Hi,
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
The TimeCreated field is specified as a date field.
I then subsequently read from the database and check against the
current time....
dateCreated = dr.Item("Timecreated")
dateNow = Now()
If (DateDiff(DateInterval.Minute, dateCreated, dateNow)) 5
Then.....
What I am finding is the day and month has been interchanged...
7/6/2007 9:03:14 = datecreated
6/7/2007 9:03:16 = datenow
Now the annoying thing was I wrote this yesterday on the 6/6 and
everything worked as expected. Come today!!!
What trick can I use to remedy this?
Cheers,
Pb 7 1484
pb <ph**********@hotmail.comwrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <sk***@pobox.com> http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.comwrote:
pb <philbrier...@hotmail.comwrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com>http://www.pobox.com/~skeet Blog:http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
On Jun 6, 3:41 pm, pb <philbrier...@hotmail.comwrote:
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.comwrote:
pb <philbrier...@hotmail.comwrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com>http://www.pobox.com/~skeet Blog:http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
There's no problem with the dates at all. Both '7/6/2007' and
'6/7/2007' are valid dates representing June 7, 2007.
June 7, 2007 is 6/7/2007 in some parts of the world, 7/6/2007 in
others. It's common in Europe, I think. What date format your
computer gives you (month-first or day-first) depends on your
operating system's localization settings (Regional & Language Options
control panel, in recent versions of Windows). You're likely seeing
one of your client computers with a different localization setting
than what you're expecting. Wait another week until 13/6/2007, and
see what happens with your statements!
The best way to fix this is to switch to parameterized sql statements,
as Jon suggested.
Michael
On Jun 6, 3:26 pm, pb <philbrier...@hotmail.comwrote:
Hi,
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
Hey Pb, I don't mean to hassle you, but have you considered what would
happen if a user learned a little something about your application and
entered their email address as "foo';truncate Visits;--"
Don't try that on your production database.
Michael
On Jun 7, 10:26 am, "mpetro...@gmail.com" <mpetro...@gmail.comwrote:
On Jun 6, 3:41 pm, pb <philbrier...@hotmail.comwrote:
On Jun 7, 9:31 am, Jon Skeet [C# MVP] <s...@pobox.comwrote:
pb <philbrier...@hotmail.comwrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
That's a very bad way of updating a database. It leaves you open for
SQL injection attacks, and as you've found there's a problem with
formatting dates and times.
Use a parameterized SQL command instead.
--
Jon Skeet - <s...@pobox.com>http://www.pobox.com/~skeetBlog:http....com/jon.skeet
If replying to the group, please do not mail me too
Thanks for the response, but my question is why there is a problem
with the dates?
There's no problem with the dates at all. Both '7/6/2007' and
'6/7/2007' are valid dates representing June 7, 2007.
June 7, 2007 is 6/7/2007 in some parts of the world, 7/6/2007 in
others. It's common in Europe, I think. What date format your
computer gives you (month-first or day-first) depends on your
operating system's localization settings (Regional & Language Options
control panel, in recent versions of Windows). You're likely seeing
one of your client computers with a different localization setting
than what you're expecting. Wait another week until 13/6/2007, and
see what happens with your statements!
The best way to fix this is to switch to parameterized sql statements,
as Jon suggested.
Michael- Hide quoted text -
- Show quoted text -
Hi - I am going to swithch to parameterised queries, just need a
little more time to investigate how to do this...
BUT...
I am running both these queries on my local development machine - not
on the web. So how does that explain why the dates are different -
nothing has gone outside of my laptop!
pb <ph**********@hotmail.comwrote:
Hi - I am going to swithch to parameterised queries, just need a
little more time to investigate how to do this...
BUT...
I am running both these queries on my local development machine - not
on the web. So how does that explain why the dates are different -
nothing has gone outside of my laptop!
It's possible that the database instance itself is in a particular
culture.
--
Jon Skeet - <sk***@pobox.com> http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
pb wrote:
I am updating a database based and adding the time the entry was added
with the query below...
strQuery = "INSERT INTO Visits ( EmailAddress, [Password],
TimeCreated ) values ('" & emailaddress & "','" & password & "','" &
Now() & "')"
The TimeCreated field is specified as a date field.
How about making sure the dates/times are specified unambiguously in ISO
8601 format, like yyyy-MM-dd hh:mm:ss ?
Andrew This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Simon Brooke |
last post by:
I'm investigating a bug a customer has reported in our database
abstraction layer, and it's making me very unhappy.
Brief summary:
I have a database abstraction layer which is intended to...
|
by: Richard Hollenbeck |
last post by:
I'm trying to write some code that will convert any of the most popular
standard date formats twice in to something like "dd Mmm yyyy" (i.e. 08 Jan
1908) and compare the first with the second and...
|
by: Lyn |
last post by:
Hi,
I am developing a project in which I am checking for records with
overlapping start/end dates. Record dates must not overlap date of birth,
date of death, be in the future, and must not...
|
by: Assimalyst |
last post by:
Hi,
I have a working script that converts a dd/mm/yyyy text box date entry
to yyyy/mm/dd and compares it to the current date, giving an error
through an asp.net custom validator, it is as...
|
by: andreas |
last post by:
When I copy a vb.net project using date formats from one PC with a windows
date format f.e. dd/mm/yyyy to another PC having a format yy/mm/dd then I
get errors.
How can I change for a while in the...
|
by: NH |
last post by:
I want to allow users to enter dates in a text box in either the US "MM dd
yy" format or the UK "dd MM yy" format.
But how can I validate these dates? All the date functions e.g. ISdate,...
|
by: bruce.dodds |
last post by:
Access seems to be handling a date string conversion inconsistently in
an append query.
The query converts a YYYYMM string into a date, using the following
function:
CDate(Right(,2) & "/1/" &...
|
by: fniles |
last post by:
On my machine in the office I change the computer setting to English (UK) so
the date format is dd/mm/yyyy instead of mm/dd/yyyy for US.
This problem happens in either Access or SQL Server.
In the...
|
by: ollyb303 |
last post by:
Hello,
I am using a dynamic crosstab report to track performance statistics for my company and I have hit a problem.
I would like the option to track stats daily (for the last 7 complete...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |