I have a asp.net project where i have to get input from the user and insert it into date attribute in my database. but instead I have only 0000/00/00. I can't understand why.
the input comes from 3 text boxes. Than i concatenate them and pass it to the query. But something goes wrong. here is the code:
Bday = Month2.Text & "/" & Dates2.Text & "/" & years.Text
Dim StrQwery As String = "INSERT INTO account VALUES(accoint_id, '" & Bday &"')"
Dim smd As MySqlCommand = New MySqlCommand(stquery, myconn)
smd.ExecuteReader()
The same thing happens when I add time to the same string and want to pass it to the dateTime attribute. Can someone tell me what is wrong?
regTime = Month2.Text & "/" & Dates2.Text & "/" & years.Text & CStr(TimeValue(CStr(Now)))
Dim StrQwery As String = "INSERT INTO account VALUES(accoint_id, '" & regTime &"')"
Dim smd As MySqlCommand = New MySqlCommand(stquery, myconn)
smd.ExecuteReader()
MySQL's date-as-string format is yyyy-mm-hh and yyyy-mm-dd hh:mm:ss for datetime. If you insert anything else, like your xxxx/xx/xx, MySQl will not even TRY to guess what format it's in, and simply insert a 0000-00-00 to signal an invalid date.
This is not something you can change. Convert your dates to MySQL's standard format, or deal with the consequences.
Related
I'm trying to enter a date that's in a textbox into a column of datetime type
The code is as follows
txtbookissue_date.Text = DateTime.Now.Date
txtbookreturn_date.Text = DateAdd(DateInterval.Day, 7, DateTime.Now.Date)
When I Insert these two values into a database, (insert into book....) values such as 17-02-1984 show up in the database rather than, say, 26-2-2015.
I did a little research and found out that SQL interprets it as "26 minus 2 minus 2015" rather than as a date.
Printing Date(txtbookissue_date.Text) gives correct results, the only problem is saving it into the database.
The solution for this was apparently to enclose the date in single quotes, i.e '26-2-2015' rather than just 26-2-2015, Since I'm using a date function I decided to change
txtbookissue_date.Text = DateTime.Now.Date
to
txtbookissue_date.Text= "'"+DateTime.Now.Date+"'"
but It returns an error, something similar to 'cannot convert varchar type to date type, out of range exception'
How do I fix this? any help would be appreciated.
txtbookissue_date.Text = DateTime.Now.Date
txtbookreturn_date.Text = DateAdd(DateInterval.Day, 10, DateTime.Now.Date)
Protected Sub btn_issue_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btn_issue.Click
con.Open()
cmd.CommandText = "insert into Book (book_id, book_name, book_author,publisher,mem_id,mem_name,issue_date,return_date) values('" & txtbookissue_id.Text & "','" & txtibookssue_name.Text & "','" & txtbookissue_author.Text & "','" & txtbookissue_publi.Text & "','" & txtbookissue_memid.Text & "','" & txtbookissue_memname.Text & "'," & txtbookissue_date.Text & "," & txtbookreturn_date.Text & ")"
cmd.Connection = con
cmd.ExecuteNonQuery()
con.Close()
Response.Redirect("Welcome.aspx")
End Sub
you are inserting date as a text. I mean while you need to insert it '2015-02-26' you are trying to insert it with another format. In fact you should use parameters with your sql query. Your sql statement should be something like that
insert into Book (book_id, book_name, book_author,publisher,mem_id,mem_name,issue_date,return_date) values(#book_id, #book_name, #book_author,#publisher,#mem_id,#mem_name,#issue_date,#return_date)
Before executing query you should set parameters in command object.
cmd.Parameters.AddWithValue("#return_date", DateAdd(DateInterval.Day, 10, Date.Now.Date))
For more information about using parameters with access you can take a look here
First of all, I would highly suggest using Paramaters.
Second, since you want to format your date into a string that is not the default culture. I would suggest you use String.Format() or ToString() (examples).
Since your database most likely expects a datetime. You could parse the string back to a DateTime using DateTime.ParseExact. Look at this answer for a howto.
Let me know if this helps, if not you need to supply us with more info.
You are putting string in a DateTime column, please convert the values back to their original types before putting them in the database.
DateTime issueDate = DateTime.Parse(txtbookissue_date.Text);
DateTime returnDate = DateTime.Parse(txtbookreturn_date.Text);
I have an asp.net/vb.net web app that requires information to be put into a multiline text box. If the user hits enter while in the textbox it drops down to next line, and they can enter more data in. When it tries to go to the database it fails because of the way the data is represented. I need help with looping through the field and getting each value.
This is how the data is represented in the DataTable
0;0.123;0.234;0.345;...
I need each value between the ; character... so I was thinking something like this?
