Error converting datetime to string

Question

Error converting datetime to string

Navigation

#1 by (2 votes)

0

Could help me with an error when adding the data of a date I mark a conversion error, I mark the conversion error from date to string, I am using windows form, in the database the date I have it as DATETIME , It's a datepicker, I have a class called CRN which I have the data of date

public int Insert(CatalogoCRN CatalogoObj)
        {
            SqlCommand cmdInsert;
            string comandosql;
            try
            {
                comandosql = string.Format("INSERT INTO CATALOGO(NUMFACTURA, NAMECLIENTE, NUMPARTE, TIPOMATERIAL, DESCRIPTIONSPANISH," +
                    "DESCRIPTIONENGLISH, CANTIDAD, UNITPRICE, NUMPALLET, OBSERVATION, COUNTRY, FECHAINGRESO) " +
                    "VALUES('{0}','{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}','{9}','{10}','{11}')",
                  CatalogoObj.numFactura, CatalogoObj.nameClient, CatalogoObj.numPart, CatalogoObj.tipMaterial,
                  CatalogoObj.DescriptionESp, CatalogoObj.DescriptionUSA, CatalogoObj.quantity, CatalogoObj.UnitPrice,
                  CatalogoObj.numPallet, CatalogoObj.observations, CatalogoObj.country, CatalogoObj.date);

                connectionSql.Open();
                cmdInsert = new SqlCommand(comandosql, connectionSql);
                cmdInsert.ExecuteNonQuery();
                connectionSql.Close();
                return 1;
            }
            catch(Exception ex)
            {
                error = ex.Message;
                return 0;
            }


        }


 catalog.date = Convert.ToDateTime(catalogTable.Rows[0]["FECHAINGRESO"].ToString());

class CatalogoCRN
    {
        public DateTime date;

        public CatalogoCRN()
        { }

        public void AsignarDatos(DateTime  fecha)
        {
            date = fecha;

        }

c# windows

asked by Daniel 18.09.2017 в 20:25

source

1 answer

I have an error with [(ngModel)] in an ionic 2 application Problem when "preloading" images

score 2 · Accepted Answer

Try it using SqlParameter so that it is the service itself that converts and also frees you from the sql injections:

Replaces:

comandosql = string.Format("INSERT INTO CATALOGO(NUMFACTURA, NAMECLIENTE, NUMPARTE, TIPOMATERIAL, DESCRIPTIONSPANISH," +
                    "DESCRIPTIONENGLISH, CANTIDAD, UNITPRICE, NUMPALLET, OBSERVATION, COUNTRY, FECHAINGRESO) " +
                    "VALUES('{0}','{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}','{9}','{10}','{11}')",
                  CatalogoObj.numFactura, CatalogoObj.nameClient, CatalogoObj.numPart, CatalogoObj.tipMaterial,
                  CatalogoObj.DescriptionESp, CatalogoObj.DescriptionUSA, CatalogoObj.quantity, CatalogoObj.UnitPrice,
                  CatalogoObj.numPallet, CatalogoObj.observations, CatalogoObj.country, CatalogoObj.date);

                connectionSql.Open();
                cmdInsert = new SqlCommand(comandosql, connectionSql);

By:

 comandosql = "INSERT INTO CATALOGO(NUMFACTURA, NAMECLIENTE, NUMPARTE, TIPOMATERIAL, DESCRIPTIONSPANISH," +
                    "DESCRIPTIONENGLISH, CANTIDAD, UNITPRICE, NUMPALLET, OBSERVATION, COUNTRY, FECHAINGRESO) " +
                    "VALUES(@numeroFactura,@nameClient,@numPar, @tipMaterial,@DescriptionESp,@DescriptionUSA,@quantity,@UnitPrice,@numPallet,@observations,@country,@date)";


                connectionSql.Open();
                cmdInsert = new SqlCommand(comandosql, connectionSql);
                cmdInsert.Parameters.Add(new SqlParameter("numeroFactura", CatalogoObj.numFactura));
                cmdInsert.Parameters.Add(new SqlParameter("nameClient", CatalogoObj.nameClient));
                cmdInsert.Parameters.Add(new SqlParameter("numPar", CatalogoObj.numPar));
                cmdInsert.Parameters.Add(new SqlParameter("tipMaterial", CatalogoObj.tipMaterial));
                cmdInsert.Parameters.Add(new SqlParameter("DescriptionESp", CatalogoObj.DescriptionESp));
                cmdInsert.Parameters.Add(new SqlParameter("DescriptionUSA", CatalogoObj.DescriptionUSA));
                cmdInsert.Parameters.Add(new SqlParameter("quantity", CatalogoObj.quantity));
                cmdInsert.Parameters.Add(new SqlParameter("UnitPrice", CatalogoObj.UnitPrice));
                cmdInsert.Parameters.Add(new SqlParameter("numPallet", CatalogoObj.numPallet));
                cmdInsert.Parameters.Add(new SqlParameter("observations", CatalogoObj.observations));
                cmdInsert.Parameters.Add(new SqlParameter("country", CatalogoObj.country));
                cmdInsert.Parameters.Add(new SqlParameter("date", CatalogoObj.date));
cmdInsert.ExecuteNonQuery();

It's more code, but much safer.