNonQuery();
                 conn.Close();
               }
              catch(SqlException r)
              {
                  throw r;
      
             }
}
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900