如何使用c#中的datetimepicker将日期(长格式)插入到访问数据库中? (错误仅在日期部分)

时间:2016-07-01 21:17:06

标签: c# datetimepicker access

Error image is here
  错误在查询行中,显示语法错误

试 {

    string zero = "0";
    DateTime dat = this.dateTimePicker1.Value.Date;
    connection1.Open();
    OleDbCommand command = new OleDbCommand();
    command.Connection = connection1;
    command.CommandText = "insert into client_table(CLIENT, DATE,BILL_AMOUNT, PAID_AMOUNT, BALANCE, CONTACT, ADDRESS )VALUES ('" + txt_client.Text + "', #" + dat.ToLongDateString() + "# ,'" + zero + "','" + zero + "','" + zero + "','" + txt_contact.Text + "','" + txt_address.Text + "')";

    command.ExecuteNonQuery();
    connection1.Close();
    MessageBox.Show("New Client Registration done Successfully.");
    connection1.Dispose();
    this.Hide();
    employee_form f1 = new employee_form("");
    f1.ShowDialog();
}

提前谢谢

2 个答案:

答案 0 :(得分:3)

在Access中,日期由#分隔,而不是'。此外,Access无法识别长日期格式。但是日期不会以任何格式存储,所以不用担心,将其更改为:

... + "', #" + dat.ToString() + "# ...etc.

虽然如果你没有参数化你的查询,可以通过SQL注入完成严重的损坏或数据暴露,因为有人可以在你隐含信任的那些文本框中键入一个SQL语句。

工作示例:

class Program
{
    static void Main(string[] args)
    {
        System.Data.OleDb.OleDbConnectionStringBuilder bldr = new System.Data.OleDb.OleDbConnectionStringBuilder();
        bldr.DataSource = @"C:\Users\tekhe\Documents\Database2.mdb";
        bldr.Provider = "Microsoft.Jet.OLEDB.4.0";

        using (System.Data.OleDb.OleDbConnection cnxn = new System.Data.OleDb.OleDbConnection(bldr.ConnectionString))
        {
            cnxn.Open();
            Console.WriteLine("open");

            using (System.Data.OleDb.OleDbCommand cmd = new System.Data.OleDb.OleDbCommand())
            {
                cmd.Connection = cnxn;
                cmd.CommandType = System.Data.CommandType.Text;
                cmd.CommandText = "INSERT INTO [Table1] ([Dob]) VALUES(#" + DateTime.Now.ToString() + "#)";
                cmd.ExecuteNonQuery();
            }
        }
        Console.ReadKey();
    }
}

enter image description here

  

更新

但是,你想做更像这样的事情,它使用参数来防止SQL注入,这很容易被利用,所以不要以为你真的不需要担心它:

static void Main(string[] args)
{
    OleDbConnectionStringBuilder bldr = new OleDbConnectionStringBuilder();
    bldr.DataSource = @"C:\Users\tekhe\Documents\Database2.mdb";
    bldr.Provider = "Microsoft.Jet.OLEDB.4.0";

    using (System.Data.OleDb.OleDbConnection cnxn = new OleDbConnection(bldr.ConnectionString))
    {
        cnxn.Open();
        Console.WriteLine("open");

        using (System.Data.OleDb.OleDbCommand cmd = new OleDbCommand())
        {
            cmd.Connection = cnxn;
            cmd.CommandType = System.Data.CommandType.Text;
            OleDbParameter dobParam = new OleDbParameter("@dob", OleDbType.Date);
            dobParam.Value = DateTime.Now;
            cmd.Parameters.Add(dobParam);
            cmd.CommandText = "INSERT INTO [Table1] ([Dob]) VALUES(@dob)";
            cmd.ExecuteNonQuery();
        }
    }
    Console.ReadKey();
}

答案 1 :(得分:0)

//在访问表中写日期的代码。

string zero = "0";
DateTime dat = this.dateTimePicker1.Value.Date;
//MessageBox.Show(dat.ToShortDateString());
connection1.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection1;
//command.CommandText = "insert into client_table(DATEE) values( '"dat.ToShortDateString()+"')";
command.CommandText = "insert into client_table (CLIENT, DATEE, BILL_AMOUNT, PAID_AMOUNT, BALANCE, CONTACT, ADDRESS )VALUES ('" + txt_client.Text + "', #"+dat.ToShortDateString()+"# ,'" + zero + "','" + zero + "','" + zero + "','" + txt_contact.Text + "','" + txt_address.Text + "')";
command.ExecuteNonQuery();
connection1.Close();
MessageBox.Show("New Client Registration done Successfully.");
connection1.Dispose();

//在两个日期范围之间接收日期的新代码

try
  {
   DateTime dat = this.dateTimePicker1.Value.Date;
   DateTime dat2 = this.dateTimePicker2.Value.Date;
   // MessageBox.Show(dat.ToShortDateString() + "  " + dat2.ToShortDateString());
   connection1.Open();
   OleDbCommand command = new OleDbCommand();
   command.Connection = connection1;
   string query;
   query = "select * from client_table Where DATEE Between #" + dat.ToLongDateString() +"# and #" + dat2.ToLongDateString() + "# ";
   command.CommandText = query;
   OleDbDataAdapter da = new OleDbDataAdapter(command);
   DataTable dt = new DataTable();
   da.Fill(dt);
   dataGridView1.DataSource = dt;
   connection1.Close();
   }
 catch (Exception ex)
   {
     MessageBox.Show("Error" + ex);
   }

谢谢大家的支持。

相关问题
最新问题