C# 插入错误:将varchar数据类型转换为datetime数据类型导致值超出范围
我使用以下代码将StartDate和EndDate插入到迭代表中。我在文本框中显示输出,如下所示:dd/MM/yyyy,但由于日期时间数据类型的原因,我将以MM/dd/yyy的形式写入数据库-因此我使用:C# 插入错误:将varchar数据类型转换为datetime数据类型导致值超出范围,c#,asp.net,C#,Asp.net,我使用以下代码将StartDate和EndDate插入到迭代表中。我在文本框中显示输出,如下所示:dd/MM/yyyy,但由于日期时间数据类型的原因,我将以MM/dd/yyy的形式写入数据库-因此我使用: System.Globalization.CultureInfo ci = new System.Globalization.CultureInfo("en-GB"); sc.Add(proj_id + "," + Convert.ToDateTime(box1.Text, ci) + ","
System.Globalization.CultureInfo ci = new System.Globalization.CultureInfo("en-GB");
sc.Add(proj_id + "," + Convert.ToDateTime(box1.Text, ci) + "," + Convert.ToDateTime(box2.Text, ci));
private void InsertRecords(StringCollection sc)
{
SqlConnection conn = new SqlConnection(GetConnectionString());
StringBuilder sb = new StringBuilder(string.Empty);
string[] splitItems = null;
foreach (string item in sc)
{
const string sqlStatement = "INSERT INTO Iterations (ProjectID, StartDate, EndDate) VALUES";
if (item.Contains(","))
{
splitItems = item.Split(",".ToCharArray());
sb.AppendFormat("{0}('{1}','{2}','{3}'); ", sqlStatement, splitItems[0], splitItems[1], splitItems[2]);
}
}
string sql = "INSERT INTO ProjectIterationMember (ProjectIterationID, MemberID) SELECT ProjectIterationID AS pro_it_id, @member_id FROM Iterations WHERE ProjectID = '" + proj_id + "'";
try
{
conn.Open();
SqlCommand cmd = new SqlCommand(sb.ToString(), conn);
SqlCommand cmd2 = new SqlCommand(sql, conn);
cmd.CommandType = CommandType.Text;
cmd.ExecuteNonQuery();
SqlParameter memberParameter = new SqlParameter("@member_id", SqlDbType.Int);
cmd2.Parameters.Add(memberParameter);
cmd2.CommandType = CommandType.Text;
cmd2.Prepare();
memberParameter.Value = project_manager.SelectedValue;
cmd2.ExecuteNonQuery();
for (int i = 0; i < project_members.Items.Count; ++i)
{
if (project_members.Items[i].Selected)
{
memberParameter.Value = project_members.Items[i].Value;
cmd2.ExecuteNonQuery();
}
}
//Display a popup which indicates that the record was successfully inserted
Page.ClientScript.RegisterClientScriptBlock(typeof(Page), "Script", "alert('New iterations were successfully added!');", true);
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
}
protected void btnSaveIterations_Click(object sender, EventArgs e)
{
int rowIndex = 0;
StringCollection sc = new StringCollection();
if (ViewState["CurrentTable"] != null)
{
DataTable dtCurrentTable = (DataTable)ViewState["CurrentTable"];
if (dtCurrentTable.Rows.Count > 0)
{
for (int i = 1; i <= dtCurrentTable.Rows.Count; i++)
{
//extract the TextBox values
TextBox box1 = (TextBox)Gridview1.Rows[rowIndex].Cells[1].FindControl("start_iteration");
TextBox box2 = (TextBox)Gridview1.Rows[rowIndex].Cells[2].FindControl("end_iteration");
System.Globalization.CultureInfo ci = new System.Globalization.CultureInfo("en-GB");
//get the values from the TextBoxes
//then add it to the collections with a comma "," as the delimited values
sc.Add(proj_id + "," + Convert.ToDateTime(box1.Text, ci) + "," + Convert.ToDateTime(box2.Text, ci));
rowIndex++;
}
//Call the method for executing inserts
InsertRecords(sc);
Response.Redirect(Request.Url.ToString());
//r.Close();
//conn.Close();
}
}
}
private void InsertRecords(StringCollection sc)
{
SqlConnection conn=新的SqlConnection(GetConnectionString());
StringBuilder sb=新的StringBuilder(string.Empty);
字符串[]splitItems=null;
foreach(sc中的字符串项)
{
const string sqlStatement=“插入迭代(ProjectID、StartDate、EndDate)值”;
如果(项包含(“,”))
{
splitItems=item.Split(“,”.ToCharArray());
sb.AppendFormat(“{0}('{1}','{2}','{3}');”,sqlStatement,splitItems[0],splitItems[1],splitItems[2]);
}
}
string sql=“INSERT INTO projecterationmember(projecterationid,MemberID)选择projecterationid作为pro_it_id,@member_id FROM Iterations,其中ProjectID='“+proj_id+”;
尝试
{
conn.Open();
SqlCommand cmd=新的SqlCommand(sb.ToString(),conn);
SqlCommand cmd2=新的SqlCommand(sql,conn);
cmd.CommandType=CommandType.Text;
cmd.ExecuteNonQuery();
SqlParameter memberParameter=新的SqlParameter(“@member_id”,SqlDbType.Int);
cmd2.Parameters.Add(memberParameter);
cmd2.CommandType=CommandType.Text;
cmd2.Prepare();
memberParameter.Value=project\u manager.SelectedValue;
cmd2.ExecuteNonQuery();
对于(int i=0;i0)
{
对于(int i=1;i首先:将INSERT语句连接在一起是一种非常糟糕的做法,为SQL注入打开了大门。不要这样做-改用参数化查询
const string sqlStatement =
"INSERT INTO Iterations (ProjectID, StartDate, EndDate) " +
"VALUES(@ProjectID, @StartDate, @EndDate)";
在这里:
string sql =
"INSERT INTO ProjectIterationMember (ProjectIterationID, MemberID) " +
"SELECT ProjectIterationID AS pro_it_id, @member_id " +
"FROM Iterations WHERE ProjectID = @ProjectID";
您需要为SqlCommand
设置参数,并在执行查询之前传入值
SqlCommand _cmd = new SqlCommand(sqlStatement, _connection);
_cmd.Parameters.Add("@ProjectID", SqlDbType.Int);
_cmd.Parameters["@ProjectID"].Value = 42;
_cmd.Parameters.Add("@StartDate", SqlDbType.DateTime);
_cmd.Parameters["@StartDate"].Value = Convert.ToDateTime(your textbox string);
_cmd.Parameters.Add("@EndDate", SqlDbType.DateTime);
_cmd.Parameters["@EndDate"].Value = Convert.ToDateTime(your textbox string);
第二:SQL Server的范围是从1/1/1753
到9999年底-如果您的任何字符串表示1753年之前的日期,您就会遇到这个问题。请验证您的输入!当您使用参数化查询时,您可以在设置SqlCommand.Parameters
的值时执行此操作-任何超出在将SQL Server支持的范围(例如“1/1/0001”等日期)传递到SQL Server之前,必须对其进行“消毒”。是否检查了开发环境和服务器是否具有相同的本地化/区域设置?