我正在开发一个ATM软件,我希望通过输入开始日期和结束日期来获取报告。我的表中保存的日期是字符串dd/MM/yyyy的形式。我正在尝试以下代码并获得错误语法的异常。
public DataTable getReportByDate(DateTime startDate, DateTime endDate)
{
try
{
DataTable table = new DataTable();
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >=" + startDate + " AND CAST(CurrDate AS Date) <=" + endDate + ";", connectionString);
// Create a command builder to generate SQL update, insert, and
// delete commands based on selectCommand. These are used to
// update the database.
SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter);
// Populate a new data table and bind it to the BindingSource.
table.Locale = System.Globalization.CultureInfo.InvariantCulture;
dataAdapter.Fill(table);
}
return table;
}
catch (Exception e)
{
return null;
}
}
请帮帮我。
此致
答案 0 :(得分:1)
更改
SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >=" + startDate + " AND CAST(CurrDate AS Date) <=" + endDate + ";", connectionString);
到
SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >='" + startDate.ToString("yyyy-MM-dd HH:mm:ss") + "' AND CAST(CurrDate AS Date) <='" + endDate.ToString("yyyy-MM-dd HH:mm:ss") + "';", connectionString);
<强>更新
SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >='" + startDate.ToString("dd/MM/yyyy") + "' AND CAST(CurrDate AS Date) <='" + endDate.ToString("dd/MM/yyyy") + "';", connectionString);
答案 1 :(得分:1)
好的,首先,不要将异常转换为返回null
catch(Exception e)
{
return null;
}
当你吸收每一个可能的异常时,这是不好的做法。 相反,你应该只捕获sql适配器应该抛出的异常,甚至更好:不要捕获它们,而是记录它们并进一步向外捕获它们,因为如果这个方法出了问题就意味着你的SQL连接或你的代码被打破。 如果你保持原样,你只会隐藏问题并使调试变得更加困难。
其次,您应该在查询中使用参数。
现在语法错误:startDate和endDate的类型是DateTime,所以你应该先用.ToString("dd/MM/yyyy")将它们转换成一个字符串 - 这对参数来说不那么麻烦。
答案 2 :(得分:1)
您绝对应该在查询中使用参数 - 既可以避免SQL注入攻击,也可以提高性能(通过执行计划重用)。到目前为止还没有人展示过 - 所以这就是:
public DataTable getReportByDate(DateTime startDate, DateTime endDate)
{
DataTable table = new DataTable();
string sqlStmt =
"SELECT * FROM [dbo].[Transaction] " +
"WHERE CAST(CurrDate AS DATE) >= @startDate " +
"AND CAST(CurrDate AS DATE) <= @endDate";
using (SqlConnection connection = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand(sqlStmt, connection))
{
cmd.Parameters.Add("@startDate", SqlDbType.Date).Value = startDate.Date;
cmd.Parameters.Add("@endDate", SqlDbType.Date).Value = endDate.Date;
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
adapter.Fill(table);
}
return table;
}
}
答案 3 :(得分:0)
我确实尝试过,sql在查询编辑器中正常工作,但是,看起来它只能在参数化时才能工作。 所以我正在重新发布代码,我注意到主持人将我最初的回复转换为评论。
public DataTable getReportByDate(DateTime startDate, DateTime endDate)
{
DataTable table = new DataTable();
string query = "select * from [transaction] where cast(currdate as date) >= @startdate and cast(currdate as date) <= @enddate";
using (SqlConnection connection = new SqlConnection("server=(local);database=quicksilver;integrated security=true"))
{
connection.Open();
SqlCommand command = new SqlCommand(query);
command.Parameters.AddWithValue("@startdate", startdate);
command.Parameters.AddWithValue("@enddate", enddate);
command.Connection = connection;
SqlDataAdapter dataAdapter = new SqlDataAdapter(command);
//
SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter);
dataAdapter.Fill(table);
}
return table;
}