I am getting error when I get data between two dates

Question

0.00/5 (No votes)

See more:

Hello Guys,

I am getting error when i get data between two dates like this

Additional information: Syntax error in date in query expression '[Employee Name] = 'sajid lakha' AND [Date] >= #22/12/2016 05:14:30:PM# AND [Date] < #22/12/2016 05:14:30:PM'.

What I have tried:

C#

DataSet dsa = new DataSet();
    DataTable dt = new DataTable();
    dsa.Tables.Add(dt);
    OleDbDataAdapter da = new OleDbDataAdapter();
    da = new OleDbDataAdapter("SELECT [Employee Name],[Column1],[column2],[column3],[Flavours],[Date] from [Total] where [Employee Name] = '" + employeedata + "' AND [Date] >= #" + dateTimePicker1.Text+ "# AND [Date] < #" + dateTimePicker1.Text + "#", connection);
    da.Fill(dt);
    dataGridView1.DataSource = dt;
    connection.Close();

Posted 22-Dec-16 14:18pm

Member 9983063

Updated 22-Dec-16 17:42pm

Dave Kreskowiak

v2

Add a Solution

3 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2016-12-22T14:48:00

Solution 1

Two words: "parameterized queries".

Google for "SQL Injection attack" to find out why using string concatenation is putting your database at risk.

Then Google for "C# Parameterized queries" for examples on how to fix that problem and fix your problem with the date time strings.

Posted 22-Dec-16 14:48pm

Dave Kreskowiak

Patrice T · Answer 2 · 2016-12-22T16:33:00

Quote:
Syntax error in date in query expression '[Employee Name] = 'sajid lakha' AND [Date] >= #22/12/2016 05:14:30:PM# AND [Date] < #22/12/2016 05:14:30:PM'.

In error message, the second date is missing the # at the end. For some reasons the last # is not where it should.
Otherwise, your query is plain wrong because the 2 dates are the same, excluding any answer.

Never build a SQL query that way
SQL injection - Wikipedia[^]
SQL Injection[^]

Wendelius · Answer 3 · 2016-12-22T17:42:00

As already pointed out, parameterization is elemental key for the query to work properly. This does not only help to prevent SQL injections but also helps with possible conversion issues. For example consider if the localization of the dates is different.

Another problem is the lack of using blocks. They should be used to ensure that the objects like OleDbConnection and OleDbDataAdapter are disposed correctly. Note that you have initialized the data adapter twice

Also it would be easier if both ends of the date range would be included in the condition.

So the code should look something like

C#

DataSet dsa = new DataSet();
DataTable dt = new DataTable();
dsa.Tables.Add(dt);
string sqlQuery = 
using OleDbconnection connection = new OleDbConnection(...)) 
   using (OleDbCommand command = new OleDbCommand ()) {
      command.Connection = connection;
      command.CommandText = @"SELECT [Employee Name],[Column1],[column2],[column3],[Flavours],[Date] 
FROM [Total] 
WHERE [Employee Name] = @name AND [Date] BETWEEN @start AND @end";
      command.Parameter.Add("@name", OleDbType.VarChar, 100).Value = employeedata;
      command.Parameter.Add("@start", OleDbType.Date).Value = DateTime.Parse(dateTimePicker1.Text).Date;
      command.Parameter.Add("@end", OleDbType.Date).Value = DateTime.Parse(dateTimePicker2.Text).Date;
   
      using (OleDbDataAdapter da = new OleDbDataAdapter(sqlQuery, connection)) {
         da.Fill(dt);
      }
   }
   connection.Close();
}
dataGridView1.DataSource = dt;

The code may contain errors, it's just an example.

Other notes:
- In your original code you seem to use value from dateTimePicker1 for both start and end limits in your query. I've used dateTimePicker1 and dateTimePicker2 in the example
- Use meaningful name for the variables and the objects. This makes debugging and maintaining the code much easier. For example instead of dateTimePicker1 use StartDatePicker or something similar
- especially use meaningful names in the database objects. Having column names like Column1 or Column2 makes it really hard to understand the queries and to ensure that correct fields are used properly.

I am getting error when I get data between two dates

3 solutions

Solution 1

Solution 2

Solution 3

Add your solution here

Preview 0