If dbRow.Item("PV").ToString.Contains(";") Then
For Each symbol As String In DBTable.Rows
'get data b/w the ';'
Next
End If
Any help would be greatly appreciated
Edit:
If dbRow.Item("PV").ToString.Contains(";") Then
For Each s As String In dbRow.Item("PV").ToString
Dim fields() As String = s.Split(";"c)
For Each value As String In fields
.Append("'" & CDbl(value) & "'," & "SysDate,1)")
DBCommand.CommandText = myInsertIntoProperty_DataStringBuilder.ToString
DBCommand.ExecuteNonQuery()
myInsertIntoPropertyStringBuilder = New StringBuilder
Next
Next
Else
.Append("'" & CDbl(dbRow.Item("PV")) & "'," & "SysDate,1)")
End If
You mean something like this?
Dim s As String In dbRow.Item("PV").ToString()
Dim fields() As String = s.Split(";"c)
For Each value As String In fields
' Do what you want with the value
Next
Then access each value with field(0), fields(1), etc. You can then convert it to the appropriate type, for example:
Dim value As Double = Double.Parse(fields(0), CultureInfo.InvariantCulture)
I have a code which checks the validity of user and then, if a user is valid it inserts certain values in the database.
My problem is when After I query my database to check if a user is valid and after that i try to pass the additional value to its account the flow stops when I invoke ExecuteReader() for the second time.
There is no error, or anything like that. I tried to substitute ExecuteReader() with ExecuteNoneQuery but still it's not working. I tried all the query in mysql command prompt they are working perfectly. I really can't understand what am I doing wrong there. Can anyone help me please?
Here is the code:
Try
myconn.Open()
Dim stquery As String = "SELECT * from accountstbl WHERE SE_ID = " & Id.Text
Dim smd = New MySqlCommand(stquery, myconn)
Dim myreader = smd.ExecuteReader()
If Not myreader.HasRows Then
errorUser.Visible = True
Else
myreader.Read()
Dim name As String = myreader.Item("user_name").ToString()
Dim stquery2 = "INSERT into backup VALUES (" & name & ", '" & Info & "')"
Dim smd2 = New MySqlCommand(stquery2, myconn)
Dim Myreader2 As MySqlDataReader
'smd.ExecuteNonQuery()'
'THE CODE STOPS HERE'
Myreader2 = smd2.ExecuteReader()
'Myreader2.Read()'
MsgBox("The BACKUP INFORMATION HAS BEEN SAVED")
End If
myconn.Close()
Catch ex As Exception
Dim ErrorMessage As String = "alert('" & ex.Message.ToString() & "');"
Page.ClientScript.RegisterStartupScript(Me.GetType(), "ErrorAlert", ErrorMessage, True)
myconn.Close()
End Try
Because your second query is an update, not a select, you need to execute it using the ExecuteNonQuery method. Your commented-out code shows an attempt to call ExecuteNonQuery but on the wrong command object (smd when it should be smd2). Try something like this instead:
myreader.Read()
Dim name As String = myreader.Item("user_name").ToString()
Dim stquery2 = "INSERT into backup VALUES (" & name & ", '" & Info & "')"
Dim smd2 = New MySqlCommand(stquery2, myconn)
smd2.ExecuteNonQuery()
The ExecuteNonQuery method returns the number of rows updated as an int value, so you can capture it if it's valuable to you. In your case it's probably not, but here's how you'd check anyway:
int rowsAdded = smd2.ExecuteNonQuery();
if (rowsAdded == 1) {
// expected this
} else {
// didn't expect this
}
Finally, concatenating strings to build SQL commands can leave you vulnerable to SQL Injection attacks. Please take a look at using parameterized queries. There's a decent example here.
If you want to execute nested Reader, you have to create another connection. You need somethig like
smd2 = New MySqlCommand(stquery2, myconn2)' myconn2 is another connection
OR
Set "MultipleActiveResultSets=True in your connection string.
Also, use ExecuteNonQuery() for Inserting
Dim name As String = myreader("user_name").ToString()
Dim stquery2 = "INSERT into backup VALUES ('" & name & "', '" & Info & "')"
Dim smd2 = New MySqlCommand(stquery2, myconn)
smd.ExecuteNonQuery()
Please use Parameterized query to avoid SQL Injection
The logic is that you need to close your first reader (myreader) before executing another reader (MyReader2) on the same connection.
I have a textbox and a button on a form.
I wish to run a query (in Vb.Net) that will produce a query with the IN Values.
Below is an example of my code
myConnection = New SqlConnection("Data Source=sqldb\;Initial Catalog=Rec;Integrated Security=True")
myConnection.Open()
myCommand = New SqlCommand("UPDATE dbo.Recordings SET Status = 0 where RecID in ('" & txtRecID.Text & "') ", myConnection)
ra = myCommand.ExecuteNonQuery()
myConnection.Close()
MsgBox("Done!", _
MsgBoxStyle.Information, "Done")
When I enter a single value it works but when I enter values with commas it throws an error:
"Conversion failed when converting the varchar value '1234,4567' to
data type int."
Could someone please help me to solve this or if there is an alternative way?
Many Thanks
Try removing the single-quotes you're wrapping the IN values in:
myCommand = New SqlCommand("UPDATE dbo.Recordings SET Status = 0 WHERE RecID IN (" & txtRecID.Text & ") ", myConnection)
If you were testing a STRING variable for multiple values, then those multiple values would need to be in quotes.
The reason your first attempt 'almost' worked was because you could also have generated your SqlCommand with each individual value in quotes.
I.E.
UPDATE dbo.Recordings SET Status = 0 where RecID IN ('1234', '5678')
In that case, T-SQL would have done an implicit conversion of each of the string values to INT,
which is what it was attempting to do when you gave it '1234, 5678' but that isn't decipherable as an INT.
I have a web application and on page is an update page to update some profile information. Below is the code I am using to update the table. But I think it is wrong. Does anything stick out? The connection string works cause it is used to read the database to get the profile information, I just removed it due to it containing password/login info for the db.
player is the class of properties that contains player information and ds is the dataset, but I would like to update the database itself online...
Dim connectionString As String = ""
Dim GigsterDBConnection As New System.Data.SqlClient.SqlConnection(connectionString)
GigsterDBConnection.Open()
Dim updatetoursql As String = "UPDATE PLAYERS SET FIRSTNAME = '" & player.FIRSTNAME & "', LASTNAME = '" & player.LASTNAME & "', ADDRESS = '" & player.ADDRESS & "', CITY = '" & player.CITY & "', ZIP = '" & player.ZIP & "', PHONE = '" & player.PHONE & "', EMAIL = '" & player.EMAIL & "', REFFEREDBY = '" & player.REFEREDBY & "' "
updatetoursql = updatetoursql & "PLAYERID = '" & player.PLAYERID & "';"
Dim cmd As New System.Data.SqlClient.SqlCommand(updatetoursql, GigsterDBConnection)
Dim sqlAdapter As New System.Data.SqlClient.SqlDataAdapter(cmd)
sqlAdapter.Update(ds, "PLAYERS")
I think the issue is something the 3 last lines of the code. am I doing it right or is their a better way?
Thanks
Well, apart from the glaring SQL injection issues waiting to bite you ..... (hint: use parametrized queries instead of concatenating together your SQL statement!!)
Dim cmd As New SqlCommand(updatetoursql, GigsterDBConnection)
Dim sqlAdapter As New SqlDataAdapter(cmd)
The problem here is: if you call the SqlDataAdapter constructor this way, what you're passing in is the select command (of the data adapter) - not the update command!
You need to do it this way:
Dim cmd As New SqlCommand(updatetoursql, GigsterDBConnection)
Dim sqlAdapter As New SqlDataAdapter()
sqlAdapter.UpdateCommand = cmd;
Now you've associated your UPDATE statement with the SqlDataAdapter.UpdateCommand and now it should work.
About the SQL injection: I'd strongly recommend using parametrized queries all the time - at least in production code. So instead of concatenating together your query, use this:
Dim updatetoursql As String =
"UPDATE PLAYERS SET FIRSTNAME = #FirstName, LASTNAME = #LastName, " &
"ADDRESS = #Address, CITY = #City, ZIP = #Zip, PHONE = #Phone " &
"EMAIL = #EMail, REFFEREDBY = #ReferredBy, PLAYERID = #PlayerID"
and then before you execute the command or the SqlDataAdapter.Update statement, set those parameters to the values you have. This is much safer and gives you less headaches and possibly even speed improvements (if that single Update query is only cached once in SQL Server memory).
Also, why go the long and complicated way of a SqlDataAdapter at all??
After you've created the SqlCommand and set all the parameters, just call cmd.ExecuteNonQuery(); and you're done!
Dim cmd As New SqlCommand(updatetoursql, GigsterDBConnection)
// set up the parameters here.....
cmd.Parameters.AddWithvalue("#FirstName", FirstName);
... etc.
// just call ExecuteNonQuery - and you're done!
cmd.ExecuteNonQuery();
The big thing that jumps up at me is how open to SQL Injection attacks this code is.
You should not build a SQL string in this manner, but use parameterized queries.
Other then that, you are constructing your adapter incorrectly, as the constructor will take the select command, not the update command. Create the command with the parameterless constructor then assign the command you have created to the UpdateCommand property.