tags:

views:

45

answers:

3
Q: 

how to search data between specified dates

I have a query

OleDbCommand com = _
    new OleDbCommand("select * from techs where actd0v between '" + _
                     TextBox1.Text + "' and '" + TextBox2.Text +  "'" , con);

where textbox 1 and 2 are the specified dates in which I want to retrieve some date related to those dates. But when I'm trying to find the data between the given dates it gives me some dates which are not included in between them. Is there any pattern I need to specify to get all the dates which occur in between the specified dates.

I'm using ms access database for my project.

A: 

I'm guessing that the text in the textboxes are not in a recognized format for OleDB dates. Try using the format, "yyyy-MM-dd". Example: 2010-03-31. Can you run the app in debug mode and post the full query?

ChessWhiz  2010-03-31 21:03:57
the date in the textbox is specified in the format "mm-dd-yyyy".i m also confused here because when i specify dates like from 10th of any month to 30th of same month then it gives me all the dates in between that but when i choose 1st to 31st then it creates some error.when i have analysed is that it takes 1 as 10th so it gives me all the dates from 10th to 31st when i give 1st to 31st.similarly when i give 2nd to 31st.it gives me dates from 20th to 31st.unable to understand this.
sumit  2010-03-31 21:10:24
Again, this is due to your date formatting. Try yyyy-MM-dd. If you want to use MM-dd-yyyy, you need to write "01" instead of "1" for day. It sounds like it's expecting a two-digit day, and that's why "1" is treated as "10".
ChessWhiz  2010-03-31 21:24:31
+1  A: 

The formatting of your query looks correct. But:

Beware of SQL injection here! You need to make sure that the input coming is indeed a date and not something like: 

'; drop table users; --

One thing you could do is:

DateTime.Parse(TextBox1.Text)

and use one of the .To* methods that Access will find an agreeable format. Or create an ODBC canonical format from the DateTime object which usually works:

ODBC Canonical: yyyy-mm-dd hh:mm:ss.sss

Here's a nice overview of Sql Injection you should check out. It's not Access-specific but it does communicate the concept nicely.

Paul Sasik  2010-03-31 21:08:08
While the cited URL is a nice discussion of SQL Injection techniques overall, a boatload of it is completely inapplicable to Access/Jet/ACE because of the fact that Jet/ACE can't execute multiple statements. So, any injection that depends on appending a second SQL DDL command is going to fail. Jet/ACE is vulnerable only to exploits that modify the WHERE clause to return more records than intended, and to "discovery" exploits (i.e., issuing erroneous statements on purpose to find out the characteristics of the database and its schema).
David-W-Fenton  2010-04-21 20:29:42
A: 

SQL Injections warnings aside... I'll presume you trust your users.

Put number signs (#) on either side of the date

OleDbCommand com = _
    new OleDbCommand("select * from techs where actd0v between #" + _
                    TextBox1.Text + "# and #" + TextBox2.Text + "#" , con);

MS Access should figure it out.

It may be that the "between" was being done on a the string representation of the date rather than as a date type; which would explain the out of bound results.

CodeSlave  2010-04-21 17:16:43

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP