formatting TextBox.Text

You may have heard it, or you may haven't, but dynamic SQL is not good practice. I don’t want to get into it but you can goggle “Why Dynamic SQL is Bad” and find out yourself.

CroCrew~

First things first, here’s an option for your problem:

Add a RegularExpressionValidator using this ValidationExpression: “^(?:(?:31(\/|-|\.)(?:0?[13578]|1[02]))\1|(?:(?:29|30)(\/|-|\.)(?:0?[1,3-9]|1[0-2])\2))(?:(?:1[6-9]|[2-9]\d)?\d{2})$|^(?:29(\/|-|\.)0?2\3(?:(?:(?:1[6-9]|[2-9]\d)?(?:0[48]|[2468][048]|[13579][26])|(?:(?:16|[2468][048]|[3579][26])00))))$|^(?:0?[1-9]|1\d|2[0-8])(\/|-|\.)(?:(?:0?[1-9])|(?:1[0-2]))\4(?:(?:1[6-9]|[2-9]\d)?\d{2})$”

From this webpage: http://www.regxlib.com/DisplayPatter...4&categoryId=5.

CroCrew is right, be careful when building dynamic sql with open user input. With a RegularExpressionValidator, and some validating on the server-side, you can secure your application and limit the formatting on the front end. The security concern is mainly that someone can enter an apostrophe and interject their own code into your sql, so make sure that you verify that the data is actually a date using IsDate(TextBox_Date) for extra security.

CroCrew and Mark,

Thank you both for the input on this topic. I decided to go against this methodology and use regularexpressionvalidators to control what the user could input. As this is currently only an internal facing web site, the security restrictions are pretty lax but it's also good to know about the issues that reside with dynamic sql.