1

I am trying to input these dates into a database from an excel spreadsheet. I have been able to get C# to read the date from the spreadsheet but now the SQL command won't allow me to insert these lines into the database. I need some help getting this formatted correctly for the database to except it.

In debug mode, this is the date: 'UpdateDate '3/28/2013 12:00:00 AM' and this is what it looks like in the excel sheet: 3/28/2013 2:04:49 PM. Below is my code:

private static bool SentenceMeasures_Update(DataRow dr)
{
   bool inserted = false;
   DateTime dt;
   Database pbkDB = DatabaseFactory.CreateDatabase("PbKConnectionString");

   try
   {
      ChargeCode = dr["ChargeCode"].ToString().Trim();
      MeasureCode = dr["MeasureCode"].ToString().Trim();
      UpdateUserId = String.IsNullOrEmpty(dr["UpdateUserId"].ToString().Trim()) ? "KSCONV" : dr["UpdateUserId"].ToString().Trim();
      UpdateDate = DateTime.TryParse(dr["UpdateDate"].ToString(), out dt) ? dt : DateTime.Now;
      DbCommand dbCommand = pbkDB.GetSqlStringCommand(string.Format(@"Update tblCtStateChargeSentenceMeasures set  MeasureCode = '{1}', UpdateUserId = '{2}', UpdateDate '{3}' where ChargeCode = '{0}')", ChargeCode, MeasureCode, UpdateUserId, UpdateDate));

      pbkDB.ExecuteNonQuery(dbCommand);
      inserted = true;
   }

   catch (Exception ex)
   {
      Console.WriteLine(ex.ToString());
   }
   return inserted;
}
Improve this question
5
  • 3
    Parameterized query is the answer Commented Oct 25, 2013 at 20:36
  • 1
    What is your db? What type of date field is in the db? Is it Date, timestamp, etc.? Commented Oct 25, 2013 at 20:37
  • What error is the above generating? Commented Oct 25, 2013 at 20:41
  • I was getting an SQL error. The first answer solved my issue. Thanks everyone. Commented Oct 25, 2013 at 20:43
  • @Katherine I commented on the answer below is well, go ahead and check it off as solving your issue. Welcome to Stack Overflow! ;) Commented Oct 25, 2013 at 20:49

2 Answers 2

Reset to default
4

A parametrized query is clearer, faster and safer. Clearer because the code is easier to read; faster because SQL will reuse the query execution plan; and safer because it will protect against SQL injection. Below is your code refactored as a parameterized query:

DbCommand dbCommand = pbkDB.GetSqlStringCommand(
    @"Update tblCtStateChargeSentenceMeasures set (MeasureCode = @MeasureCode 
    , UpdateUserId = @UpdateUserId
    , UpdateDate = @UpdateDate)
    where ChargeCode = @ChargeCode");
dcCommand.Parameter.Add("ChargeCode",ChargeCode);
dcCommand.Parameter.Add("MeasureCode",MeasureCode);
dcCommand.Parameter.Add("UpdateUserId",UpdateUserId);
dcCommand.Parameter.Add("UpdateDate",UpdateDate);

pbkDB.ExecuteNonQuery(dbCommand);
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Shouldn't you simply need an equals when setting UpdateDate? I.e.

... UpdateDate = '{3}' where ChargeCode = '{0}')", ...
               ^

You might also need to format the DateTime object to fit with what SQL expects. See here and here

Improve this answer

2 Comments

@Katherine Not a problem
@Katherine if this answered your question you should use the check mark on the left of the question to indicate so. :)

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.