C# 在SQL server中插入日期和时间
这里的date\m列具有datetime类型。您不应该使用字符串连接来形成查询,因为这会导致sql注入。除了打乱您的应用程序之外,您还想问什么?响亮的警报噪音sql注入警报!!!C# 在SQL server中插入日期和时间,c#,C#,这里的date\m列具有datetime类型。您不应该使用字符串连接来形成查询,因为这会导致sql注入。除了打乱您的应用程序之外,您还想问什么?响亮的警报噪音sql注入警报!!! textBox1.Text = DateTime.Now.ToString("dd/mm/yyyy"); textBox2.Text = DateTime.Now.ToString("hh:mm:ss"); } private void button1_Click(ob
textBox1.Text = DateTime.Now.ToString("dd/mm/yyyy");
textBox2.Text = DateTime.Now.ToString("hh:mm:ss");
}
private void button1_Click(object sender, EventArgs e)
{
try
{
cmd = new SqlCommand("insert into datee (date_m,heur_m)values('" +textBox1.Text + "','" +textBox2.Text + "'", cn);
cn.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("succes");
}
catch (Exception ex)
{
MessageBox.Show("" + ex);
}
finally
{
cn.Close();
}
DateTime result;
string s = String.Format("{0} {1}", textBox1.Text, textBox2.Text);
if (DateTime.TryParse(s, out result))
{
cmd = new SqlCommand("INSERT INTO datee (date_m) VALUES (@value)", cn);
cmd.Parameters.AddWithValue("@value", result);
cn.Open();
cmd.ExecuteNonQuery();
}
textBox1.Text = DateTime.Now.ToString("yyyy-MM-dd");
textBox2.Text = DateTime.Now.ToString("HH:mm:ss");
using(var cn = new SqlConnection(...))
{
using(var command = new SqlCommand("", cn)
{
command.CommandText = "INSERT INTO datee(date_m,heur_m) VALUES (@sqltime, @sqltime1);
command.Parameters.AddWithValue(@sqlTime, textBox1.Text);
command.Parameters.AddWithValue(@sqlTime1, textBox2.Text);
cn.open();
command.ExecuteNonQuery();
}
}