-1

I want to convert text into date format in Visual Studio 2013 by using C#. Alas! I am getting difficulties in it. I also want to save this data in SQL Server 2014.

My code is

protected void Button1_Click(object sender, EventArgs e)
        {
            con.Open();
            SqlCommand cmd = con.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText= "insert into Optical values('"+date.Text+"','"+name.Text+"','"+guardian.Text+"','"+gender.Text+"','"+age.Text+"','"+address.Text+"','"+occupation.Text+"','"+telephone.Text
                +"','"+sph.Text+"','"+cyl.Text+"','"+axis.Text+"','"+prism.Text+"','"+lsph.Text+"','"+lcyl.Text+"','"+laxis.Text+"','"+lprism.Text+"','"+note.Text+"')";
            cmd.ExecuteNonQuery();

            con.Close();
        }

I want to change just date's text into date format. Please anybody guide me, how can I do it?

TTT
  • 1,848
  • 2
  • 30
  • 60
nabia saroosh
  • 399
  • 1
  • 14
  • 36
  • How does your `date` Text looks like? You could use `DateTime.ParseExact` to convert it to `DateTime` then you can re-convert it to `string` with the format which you want. How does it look like? – Ian Mar 10 '16 at 13:43
  • 3
    Use a [parametrized insert](http://stackoverflow.com/questions/35163361/how-can-i-add-user-supplied-input-to-an-sql-statement) - you have an SQL Injection vulnerability, put a `'` in `note` and see what happens. This would also allow you to pass in a DateTime directly. – Alex K. Mar 10 '16 at 13:44
  • Can you explain exactly what "difficulties" you are having? If you are getting exceptions please include them, or describe what results you get and how they differ from what you want. – juharr Mar 10 '16 at 13:53
  • @Alex K, If I would like to use parametrized insertion then what should I do in my code, that I mentioned above? – nabia saroosh Mar 10 '16 at 13:59
  • There are good examples/explanations in the link – Alex K. Mar 10 '16 at 14:00
  • @juharr, I don't have any exception. I just want to use date instead of text as I used above in my code. – nabia saroosh Mar 10 '16 at 14:02
  • @Alex K, where is that link? – nabia saroosh Mar 10 '16 at 14:03
  • http://stackoverflow.com/questions/35163361/how-can-i-add-user-supplied-input-to-an-sql-statement – Alex K. Mar 10 '16 at 14:04
  • In this link. I am not getting any information about to conversion or paramertized insert. – nabia saroosh Mar 10 '16 at 14:08
  • Look at the answer(s) *Use parameterized SQL* **Examples** – Alex K. Mar 10 '16 at 14:14
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/105913/discussion-between-nabia-saroosh-and-alex-k). – nabia saroosh Mar 10 '16 at 14:19

1 Answers1

1

DateTime.TryParseExact() is probably a better option but you could use regular expressions to ensure that the text entered is in the correct format to begin with. You can display the format that you desire in a placeholder ("Format must be yyyy-MM-dd") on your form. To be saved in SQL Server the string could look like this "yyyy-MM-dd HH:mm:ss"

snapper
  • 210
  • 3
  • 14