0

Im currently using phpmyadmin as my sql database i cant seem to save 2 dates on my single table when i insert dates the other 1 turns to 0000-00-00 and the other one saves the current date

this is my code for insert as you see the "sqlinsert" is in module. my datestocked wont get insert but my expdate does 

sqlinsert("tblproducts", "code, prodname, datestocked, prodtype, prodqty, prodprice, expdate",

 "'" + txtprodcode.Text + "', '" + txtprodname.Text + "', '" + datestocked.Text + "','" + txtprodtype.Text + "', '" + txtprodqty.Text + "', '" + txtprodprice.Text + "', '" + expdate1.Text + "'")

Guys can you help me organize too im just a newbie here

VAN
  • 25
  • 2
  • 10
  • 2
    That's a [Bobby Tables](https://xkcd.com/327/). String concatenations exposes you to SQL Injection *and* conversion errors. You'll find dozens of duplicate questions in SO. *Don't* use string concatenation, use parameterized queries. Pass dates as *DateTime* parameters, not text. – Panagiotis Kanavos Feb 08 '17 at 15:32
  • What is `sqlinsert`? – Panagiotis Kanavos Feb 08 '17 at 15:33
  • Also, MySQL and SQL Server are two different things – Ňɏssa Pøngjǣrdenlarp Feb 08 '17 at 15:33
  • @Plutonix in this case the only difference is in the text you need to put in `expdate1` to delete the entire database, or at least all products. With SQL Server it would be `"); drop table tblproducts;--`. I expect the comment syntax would be slightly different for MYSQL – Panagiotis Kanavos Feb 08 '17 at 15:34
  • Possible duplicate of [C# MYSQL - I can't insert a boolean value](http://stackoverflow.com/questions/16611060/c-sharp-mysql-i-cant-insert-a-boolean-value) – Panagiotis Kanavos Feb 08 '17 at 15:37
  • actually guys its my thesis for a pharmacy. it doesnt required any internet its just local server. what do you suggest about the datestock,text? i just wont get insert but the expdate1.text does :) – VAN Feb 08 '17 at 15:38
  • I was noting the tag spam – Ňɏssa Pøngjǣrdenlarp Feb 08 '17 at 15:38
  • 1
    I suggest that you use SQL Parameters always, then pass and store dates as dates if you want them to act like dates – Ňɏssa Pøngjǣrdenlarp Feb 08 '17 at 15:39
  • how? can you teach me? sorry i dont even know a boolean value – VAN Feb 08 '17 at 15:41
  • No, SO is not a tutorial service. There are gobs and gobs of questions here on SQL Parameters - in fact it is hard to do any research at all on DB ops and not run into them. One does wonder what you've been learning if it is thesis time and you dont know what a bool is. Good luck – Ňɏssa Pøngjǣrdenlarp Feb 08 '17 at 15:59

0 Answers0