Click here to Skip to main content
15,899,475 members
Search within:


String was not recognized as a valid datetime.
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
C#
SQLite
i am writing this method to select data which is based on entry date and entry date is passing throw two textboxes.

string txtSQLQuery = "SELECT c.passid,p.type_of_card , c.name , c.validdate , c.permissible , c.fromstation , c.tostation , c.upjourneydate , c.downjourneydate , c.familymembers , c.mobileno, c.empcode , c.entrydate FROM carddetails c inner join passcategory p on c.passid=p.passid WHERE entrydate between ( '"+ dtFrom + "') and ('"+dtTo+"'); ";

What I have tried:

  sql_con = myConnection.SetConnection();
            using (SQLiteConnection con = new SQLiteConnection(sql_con))
            {
                con.Open();
                
                string dtFrom =txtFromdt.Text;
                string dtTo = txtTdate.Text;
                string txtSQLQuery = "SELECT  c.passid,p.type_of_card , c.name , c.validdate , c.permissible , c.fromstation , c.tostation , c.upjourneydate , c.downjourneydate , c.familymembers , c.mobileno, c.empcode , c.entrydate FROM carddetails c inner join passcategory p on c.passid=p.passid WHERE entrydate between ( '"+ dtFrom + "') and ('"+dtTo+"'); ";
                DataSet ds = new DataSet();
                SQLiteDataAdapter da = new SQLiteDataAdapter(txtSQLQuery,con);
                ds.Reset();
                da.Fill(ds);
                datashow_grid.DataSource = ds.Tables[0];              

                con.Close();


when i tried query in sqllite directly it works completely fine but under above function it gives exception.
Posted
Updated 22-Jan-18 23:49pm
Add a Solution
Comments
[no name] 23-Jan-18 4:19am    
Will you please mention what exception being thrown?

3 solutions

Simple: don't do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'
The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'
Which SQL sees as three separate commands:
SQL
SELECT * FROM MyTable WHERE StreetAddress = 'x';
A perfectly valid SELECT
SQL
DROP TABLE MyTable;
A perfectly valid "delete the table" command
SQL
--'
And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Instead, use DateTime.TryParse to convert the user strings to DateTime objects - reporting any problems back to the user - then pass the DateTime objects as parameters to SQL. Your problem will disappear, and your code will be less vulnerable. Then go through the whole rest of your code and do the same thing - leave no concatenation in there, or you will lose your DB...
 
Share this answer
 
Posted
Further to OriginalGriff's solution, for handling DateTime in SQLite, this article should answer your questions: SQLite Date & Time - How To Handle Date and Time in SQLite[^]
 
Share this answer
 
Posted
Note:- Concatenating the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^], This applies to SQLITE as well, SQLite3 Injection Cheat Sheet -[^]

Quote:
String was not recognized as a valid datetime.

The Code which you have posted and the error message titled has not relation, since you are no where casting the string to datetime. However ,
Use DateTime.TryParseExact Method [^] for converting string to DateTime object
refer the inline comments, and try the below code

string dtFrom =txtFromdt.Text;
       string dtTo = txtTdate.Text;
       // assuming the date Format is mm/dd/yyyy
       string dateFormat = "MM/dd/yyyy";  // change this value based on your format
       DateTime FromDate ;
       DateTime ToDaate ;
       if( !DateTime.TryParseExact(dtFrom,dateFormat,CultureInfo.CurrentCulture, DateTimeStyles.None,out FromDate) ){
           // show the error message to the UI for invalid From Date
           return;
       }
        if( !DateTime.TryParseExact(dtTo,dateFormat,CultureInfo.CurrentCulture, DateTimeStyles.None,out ToDaate) ){
           // show the error message to the UI for invalid TO Date
            return;
       }

        using (SQLiteConnection con = new SQLiteConnection(sql_con))
        {
            string txtSQLQuery = "SELECT  c.passid,p.type_of_card , c.name , c.validdate , c.permissible , c.fromstation , c.tostation , c.upjourneydate ," +
            "c.downjourneydate , c.familymembers , c.mobileno, c.empcode , c.entrydate FROM carddetails c inner join passcategory p on c.passid=p.passid " +
            "WHERE entrydate between @dtFrom and @dtTo ";
            SQLiteCommand cmd = new SQLiteCommand(txtSQLQuery, con);
            cmd.Parameters.AddWithValue("@dtFrom", FromDate);
            cmd.Parameters.AddWithValue("@dtTo", ToDaate);
            DataSet ds = new DataSet();
            SQLiteDataAdapter da = new SQLiteDataAdapter(cmd);
            da.Fill(ds);
        }
 
Share this answer
 
Posted
v2
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 23 Jan 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-05-14:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900