Parse the date and check whether it is within the acceptable range:
DateTime travelDate;
if (DateTime.TryParse(Request.QueryString["TravelDate"], out travelDate))
{
sqlCmd.Parameters.AddWithValue("@TravelDate", travelDate);
}
else
{
sqlCmd.Parameters.AddWithValue("@TravelDate", DBNull.Value);
}
Also, the
QueryString
indexer already returns a string; there's no need to call
Convert.ToString
on those values:
sqlCmd.Parameters.AddWithValue("@Origin", Request.QueryString["Origin"]);
sqlCmd.Parameters.AddWithValue("@Destination", Request.QueryString["Destination"]);
NB: If you want to allow dates outside of that range, change your SQL datatype from
datetime
to either
datetime2
or
date
, both of which allow the same range of values as the .NET
DateTime
type:
Date and Time Data Types and Functions - SQL Server (Transact-SQL) | Microsoft Docs[
^]