问题
string date=
DateTime.Now.ToString("d.M.yyyy",System.Globalization.DateTimeFormatInfo.InvariantInfo);
String MyString = @"UPDATE cas SET Odhod= '" + label1.Text + "'
WHERE sifra = " + textBox1.Text + " and Datum = "+date+"";
When I do thise update without Datum it works, but with Datum doesn't work. I'm connected to accesss database, and Datum field type in table is date/time Guys please help.
Hire is the program: https://www.dropbox.com/s/hx4zduvul8mh2uy/8.4.zip
Pictre of problem: http://img43.imageshack.us/img43/5189/errorbh.jpg
回答1:
As usual, using string concatenation brings in a lot of trouble.
(Sql Injection, Parsing problems)
Just use parametrized queries
string MyString = @"UPDATE cas SET Odhod= ? WHERE sifra = ? and Datum = ?";
using(OleDbConnection cn = new OleDbConnection(connectionstring))
using(OleDbCommand cmd = new OleDbCommand(MyString, cn)
{
cn.Open();
cmd.Parameters.AddWithValue("@p1", label1.Text);
cmd.Parameters.AddWithValue("@p2", textbox.Text);
cmd.Parameters.AddWithValue("@p3", Convert.ToDate(date));
cmd.ExecuteNonQuery();
}
Of course, the Date value stored in the Datum field should be exactly like the date passed in parameter @p3. Sometime it is good to add also the time value to your date
string date= DateTime.Now.ToString("d.M.yyyy 00:00:00", ......);
回答2:
It is likely that the value in your Datum column doesn't match your date value. What are the values of your Datum column? Is there some time associated with it (EG: 1:32pm)?
There are also a couple of other issues with this update statement. You should be either using an ORM or parameterized queries in order to avoid SQL injection.
回答3:
You can use parameter approach. In that case, you will be able to define the field type before you run the query.
回答4:
The reason is the way Microsoft Access actually reads the DateTime a particular way. When you utilized concatenation it can introduce problems.
Access can only store Date / Time in these manners:
- Valid Date: -657, 434 (January 1, 100 A.D.) to 2,958,465 (December 31, 9999 A.D.)
- Valid Time: .0 (00:00:00) to .99999 (23:59:59)
It can be formatted in the following way:
- Stored Value (Double Number) = Default Format (General Date) = Custom Format
- 36296.0 = 5/15/99 = 05/15/1999 12:00:00 AM
So you'll have to keep in mind the limitations of Microsoft Access; because SQL does read the dates slightly differently and can store them slightly different. The slightest break in context can deeply affect the outcome.
The easiest approach would be to Query based on Parameters. That way you don't concatenate invalid syntax for Access possibly. This will alleviate some of the issues.
Natively access utilizes these functions:
Add an associated date to the time comparison:
var1 = #1/1/99 2:01:00 PM#
var2 = DateAdd("n", 10, var1)
? var2 = #1/1/99 2:11:00 PM#
Convert the time values to string data types before you compare them:
var1 = #2:01:00 PM#
var2 = DateAdd("n", 10, var1)
? CStr(var2) = CStr(#2:11:00 PM#)
Use the DateDiff() function to compare precise units such as seconds:
var1 = #2:01:00 PM#
var2 = DateAdd("n", 10, var1)
? DateDiff("s", var2, #2:11:00 PM#) = 0
So a native Access Query would look like such:
UPDATE [dbo].[Customer]
SET [dbo].[Customer].[InvoiceDate] = #1/1/99 2:11:00 PM#;
As you can see it tries to work like SQL, but it isn't SQL. So by creating a Parameter based Query you can ensure the valid syntax is being implemented into the Access Database. Steve posted a nice example, so I won't post code example. But hopefully this helps you understand the differentiation between them.
来源:https://stackoverflow.com/questions/15907389/working-with-access-database-update-statment-not-working