如何将系统日期和时间传递到SQL Server数据库
本文关键字:SQL Server 数据库 时间 系统 日期 | 更新日期: 2023-09-27 18:27:49
我想使用C#程序获取系统日期和时间,并将其传递到数据库。我在SQL Server表中使用了DateTime数据类型。
我使用DateTime dt = DateTime.Now;方法来获取系统日期和时间。但我把它传给了数据库,我得到了以下错误。
字符串或二进制数据将被截断。声明已经终止。
如何解决此错误。
表格结构-
create table Candidates_ElecCenter(
Cand_ID varchar(10) primary key,
Party_ID varchar(3),
Name varchar(100),
NIC varchar(50),
DistrictID varchar(3) ,
seat varchar(50) ,
Total_Votes int,
year datetime default DATENAME(year, GETDATE()) ,
Candidate_Type int ,
CONSTRAINT fk_CandDistrict FOREIGN KEY (DistrictID) REFERENCES District(District_ID),
CONSTRAINT fk_Cand_year_Election FOREIGN KEY (year) REFERENCES Election(year),
CONSTRAINT fk_Non_Ind_Party_ID_cand FOREIGN KEY (Party_ID) REFERENCES NonIndependent_Poll_Party(Party_ID),
CONSTRAINT fk_Ind_Party_ID_cand FOREIGN KEY (Party_ID) REFERENCES Independent_Poll_Party(Party_ID),
);
功能:
internal bool InsertDetails(string p, string p_2, string p_3, string p_4, string p_5, string p_6, int sts)
{
bool status = false;
if (conn.State.ToString() == "Closed")
{
conn.Open();
}
SqlCommand newCmd = conn.CreateCommand();
newCmd.Connection = conn;
newCmd.CommandType = CommandType.Text;
DateTime now = DateTime.Now;
newCmd.CommandText = "INSERT INTO Candidates_ElecCenter(Cand_ID,Party_ID,Name,NIC,DistrictID,seat,year,Candidate_Type) VALUES ('" + p + "','" + p_2 + "','" + p_3 + "' ,'" + p_4 + "', '" + p_5 + "', '" + p_6 + "', '" + now + "','" + sts + "')";
newCmd.ExecuteNonQuery();
conn.Close();
status = true;
return status;
}
using(SqlCommand newCmd = conn.CreateCommand())
{
newCmd.Connection = conn;
newCmd.CommandType = CommandType.Text;
DateTime now = DateTime.Now;
newCmd.CommandText = "INSERT INTO Candidates_ElecCenter(Cand_ID,Party_ID,Name,NIC,DistrictID,seat,year,Candidate_Type) VALUES (@Cand_ID,@Party_ID,@Name,@NIC,@DistrictID,@seat,@year,@Candidate_Type)";
newCmd.Parameters.AddWithValue("@Cand_ID", p);
newCmd.Parameters.AddWithValue("@Party_ID", p_2);
newCmd.Parameters.AddWithValue("@Name", p_3);
newCmd.Parameters.AddWithValue("@NIC", p_4);
newCmd.Parameters.AddWithValue("@DistrictID", p_5);
newCmd.Parameters.AddWithValue("@seat", p_6);
newCmd.Parameters.AddWithValue("@year", now);
newCmd.Parameters.AddWithValue("@Candidate_Type", sts);
newCmd.ExecuteNonQuery();
}
将字符串连接在一起形成查询会使您面临SQL注入攻击的风险,而且您不需要这样做。此外,如果可以的话,用"using"包装你的连接,那么你就不需要担心关闭它了。
SqlParameter param2 = new SqlParameter( "@news_date", SqlDbType.DateTime );
param2.Value = DateTime.Today;
command.Parameters.Add( param2 );
这有帮助吗?