從數據庫獲取字符串數據並將其轉換爲查詢中的日期對象

Question

我正在開發一個ATM軟件，我想通過輸入開始日期和結束日期來獲取報告。日期保存在我的表格中的形式是字符串dd/MM/yyyy。我正在嘗試下面的代碼，並得到不正確的語法異常。

public DataTable getReportByDate(DateTime startDate, DateTime endDate) 
{ 
    try 
    { 
     DataTable table = new DataTable(); 

     using (SqlConnection connection = new SqlConnection(connectionString)) 
     { 
     SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >=" + startDate + " AND CAST(CurrDate AS Date) <=" + endDate + ";", connectionString); 

     // Create a command builder to generate SQL update, insert, and 
     // delete commands based on selectCommand. These are used to 
     // update the database. 
     SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter); 

     // Populate a new data table and bind it to the BindingSource. 
     table.Locale = System.Globalization.CultureInfo.InvariantCulture; 
     dataAdapter.Fill(table); 
     } 
     return table; 
    } 
    catch (Exception e) 
    { 
     return null; 
    } 
} 

請幫幫我。

問候

Answer 1

變化

SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >=" + startDate + " AND CAST(CurrDate AS Date) <=" + endDate + ";", connectionString); 

要

SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >='" + startDate.ToString("yyyy-MM-dd HH:mm:ss") + "' AND CAST(CurrDate AS Date) <='" + endDate.ToString("yyyy-MM-dd HH:mm:ss") + "';", connectionString); 

UPDATE：

SqlDataAdapter dataAdapter = new SqlDataAdapter("Select * from [Transaction] Where CAST(CurrDate AS Date) >='" + startDate.ToString("dd/MM/yyyy") + "' AND CAST(CurrDate AS Date) <='" + endDate.ToString("dd/MM/yyyy") + "';", connectionString); 

Answer 2

確定，首先，不要轉例外成返回NULL

catch(Exception e) 
{ 
    return null; 
} 

這是不好的做法，因爲你吸了任何可能的例外。 相反，你應該只捕獲SQL適配器應該拋出的異常，甚至更好：不捕獲它們，而是記錄它們並向外捕獲它們，因爲如果在這種方法中出現錯誤，它意味着你的SQL連接或你的代碼被破壞。 如果將它保留原樣，只會隱藏問題並使調試更加困難。

其次，你應該在你的查詢中使用參數。

現在語法錯誤：startDate和endDate是DateTime類型的，所以您應該先將它們轉換爲一個字符串，然後用.ToString("dd/MM/yyyy") - 這樣可以減少參數的麻煩。

Answer 3

您應該在查詢中明確使用參數 - 既可以避免SQL注入攻擊，也可以提高性能（通過執行計劃重用）。沒有人迄今已顯示了它 - 那麼這就是：

public DataTable getReportByDate(DateTime startDate, DateTime endDate) 
{ 
    DataTable table = new DataTable(); 

    string sqlStmt = 
     "SELECT * FROM [dbo].[Transaction] " + 
     "WHERE CAST(CurrDate AS DATE) >= @startDate " + 
     "AND CAST(CurrDate AS DATE) <= @endDate"; 

     using (SqlConnection connection = new SqlConnection(connectionString)) 
     using (SqlCommand cmd = new SqlCommand(sqlStmt, connection)) 
     { 
     cmd.Parameters.Add("@startDate", SqlDbType.Date).Value = startDate.Date; 
     cmd.Parameters.Add("@endDate", SqlDbType.Date).Value = endDate.Date; 

     SqlDataAdapter adapter = new SqlDataAdapter(cmd); 
     adapter.Fill(table); 
     } 

     return table; 
    } 
} 

Answer 4

我也試試，SQL通常工作在查詢編輯器，但是，如果出現參數只能工作。 所以我重新發布了代碼，我注意到一位版主將我最初的回覆轉換爲評論。

public DataTable getReportByDate(DateTime startDate, DateTime endDate) 
{ 
DataTable table = new DataTable(); 
      string query = "select * from [transaction] where cast(currdate as date) >= @startdate and cast(currdate as date) <= @enddate"; 
      using (SqlConnection connection = new SqlConnection("server=(local);database=quicksilver;integrated security=true")) 
      { 
       connection.Open(); 
       SqlCommand command = new SqlCommand(query); 
       command.Parameters.AddWithValue("@startdate", startdate); 
       command.Parameters.AddWithValue("@enddate", enddate); 
       command.Connection = connection; 

       SqlDataAdapter dataAdapter = new SqlDataAdapter(command); 
       // 
       SqlCommandBuilder commandBuilder = new SqlCommandBuilder(dataAdapter); 
       dataAdapter.Fill(table); 

      } 
return table; 
}