tags:

views:

83

answers:

3
+1  Q: 

Compare date from database using parameters 

string queryString = "SELECT SUM(skupaj_kalorij)as Skupaj_Kalorij  "
                + "FROM (obroki_save LEFT JOIN users ON obroki_save.ID_uporabnika=users.ID)"
                + "WHERE (users.ID= " + a.ToString() + ") AND (obroki_save.datum= @datum)";

            using (OleDbCommand cmd = new OleDbCommand(queryString,database))                                    
                {
                    DateTime datum = DateTime.Today;
                    cmd.Parameters.AddWithValue("@datum", datum);
                }
            loadDataGrid2(queryString);

I tried now with parameters. But i don't really know how to do it correctly. I tried like this, but the parameter datum doesn't get any value(according to c#).

+2  A: 

please try this :

database = new OleDbConnection(connectionString);
                database.Open();
                date = DateTime.Now.ToShortDateString();
                string queryString = "SELECT SUM(skupaj_kalorij)as Skupaj_Kalorij  "
                    + "FROM (obroki_save LEFT JOIN users ON obroki_save.ID_uporabnika=users.ID)" 
                    + "WHERE users.ID= " + a.ToString()+" AND obroki_save.datum= '" +DateTime.Today.ToShortDateString() + "'";
                loadDataGrid2(queryString);

when you use with Date, you must write like this

select * from table where date = '@date'

not like 

select * from table where date = @date
masoud ramezani  2010-05-20 13:08:54
that's it . thank you !!
Simon  2010-05-20 13:28:35
but man. I don't get no results now.... Couse i changed the datatype from date to text in the database. Now i changed it back to date/time and i get an error that theres a wrong data type in the Conditional statement.
Simon  2010-05-20 13:34:32
use DateTime.Now.ToString(); instead of DateTime.Now.ToShortDateString();
masoud ramezani  2010-05-20 13:39:28
I changed the commas on the top (doesn't matter how they're called right now :D), so i get an messege that there's an syntax error in the number somewhere in the where statement
Simon  2010-05-20 14:23:01
+1  A: 

While it's usually useful to post the error, I'd hazard a guess and say that you're getting a conversion error with your date.

You should really look at parameterising your queries...

You should read this: http://www.aspnet101.com/2007/03/parameterized-queries-in-asp-net/

And if you can't be bothered reading that, then try changing your 'a' variable to '1; DROP TABLE obroki; --' (but only after you back up your database).

Paddy  2010-05-20 13:09:58
IT's something with the date. Couse it works without it
Simon  2010-05-20 13:21:07
Did you try the # delimiter for the date?
David-W-Fenton  2010-05-21 19:50:51
BTW, Jet/ACE is not vulnerable to that particular SQL injection vulnerability, because it doesn't execute but one SQL statement at a time.
David-W-Fenton  2010-06-15 19:46:31
A: 

Perhaps you need to write your SQL string in the SQL dialect of the database you're using. In Jet/ACE SQL (what's used by Access), the delimiter for date values is #, so you'd need this:

  obroki_save.datum= #" +DateTime.Today.ToShortDateString() + "#"

Of course, some data interface libraries translate these things for you, so that may not be the problem here.

David-W-Fenton  2010-05-20 23:41:45
nope. Doesn't work.
Simon  2010-06-14 16:12:44

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?