0

I have an mssql database and also i have an contact form in my asp page. I try to use DateTime.Now for saving date to mssql. But i always get an error then conversation fail when converting string to date("Karakter dizesinden tarihe ve/veya saate dönüştürülürken işlem başarısız oldu."). When i use input type date, it is working but in the codebehind it is not working.The date format in asp.net is like this "10-Aug-20", and in mssql also same. How can i solve this?

string tarih = DateTime.Now.ToShortDateString();
string insert = "insert into table (date) values(tarih)";

In mssql;

[dateMsg] DATE NOT NULL,

In some places they suggest to change database language. But i can't change, because server is too big and the datas are getting effected. Is there a way for converting.

Handelika
  • 198
  • 3
  • 11
  • 2
    Use parameters and the problem will go away – HoneyBadger Aug 10 '20 at 11:00
  • what you mean paramters? @HoneyBadger – Handelika Aug 10 '20 at 11:02
  • Do not send string representations of dates from .Net to SQL Server. Instead, sends instances of the `DateTime` struct. – Zohar Peled Aug 10 '20 at 11:04
  • @ZoharPeled, Your answer is not solving my problem. I solved it in here [shades of orange](https://shades-of-orange.com/post/Sending-DateTime-Instances-From-a-NET-Server-to-a-JavaScript-Client-and-vice-versa) and says only add `DateTime.Now.toString("O");` and solved my problem. – Handelika Aug 10 '20 at 11:18
  • Unfortunately, No, that didn't solve your problem. That just made the error go away. True, you're now using the ISO8601 string representation format, which is good, however - you're still not using proper parameters (otherwise sending an instance of `DateTime` would have solved the problem) meaning your code is a security risk. You should [read about SQL Injection](https://zoharpeled.wordpress.com/2020/07/16/back-to-basics-sql-injection/), and you might also want to read about why [datetime has no format.](https://zoharpeled.wordpress.com/2019/12/19/for-the-1024-time-datetime-has-no-format/). – Zohar Peled Aug 10 '20 at 11:26
  • Use this line of code to get date. `string tarih = DateTime.Now();` and use this insert statement `string insert = "insert into table (date) values('"+Convert.ToDateTime(tarih)+"')";` – Abdul Haseeb Aug 10 '20 at 11:39
  • @AbdulHaseeb Don't. First, `string tarih = DateTime.Now();` will not compile. `Now` is a property, not a method, and there's no implicit conversion between `DateTime` and `string`. Second, you're suggestion is a security risk. You should also read about SQL Injection. – Zohar Peled Aug 10 '20 at 11:45
  • Almost I fogot. `Datetime tarih=Datetime.Now()` and `string insert="insert into table (date) values('"+tarih+"')"` – Abdul Haseeb Aug 10 '20 at 11:47
  • I don't think it is going to be a injection problem. because it is not a text box or something. It is directly saving from codebehind. I am cleaning paramters in user based inputs. – Handelika Aug 10 '20 at 13:17
  • 1
    Even if we ignore the injection threat, there are still other benefits for using parameters - one of them is that you don't need to worry about string representation formats of datetime, another one is that you don't need to convert the date value to string and back to date.... all in all, it's a better option than string concatenation. – Zohar Peled Aug 10 '20 at 13:45

0 Answers0