When I am dealing with (COUNT) Int32, getting an error: Conversion failed when converting date and/or time from character string

Question

Why am I getting this error, and how can I fix it?

ADO.NET code:

myConnection.Open();

string cmdStr = "SELECT COUNT(*) FROM Sale WHERE Date = '" + DateTime.Today + "' AND User = '" +     UserBox.Text + "'";

SqlCommand Pexist = new SqlCommand(cmdStr, myConnection3);

int P = Convert.ToInt32(Pexist.ExecuteScalar().ToString());

myConnection.Close();

Error:

Conversion failed when converting date and/or time from character string.

score 4 · Accepted Answer · edited May 23 '17 at 11:56

You get this error because you don't use parameters.

string cmdStr = "SELECT COUNT(*) FROM Sale WHERE Date = @dt " + 
                 "AND User = @usr " +     
                 "AND Item = @itm " + 
                 "AND Name = @name";

 SqlCommand Pexist = new SqlCommand(cmdStr, myConnection3);
 Pexist.Parameter.AddWithValue("@dt", DateTime.Today);
 Pexist.Parameter.AddWithValue("@usr", UserBox.Text);
 Pexist.Parameter.AddWithValue("@itm", ID505.Text);
 Pexist.Parameter.AddWithValue("@name", DropDownList1.SelectedItem.ToString());
 object result = Pexist.ExecuteScalar();
 int P = (result == null ? 0 : Convert.ToInt32(result));
 myConnection.Close();

When you use parameters, you let the database engine treat your input string. The database engine knows how to handle date, string and numbers. You are free from parsing problems and you avoid Sql Injection Attacks.

For example, what happen in your query string if the textbox ID505 contains a single quote?

Also, ExecuteScalar returns an object that is

The first column of the first row in the result set, or a null reference (Nothing in Visual Basic) if the result set is empty

So it is better to check for null before trying to convert the result in an integer.

EDIT Looking back at this question after a while I should add that in this particular case the return from ExecuteScalar could never be null. This is the case because the query uses the aggregate function COUNT(*) that will return always a valid number also in case of no record found.

Rashack · Answer 2 · 2012-12-03T15:59:45.840

0

Do use parameters. It is safer and will get you around conversion issues like this...

string cmdStr = " SELECT COUNT(*) FROM Sale WHERE Date = @d AND User = @u AND Item = @i AND Name = @n";
SqlCommand Pexist = new SqlCommand(cmdStr, myConnection3);
Pexist.Parameters.Add("d", SqlDataType.DateTime).Value = DateTime.Today;

and so on...

edited Dec 03 '12 at 15:59

answered Nov 21 '12 at 23:05

Rashack

4,667
2
26
35

2

SqlServer use a different prefix for parameters name. @ – Steve Nov 21 '12 at 23:13

score -2 · Answer 3 · answered Nov 21 '12 at 23:07

-2

Replace the DateTime.Today with DateTime.Today.ToString("yyyy/MM/dd") should fix your problem.

answered Nov 21 '12 at 23:07

Eric Fan

147
9

1

this is the worst ever thing to do. – Steve Nov 21 '12 at 23:09

When I am dealing with (COUNT) Int32, getting an error: Conversion failed when converting date and/or time from character string

3 Answers3