我正在尝试插入今天的日期并尝试递归递增日期。但我收到转换错误消息。
private void InsertTimesheetWeek(string timeSheetID)
{
int row = GViewTimeSheet.Rows.Count;//get the row count
int counter = 0;
string[] txtDate = new string[row];// date column
foreach (GridViewRow gRow in GViewTimeSheet.Rows)
{
txtDate[counter] = "GetDATE()+"+counter;
counter++;
}
//Intializing sql statement
string fields = "(TimeSheetID, Date)";
string parm = "(@TimeSheetID, @Date)";
string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;
SqlCommand comm = new SqlCommand();
comm.CommandText = sqlStatement;//assing sql statement as command
SqlConnection connection = DataAccess.getConnection();
comm.Connection = connection;
try
{
connection.Open();
for (int i = 0; i < row; i++)
{
comm.Parameters.AddWithValue("@TimeSheetID", timeSheetID);
comm.Parameters.AddWithValue("@Date", txtDate[i]);
comm.ExecuteNonQuery();
comm.Parameters.Clear();
}
}
catch (Exception ex)
{
Utilities.LogError(ex);
throw ex;
}
finally
{
if (connection.State == ConnectionState.Open)// if the connection opened then
{
connection.Close();//just close the connection in any way
}
}
}
为什么会导致错误?
答案 0 :(得分:2)
错误是由于将“GetDATE()+ 1”,“GetDATE()+ 2”等作为参数传递而导致SQL无法将其转换为日期。
在发送到SQL之前在代码中进行日期计算:
txtDate[counter] = DateTime.Now.AddDays(counter);
如果您将SQL语句构建为每行的文字,那么您采用的方法将起作用 例如:*
for (int i = 0; i < row; i++)
{
string fields = "(TimeSheetID, Date)";
string parm = String.Format"({0}, GetDATE() + {1})", timeSheetID, i);
string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;
// ....
*的 N.B。不要使用上面的代码 - 我只提供了它作为示例。如果可能,始终使用SQL参数。参数是类型安全的,可以降低SQL注入的风险。 How To: Protect From SQL Injection in ASP.NET 强>
答案 1 :(得分:2)
我会做两件事:
1)将参数的创建移出循环 - 你只需要创建一次
2)不要使用AddWithValue
方法,因为该方法必须猜测数据类型 - 并且有时可能会错误
所以使用这个:
// Intializing sql statement
string fields = "(TimeSheetID, Date)";
string parm = "(@TimeSheetID, @Date)";
string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;
using(SqlConnection connection = DataAccess.getConnection())
using(SqlCommand comm = new SqlCommand(sqlStatement, connection))
{
comm.Parameters.Add("@TimeSheetID", SqlDbType.VarChar, 50); // just guessing
comm.Parameters.Add("@Date", SqlDbType.DateTime);
try
{
connection.Open();
for (int i = 0; i < row; i++)
{
comm.Parameters["@TimeSheetID"] = timeSheetID;
comm.Parameters["@Date"] = txtDate[i];
comm.ExecuteNonQuery();
}
connection.Close();
}
catch (Exception ex)
{
Utilities.LogError(ex);
throw;
}
}
正如其他人已经指出的那样,
的语法txtDate[counter] = "GetDATE()+"+counter;
也有点奇怪 - 你想在这做什么?您要添加什么 - counter
天?月?年份?秒?“根本不清楚......
也许你可以将这个逻辑“移动”到你设置日期值的位置:
for (int i = 0; i < row; i++)
{
comm.Parameters["@TimeSheetID"] = timeSheetID;
comm.Parameters["@Date"] = DateTime.Today.AddDays(i); // is that what you need?
comm.ExecuteNonQuery();
}
答案 2 :(得分:2)
尝试更改此内容:
txtDate[counter] = "GetDATE()+"+counter;
对此:
txtDate[counter] = DateTime.Now.AddDays(counter);