php
iphone
css
c
xml
android
ruby-on-rails
objective-c
visual-studio
multithreading
eclipse
html5
json
algorithm
facebook
cocoa
apache
asp
jsp
postgresql
Try to use Parametrized Queries to Avoid Sql Injection
ooops, OdbcCommand seems different with SqlCommand For Parametriezed Queries.
Change
System.Data.Odbc.OdbcCommand oCmd = oConn.CreateCommand(); oCmd.CommandText = @"SELECT COD,PRICE,SMAN_COD FROM C:\sales\sl.DBF WHERE DATE='"+dateTimePicker1.Text+"'";
To
System.Data.Odbc.OdbcCommand oCmd = oConn.CreateCommand(); oCmd.CommandText = @"SELECT COD,PRICE,SMAN_COD FROM C:\sales\sl.DBF WHERE DATE=?"; oCmd.Parameters.Add ("DATE", OdbcType.DateTime).Value = dateTimePicker1.Value;
Hopefully this will help you!
Don't send the date/time value in the SQL at all. Use a parameterized query - that way you don't need to concern yourself with the format. Why complicate things and leave yourself open to subtle problems when you can communicate the data without parsing and formatting it?
Additionally, if you get in the habit of using parameters for all values, you'll avoid SQL injection attacks.
In this case you'd use DateTimePicker.Value instead of DateTimePicker.Text, to get at the value as a DateTime.
DateTimePicker.Value
DateTimePicker.Text
DateTime
If you want to make sure that the date sent into the database is formated in a proper way, I would recommend the following date format:
yyyy-MM-dd
This will, to my knowledge, work regardless of the culture of your machine, and the machine running the database server.
This format is called ISO 8601.
I think the problem is that your Output Date is in the Format of 12/01/2011
If it is. you need to convert it to 2010-01-12
the DateTimePicker i think has a property called SelectedDate instead of Text
If that is the case then
use:
String.Format("{0:yyyy-MM-dd}", DatePicker1.SelectedDate);
This is happening because sql expects the date to be in a certain format. Try replacing
dateTimePicker1.Text
with
dateTimePicker1.Text.ToString("dd mmm yyyy");
Hope this helps.