Cant add data into my database on last query

Question

Why I cant add the value on the last query (EventEndDate)

string insertQuery = "INSERT INTO eventreservation(EventID,CustomerName,CustomerIC," +
                      "CustomerPhone,StartDate,EndDate) VALUES('" + txtEventID.Text + "'," +
                      "'" + txtCustomerName.Text + "','" + txtCustomerIC.Text + "','" + 
                      txtCustomerPhone.Text + "','" + EventStartDate.Text + "'," + 
                      EventEndDate.Text + ")";

Never concat strings to make SQL, use parameters, never store dates as text and please read [ask] and take the [tour]. — Ňɏssa Pøngjǣrdenlarp, Sep 03 '17 at 19:32
my last query doesn't insert the value [EventEndDate] and it give me 0000-00-00 on the database — Grimoria Grimore, Sep 03 '17 at 19:50
https://stackoverflow.com/questions/14376473/what-are-good-ways-to-prevent-sql-injection may be of use. — mjwills, Sep 03 '17 at 21:43

Salah Akbari · Accepted Answer · 2017-09-03T19:55:36.677

2

You have missed a single quote ' in your last entry:

," + EventEndDate.Text + "

That should be:

,'" + EventEndDate.Text + "'

However this kind of string concatenation is open for SQL injection. Try parameterized queries instead. Something like this:

string insertQuery = "INSERT INTO eventreservation(EventID,CustomerName,CustomerIC," +
                             "CustomerPhone,StartDate,EndDate)VALUES(@EventID,@CustomerName," +
                             "CustomerIC,@CustomerPhone,@StartDate,@EndDate)";
insertCommand.Parameters.AddWithValue(@EventID,txtEventID.Text);
//Other parameters

Although specify the type directly and use the Value property is more better than AddWithValue:

insertCommand.Parameters.Add("@EventID", SqlDbType.VarChar).Value = txtEventID.Text;

edited Sep 03 '17 at 19:55

answered Sep 03 '17 at 19:35

Salah Akbari

39,330
10
79
109

already try it. the value still 0000-00-00 in the database – Grimoria Grimore Sep 03 '17 at 19:50
@GrimoriaGrimore Try the parameterized queries version of the answer. It should works. – Salah Akbari Sep 03 '17 at 19:52
@GrimoriaGrimore Also it seems that `EndDate` is of type `DateTime`, if so you need to convert it to `DateTime` like this: `Convert.ToDateTime(EventEndDate.Text)` – Salah Akbari Sep 03 '17 at 19:54
@GrimoriaGrimore Or specify the type directly and use the `Value` property. Check my updated answer. – Salah Akbari Sep 03 '17 at 19:56
but the EventStartDate query working fine, it have same type with EventEndDate – Grimoria Grimore Sep 03 '17 at 19:57
I follow the tutorials based on this video [link] (https://www.youtube.com/watch?v=nTvAfgOPlT4) – Grimoria Grimore Sep 03 '17 at 20:13
`the value still 0000-00-00 in the database` Can you update your post with a screenshot of that value, as well as the types of the database columns? _I am surprised that `0000-00-00` is there since SQL Server doesn't support Year 0 in dates._ – mjwills Sep 03 '17 at 21:42
found the problem, my SQL seem to have problem. reinstall it... – Grimoria Grimore Sep 07 '17 at 15:23

Cant add data into my database on last query

1 Answers1