尝试将GetDate()插入数据库时​​出错

时间:2012-03-19 13:52:02

标签: asp.net sql-server database

我正在尝试插入今天的日期并尝试递归递增日期。但我收到转换错误消息。

private void InsertTimesheetWeek(string timeSheetID)
{
    int row = GViewTimeSheet.Rows.Count;//get the row count
    int counter = 0;

    string[] txtDate = new string[row];// date column

    foreach (GridViewRow gRow in GViewTimeSheet.Rows)
    {

        txtDate[counter] = "GetDATE()+"+counter;

        counter++;
    }

    //Intializing sql statement
    string fields = "(TimeSheetID, Date)";
    string parm = "(@TimeSheetID, @Date)";
    string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;

    SqlCommand comm = new SqlCommand();
    comm.CommandText = sqlStatement;//assing sql statement as command
    SqlConnection connection = DataAccess.getConnection();
    comm.Connection = connection;

    try
    {
        connection.Open();
        for (int i = 0; i < row; i++)
        {
            comm.Parameters.AddWithValue("@TimeSheetID", timeSheetID);
            comm.Parameters.AddWithValue("@Date", txtDate[i]);

            comm.ExecuteNonQuery();
            comm.Parameters.Clear();
        }

    }
    catch (Exception ex)
    {
        Utilities.LogError(ex);
        throw ex;
    }
    finally
    {
        if (connection.State == ConnectionState.Open)// if the connection opened then 
        {
            connection.Close();//just close the connection in any way
        }
    }
}

为什么会导致错误?

3 个答案:

答案 0 :(得分:2)

错误是由于将“GetDATE()+ 1”,“GetDATE()+ 2”等作为参数传递而导致SQL无法将其转换为日期。

在发送到SQL之前在代码中进行日期计算:

txtDate[counter] = DateTime.Now.AddDays(counter);

如果您将SQL语句构建为每行的文字,那么您采用的方法将起作用 例如:*

for (int i = 0; i < row; i++)
{
    string fields = "(TimeSheetID, Date)";
    string parm = String.Format"({0}, GetDATE() + {1})", timeSheetID, i);
    string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;

    // ....

*的 N.B。不要使用上面的代码 - 我只提供了它作为示例。如果可能,始终使用SQL参数。参数是类型安全的,可以降低SQL注入的风险。 How To: Protect From SQL Injection in ASP.NET

答案 1 :(得分:2)

我会做两件事:

1)将参数的创建移出循环 - 你只需要创建一次

2)不要使用AddWithValue方法,因为该方法必须猜测数据类型 - 并且有时可能会错误

所以使用这个:

// Intializing sql statement
string fields = "(TimeSheetID, Date)";
string parm = "(@TimeSheetID, @Date)";
string sqlStatement = "insert into TimeSheetWeeks" + fields + "Values" + parm;

using(SqlConnection connection = DataAccess.getConnection())
using(SqlCommand comm = new SqlCommand(sqlStatement, connection))
{
   comm.Parameters.Add("@TimeSheetID", SqlDbType.VarChar, 50); // just guessing
   comm.Parameters.Add("@Date", SqlDbType.DateTime);

   try
   {
      connection.Open();

      for (int i = 0; i < row; i++)
      {
          comm.Parameters["@TimeSheetID"] = timeSheetID;
          comm.Parameters["@Date"] = txtDate[i];

          comm.ExecuteNonQuery();
      }

      connection.Close();
    }
    catch (Exception ex)
    {
        Utilities.LogError(ex);
        throw;
    }
}

正如其他人已经指出的那样,

的语法
txtDate[counter] = "GetDATE()+"+counter;

也有点奇怪 - 你想在这做什么?您要添加什么 - counter天?月?年份?秒?“根本不清楚......

也许你可以将这个逻辑“移动”到你设置日期值的位置:

for (int i = 0; i < row; i++)
{
   comm.Parameters["@TimeSheetID"] = timeSheetID;
   comm.Parameters["@Date"] = DateTime.Today.AddDays(i);  // is that what you need?

   comm.ExecuteNonQuery();
}

答案 2 :(得分:2)

尝试更改此内容:

txtDate[counter] = "GetDATE()+"+counter;

对此:

txtDate[counter] = DateTime.Now.AddDays(counter);