0

The below dynamic SQL throws an error:

The conversion failed when converting character string to smalldatetime data type

My code:

DECLARE @pTimeStamp smalldatetime
SET @pTimeStamp = '2017-05-22 12:15:00'

DECLARE @SQLQuery AS NVARCHAR(4000)
Set @SQLQuery = N'Select *' + 
' From SampleTable'  +
' Where TimeStamp = ' + @pTimeStamp

EXECUTE sp_executesql @SQLQuery

I've also tried 

Convert(smalldatetime, @pTimeStamp, 20)

as well as 

CAST(@pTimeStamp AS smalldatetime)

but I only get other errors. I also tried declaring @pTimeStamp as varchar(50) and then converting but still got errors.

Doing something simple like:

DECLARE @pTimeStamp smalldatetime
SET @pTimeStamp = '2012-01-22 12:15:00'

Select *
From SampleTable
Where TimeStamp = @pTimeStamp

ran fine so I'm guessing it has to do with the dynamic SQL.

Please help....

Improve this question
5
  • Whenever I run into an issue like this I add a PRINT to my code for debug, to see what my dynamic sql looks like. Commented Jun 7, 2017 at 16:13
  • Why are you writing such a query? Why don't you use parameterized queries? Commented Jun 7, 2017 at 16:14
  • 1
    Why are you using dynamic sql here in the first place? From what you posted there is no need for dynamic sql at all. And if you do, you should parameterize it. Commented Jun 7, 2017 at 16:14
  • Sorry, it's a code snippet and is part of a parameterized query. Everything about the query works, I only took out this part for simplicity sake as it is the only part that does not work. Commented Jun 7, 2017 at 16:29
  • That big string manipulation is NOT a parameterized query. You may be passing parameters to your code but then you are executing it with dynamic sql which completely ruins the safety of parameters. Commented Jun 7, 2017 at 16:31

2 Answers 2

Reset to default
2

The only truly safe formats for date/time literals in SQL Server, at least for datetime and smalldatetime, are: YYYYMMDD and YYYY-MM-DDThh:mm:ss[.nnn] - Bad habits to kick : mis-handling date / range queries - Aaron Bertrand

You are already using sp_executesql, so why not take advantage of its parameters?

declare @pTimeStamp smalldatetime;
declare @params nvarchar(4000);
declare @sqlquery nvarchar(4000);

set @pTimeStamp = '2017-05-22T12:15:00';
set @params = N'@pTimeStamp smalldatetime';
set @sqlquery = N'
select *
from SampleTable
where TimeStamp = @pTimeStamp';

execute sp_executesql @sqlquery, @params, @pTimeStamp;

rextester demo: http://rextester.com/FVC44260

Dynamic sql reference:

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Eureka! Thank you SqlZim.... especially for the sample code. Looking up parameterized queries just made things difficult but your code made total sense out of it. The "T" in the middle of the value confuses me as the stored values to not have it and I did not include it in my parameter of the SP. I'll try to figure out what that is used for as I saw it used in my searches. Thanks again!
0

You need to embed the timestamp in single quotes. Try:

Set @SQLQuery = N'Select *' + 
' From SampleTable'  +
' Where TimeStamp = ''' + @pTimeStamp + ''''
Improve this answer

4 Comments

That's a bad idea. The OP needs ot use a parameter instead of string concatenation. It's not only that this allows SQL injection attacks, it also leads to conversion and parsing problems. It's a lot easier to write a correct query
@PanagiotisKanavos Bad? Not necessarily. The @pTimeStamp variable is of type smalldatetime. There's no opportunity for SQL injection. The statement would have to recompile each time it is executed. You got anything else?
Actually yes. First of all, if that's the actual statement, there's no need to use dynamic SQL. If the parameter comes from another source, both injection and conversion errors are possible. You still lose the parameterization benefits, generating redundant execution plans. You can't fix a bad query by adding quotes. Writing a correct query is easier, faster and more secure. Why cover up a bad query ?
I used ' Where TimeStamp = ''' + @pTimeStamp + '''' and still get the error.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.