Hi,
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
The TimeCreated field is specified as a date field.
I then subsequently read from the database and check against the
current time....
dateCreated = dr.Item("Timecr eated")
dateNow = Now()
If (DateDiff(DateI nterval.Minute, dateCreated, dateNow)) 5
Then.....
What I am finding is the day and month has been interchanged...
7/6/2007 9:03:14 = datecreated
6/7/2007 9:03:16 = datenow
Now the annoying thing was I wrote this yesterday on the 6/6 and
everything worked as expected. Come today!!!
What trick can I use to remedy this?
Cheers,
Pb
7  1510 
pb <ph**********@h otmail.comwrote :
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.com wrote:
pb <philbrier...@h otmail.comwrote :
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com >http://www.pobox.com/~skeet Blog:http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
On Jun 6, 3:41 pm, pb <philbrier...@h otmail.comwrote :
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.com wrote:
pb <philbrier...@h otmail.comwrote :
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com >http://www.pobox.com/~skeet Blog:http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
There's no problem with the dates at all. Both '7/6/2007' and
'6/7/2007' are valid dates representing June 7, 2007.
June 7, 2007 is 6/7/2007 in some parts of the world, 7/6/2007 in
others. It's common in Europe, I think. What date format your
computer gives you (month-first or day-first) depends on your
operating system's localization settings (Regional & Language Options
control panel, in recent versions of Windows). You're likely seeing
one of your client computers with a different localization setting
than what you're expecting. Wait another week until 13/6/2007, and
see what happens with your statements!
The best way to fix this is to switch to parameterized sql statements,
as Jon suggested.
Michael
On Jun 6, 3:26 pm, pb <philbrier...@h otmail.comwrote :
Hi,
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
Hey Pb, I don't mean to hassle you, but have you considered what would
happen if a user learned a little something about your application and
entered their email address as "foo';trunc ate Visits;--"
Don't try that on your production database.
Michael
On Jun 7, 10:26 am, "mpetro...@gmai l.com" <mpetro...@gmai l.comwrote:
On Jun 6, 3:41 pm, pb <philbrier...@h otmail.comwrote :
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.com wrote:
pb <philbrier...@h otmail.comwrote :
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com >http://www.pobox.com/~skeetBlog:http....com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
There's no problem with the dates at all. Both '7/6/2007' and
'6/7/2007' are valid dates representing June 7, 2007.
June 7, 2007 is 6/7/2007 in some parts of the world, 7/6/2007 in
others. It's common in Europe, I think. What date format your
computer gives you (month-first or day-first) depends on your
operating system's localization settings (Regional & Language Options
control panel, in recent versions of Windows). You're likely seeing
one of your client computers with a different localization setting
than what you're expecting. Wait another week until 13/6/2007, and
see what happens with your statements!
The best way to fix this is to switch to parameterized sql statements,
as Jon suggested.
Michael- Hide quoted text -
- Show quoted text -
Hi - I am going to swithch to parameterised queries, just need a
little more time to investigate how to do this...
BUT...
I am running both these queries on my local development machine - not
on the web. So how does that explain why the dates are different -
nothing has gone outside of my laptop!
pb <ph**********@h otmail.comwrote :
Hi - I am going to swithch to parameterised queries, just need a
little more time to investigate how to do this...
BUT...
I am running both these queries on my local development machine - not
on the web. So how does that explain why the dates are different -
nothing has gone outside of my laptop!
It's possible that the database instance itself is in a particular
culture.
--
Jon Skeet - <sk***@pobox.co m> http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
pb wrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
The TimeCreated field is specified as a date field.
How about making sure the dates/times are specified unambiguously in ISO
8601 format, like yyyy-MM-dd hh:mm:ss ?
Andrew This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Simon Brooke |
last post by:
I'm investigating a bug a customer has reported in our database
abstraction layer, and it's making me very unhappy.
Brief summary:
I have a database abstraction layer which is intended to mediate
between webapps and arbitrary database backends using JDBC. I am very
unwilling indeed to write special-case code for particular
databases. Our code has worked satisfactorily with many databases,
including many instances MS SQLServer 2000...
|
by: Richard Hollenbeck |
last post by:
I'm trying to write some code that will convert any of the most popular
standard date formats twice in to something like "dd Mmm yyyy" (i.e. 08 Jan
1908) and compare the first with the second and calculate days, months, and
years. This is not for a college course. It's for my own personal
genealogy website. I'm stumped about the code. I'm working on it but not
making much progress. Is there any free code available anywhere? I know it...
|
by: Lyn |
last post by:
Hi,
I am developing a project in which I am checking for records with
overlapping start/end dates. Record dates must not overlap date of birth,
date of death, be in the future, and must not overlap existing records from
the same table.
I had this all working some time ago, but recently when I have gone back to
do more testing, part of these validations no longer work. While there have
been changes to the code in the meantime, I cannot...
|
by: Assimalyst |
last post by:
Hi,
I have a working script that converts a dd/mm/yyyy text box date entry
to yyyy/mm/dd and compares it to the current date, giving an error
through an asp.net custom validator, it is as follows:
function doDateCheckNow(source, args)
{
var oDate = document.getElementById(source.controltovalidate); //
dd/mm/yyyy
|
by: andreas |
last post by:
When I copy a vb.net project using date formats from one PC with a windows
date format f.e. dd/mm/yyyy to another PC having a format yy/mm/dd then I
get errors.
How can I change for a while in the project the date format in vb.code (
not in Windows) and how can I find out which date format the PC Windows is
using.
Thanks for any response
| | |
by: NH |
last post by:
I want to allow users to enter dates in a text box in either the US "MM dd
yy" format or the UK "dd MM yy" format.
But how can I validate these dates? All the date functions e.g. ISdate,
convert.ToDatetime etc fail on the US date format as the application and IIS
is set to UK format.
Its strange that the date format("12/03/06","MM dd yy") is interpretated
correctly but format("12/22/06","MM dd yy") bombs out.
|
by: bruce.dodds |
last post by:
Access seems to be handling a date string conversion inconsistently in
an append query.
The query converts a YYYYMM string into a date, using the following
function:
CDate(Right(,2) & "/1/" &
Left(,4))
I entered the string "200715" in a record to test an error condition.
|
by: fniles |
last post by:
On my machine in the office I change the computer setting to English (UK) so
the date format is dd/mm/yyyy instead of mm/dd/yyyy for US.
This problem happens in either Access or SQL Server.
In the database I have a table with Date/time column. The database is
located on a machine that is set to dd/mm/yyyy also.
When I enter date 7/1/08 (as in January 7, 2008), it stores it in the
database as 1/7/08 instead of 7/1/08. Why is it like that...
|
by: ollyb303 |
last post by:
Hello,
I am using a dynamic crosstab report to track performance statistics for my company and I have hit a problem.
I would like the option to track stats daily (for the last 7 complete days), weekly (for the last 6 weeks) and monthly (for the last 6 complete months).
Daily and monthly are not causing me a problem - I have used the following code to construct the query:
strXT = "TRANSFORM Sum(Query2.STAT) AS SumOfSTAT " & _...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
