2

I have a birthdate column of type Date in sql database

And in my application I use a dateTimePicker to get the birth date

But when i am trying to insert the date taken from the dateTimePicker:

I get an error :

Incorrect syntax near '12'

And when I try to debug the code I find that the value taken from the dateTimePicker is

Date = {3/21/2015 12:00:00 AM}

The CODE:

//cmd is sql command
cmd.CommandText="INSERT INTO person (birthdate) VALUES("+dateTimePicker.Value.Date+")";
//con is sql connection
con.Open();
cmd.ExecuteNonQuery();
con.Close();
Improve this question
3
  • stackoverflow.com/questions/12957635/… Commented Mar 21, 2015 at 11:10
  • 3
    SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Mar 21, 2015 at 11:12
  • Also check datatype of birthdate in table Commented Mar 21, 2015 at 11:47

5 Answers 5

Reset to default
13

What you really should do is use parameters to avoid SQL injection attacks - and it also frees you from string formatting dates - also a good thing!

//cmd is sql command
cmd.CommandText = "INSERT INTO dbo.Person(birthdate) VALUES(@Birthdate);";

cmd.Parameters.Add("@Birthdate", SqlDbType.Date).Value = dateTimePicker.Value.Date;

//con is sql connection
con.Open();
cmd.ExecuteNonQuery();
con.Close();

Also, it's a recommend best practice to put your SqlConnection, SqlCommand and SqlDataReader into using(....) { .... } blocks to ensure proper disposal:

string connectionString = ".......";
string query = "INSERT INTO dbo.Person(birthdate) VALUES(@Birthdate);";

using (SqlConnection con = new SqlConnection(connectionString))
using (SqlCommand cmd = new SqlCommand(query, conn))
{
     cmd.Parameters.Add("@Birthdate", SqlDbType.Date).Value = dateTimePicker.Value.Date;

     con.Open();
     cmd.ExecuteNonQuery();
     con.Close();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

2

As mentioned before the best practice is to use parameters, but if you really need to use a TSQL statement from source you should use date in the format: yyyymmdd

cmd.CommandText="INSERT INTO person (birthdate) VALUES('"+dateTimePicker.Value.Date.ToString("yyyyMMdd")+"')";
Improve this answer

Comments

0

Try including quotes:

cmd.CommandText="INSERT INTO person (birthdate) VALUES('"+dateTimePicker.Value.Date+"')";

I'd recommend using parameters too.

Improve this answer

Comments

0

Try this as string format:

cmd.CommandText="INSERT INTO person(birthdate)VALUES('"+dateTimePicker.Value.Date+"')";
Improve this answer

1 Comment

You forgot a space before VALUES
0

dateTimePicker stores values as 1/1/1900 12:00:00 AM so you should use DATETIME if you're trying to store it since DATETIME's format is: YYYY-MM-DD HH:MI:SS.

You can print the dateTimePicker value using

MessageBox.Show(dateTimePicker.Value.ToString());

to see for yourself.

Improve this answer

1 Comment

Add more info on this.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.