0

我有下面的代码

technician_sqlsource.SelectCommand = "Select analyst as Analyst, sample_description, RFA_number, convert(varchar(10), updated_date, 103)as updated_date, customer, po_number, total_charged from New_Analysis_Data where analyst =  '" & FullName & "' and updated_date > '" & CDate(startdate.Text) & "'" & " and updated_date < '" & CDate(enddate.Text) & "'"

这基本上通过 sql 命令传递到 sql server 并检索两个日期之间的数据。这些日期来自 2 个文本框(开始日期和结束日期)。当我运行它时,我收到错误 -将 varchar 数据类型转换为 datetime 数据类型导致值超出范围。

如果我删除& "'" & " and updated_date < '" & CDate(enddate.Text) & "'",那么它将起作用,似乎是结束日期的问题。

4

4 回答 4

4

使用查询参数!

technician_sqlsource.SelectCommand = _
      "SELECT analyst as Analyst, sample_description, RFA_number, " & _
            " convert(varchar(10), updated_date, 103)as updated_date, " & _ 
            " customer, po_number, total_charged " & _ 
      " FROM New_Analysis_Data " & _
      " WHERE analyst = @FullName " & _
            " AND updated_date >= @StartDate AND updated_date < @EndDate"

 With technician_sqlsource.SelectCommand.Parameters
      .Add("@FullName", SqlDbType.VarChar,50).Value = FullName
      .Add("@StartDate", SqlDbType.DateTime).Value = startdate.Text
      .Add("@EndDate", SqlDbType.DateTime).Value = enddate.Text
 End With

这也可能会或可能不会解决您的结束日期问题。即使它不能解决问题,您也应该会收到更清晰的错误消息......但很可能,您没有在该文本框中输入有效的日期格式。您是否考虑过使用 DatePicker 控件?

于 2013-05-24T13:35:44.977 回答
1

如果你还想保持旧的(不安全)风格..你可以试试这个..

technician_sqlsource.SelectCommand = "Select analyst as Analyst, sample_description, RFA_number, convert(varchar(10), updated_date, 103)as updated_date, customer, po_number, total_charged from New_Analysis_Data where analyst =  '" & FullName & "' and updated_date > #" & startdate.Text & "# and updated_date < #" & enddate.Text & "#"

但是以后你必须使用查询参数!..防止SQL注入!

于 2013-05-24T14:05:01.113 回答
1

第一关你应该使用SqlParameters

它更安全,您还将摆脱日期转换问题。

            SqlCommand cmd=new SqlCommand();
            cmd.CommandText = @"
            Select  analyst as Analyst, 
                    sample_description,
                    RFA_number,
                    convert(varchar(10), updated_date, 103) as updated_date,
                    customer,
                    po_number,
                    total_charged
            from    New_Analysis_Data
            where   analyst =  @analyst
            and     updated_date between @startdate and @enddate";

            technician_sqlsource.SelectCommand = cmd;

            technician_sqlsource.SelectCommand.Parameters.Add(new SqlParameter("@analyst", FullName));
            technician_sqlsource.SelectCommand.Parameters.Add(new SqlParameter("@startdate",CDate(startdate.Text)));
            technician_sqlsource.SelectCommand.Parameters.Add(new SqlParameter("@enddate", CDate(enddate.Text)));
于 2013-05-24T13:40:16.687 回答
0

尝试这个:

technician_sqlsource.SelectCommand = "Select analyst as Analyst, sample_description, RFA_number, convert(varchar(10), updated_date, 103)as updated_date, customer, po_number, total_charged from New_Analysis_Data where analyst =  '" & FullName & "' and updated_date > '" & CDate(startdate.Text) & "' and updated_date < '" & CDate(enddate.Text) & "'"
于 2013-05-24T13:30:27.637 回答