tags:

views:

596

answers:

6
Q: 

Problem with inserting date - Oracle and C#

Hi

I have Date Var in Oracle, and I try to insert Data from my C# program

sql = "insert into Table(MyDate) values (" + convert.todatetime(txt) + ")";

I get an Error, what can i do ?

+5  A: 

Use parameters. It's going to solve your problem and prevent injection.

Otávio Décio  2009-03-30 18:09:26
+3  A: 

Oracle expects it to be an actual date value, not just a string that looks like a date. You have to use the TO_DATE() function to explain how your string is formatted, something like this:

INSERT INTO Table (myDate)
VALUES(TO_DATE('2009-03-30 12:30:00', 'YYYY-MM-DD HH:mi:ss'));
Chad Birch  2009-03-30 18:10:14
That's not strictly true. If you insert the date in the format DD-MMM-YYYY, Oracle (at least 10g) accepts it as is.
Harper Shelby  2009-03-30 18:30:03
thank you very much, it help me
Gold  2009-03-30 20:19:04
A: 
  1. What error do you get?
  2. What is the value of txt.
  3. Why are you converting the string txt to a DateTime only to convert it back to a string again?
  4. The default format for a DateTime is probably not the correct format for Oracle to parse, you may need to use .ToString() on the DateTime to get it into the correct format.
Paul Ruane  2009-03-30 18:10:27
A: 

Try using DateTime.TryParse(text) or DateTime.Parse(text)

jle  2009-03-30 18:11:49
+3  A:  
cmd.CommandText = "INSERT INTO Table (myDate)VALUES(:dateParam)";

cmd.Parameters.Add(new OracleParameter(":dateParam", OracleType.DateTime))
    .Value = DateTime.Now;

cmd.ExecuteNonQuery();
Adam Fyles  2009-03-30 18:23:10
+1  A: 

Please bind your variables (like ocdecio tells) ! Not only does it prevent sql injection it is also much faster. Especially in a multi concurrency situation. Read for example here: http://download.oracle.com/docs/cd/B28359_01/appdev.111/b28844/building_odp.htm#CEGCGDAB .

"Bind variables are placeholders inside a SQL statement. When a database receives a SQL statement, it determines if the statement has already been executed and stored in memory. If the statement does exist in memory, Oracle Database can reuse it and skip the task of parsing and optimizing the statement. Using bind variables makes the statement reusable with different input values. Using bind variables also improves query performance in the database, eliminates the need for special handling of literal quotation marks in the input, and protects against SQL injection attacks."

tuinstoel  2009-03-30 18:29:26

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?