How to update datetime in my database?

Question

0.00/5 (No votes)

See more:

Hi, can someone help me, i try to update my DateTime in my database. At first I insert data using this code:

C#

private void button2_Click(object sender, EventArgs e)
        {
            if (textBox1.Text == "" || textBox2.Text == "" || textBox4.Text == "" || textBox3.Text == "")
            {
                MessageBox.Show("Isi Data Terlebih Dahulu");
            }
            else
            {

                string insertQuery = "INSERT INTO login.data (Nomor, Nama, Alamat, Jenis, Jam) VALUE ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox4.Text + "','" + textBox3.Text + "', '" + DateTime.Now + "')";
                EksekusiQuery(insertQuery);
                
                CekData();
            }
        }

and in field database I got the data exactly at the current time I input the data. Now I want to create function to update data so the "current time" change to the "current time" I update the data. The idea of my program is like check in and check out.

What I have tried:

The code i tried for update is:

C#

private void button3_Click(object sender, EventArgs e)
        {
            if (textBox1.Text == "" || textBox2.Text == "" || textBox4.Text == "" || textBox3.Text == "")
            {
                MessageBox.Show("Check the Data");
            }
            else
            {
                string updateQuery = "UPDATE 'login.data' SET 'Nomor' ='" + this.textBox1.Text + "', 'Nama' ='" + this.textBox2.Text + "','Alamat' ='" + this.textBox4.Text + "','Jenis' ='" + this.textBox3.Text + "','Jam' ='" + DateTime.Now + "', WHERE 'Nomor'= '" + this.textBox1.Text + "'";
                
                EksekusiQuery(updateQuery);
                CekData();
            }
        }

and my DateTime value is Varchar, but the program cannot insert the data. I using VS C# 2010

Posted 27-Sep-20 2:10am

NandaNurdin

Updated 27-Sep-20 3:33am

Add a Solution

Comments

Richard MacCutchan 27-Sep-20 8:25am

Don't use VARCHAR for DateTime, use proper DateTime values.

Oshtri Deka 28-Sep-20 13:06pm

1. I agree with Richard's remark.
2. How long is that varchar column in DB?
3. Write us error text your receive.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Answer 1 · 2020-09-27T02:39:00

Not like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Always use Parameterized queries instead.

When you concatenate strings, you cause problems because SQL receives commands like:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'Baker's Wood'

The quote the user added terminates the string as far as SQL is concerned and you get problems. But it could be worse. If I come along and type this instead: "x';DROP TABLE MyTable;--" Then SQL receives a very different command:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';DROP TABLE MyTable;--'

Which SQL sees as three separate commands:

SQL

SELECT * FROM MyTable WHERE StreetAddress = 'x';

A perfectly valid SELECT

SQL

DROP TABLE MyTable;

A perfectly valid "delete the table" command

SQL

--'

And everything else is a comment.
So it does: selects any matching rows, deletes the table from the DB, and ignores anything else.

So ALWAYS use parameterized queries! Or be prepared to restore your DB from backup frequently. You do take backups regularly, don't you?

Having said that, there are several other problems with your approach:
1) Never pass DateTime info as a string, even if you have made the mistake of storing it as such: that means that the format of the date you pass will always depend on the user settings for the computer your app is running on - and that means that you may not be able to tell what the date is: "01-02-03" is what? First Feb 2003? Second Jan 2003? Third Feb 2001? Depends entirely on the user settings! Always pass DateTime values as DateTime via parameters.
2) If you updt\ae a field with a timestamp, you really need to be using UTC rather than the local time for the computer the app is running on. Partly to avoid daylight savings changes causing problems, but mostly to prevent international users entering wildly different times at the same moment, both of which are locally correct!
3) Don't use .Text == "" as an "Emptiness" test: use string.IsNullOrWhitepace instead. " " is not the same as ""!

One (better) way to do this is to let Sql Server handle the timestamp for you: sql server - Need a datetime field in MS SQL that automatically updates when the record is modified - Stack Overflow[^] that can use UTC and the server time so there is never any confusion over timezones, daylight saving, or a computer that has the clock set wrong ...