Tim,
Agree with Stephany & Kevin.
You have a 2 stage problem:
1 - Get a valid correct date from user input text
2 - Pass date to DB.
Don't combine the 2 and pass the input string direct to the DB - bad
coding and lays you open to attack.
The first is culture specific but I don't find this reliable (an
English user on a French client talking to a server in the US??). I
prefer to keep control over date formats by using a UserProfile or
being clear. I accept this may not be an option in public
applications (as opposed to identified users). If you use a
prescribed date format use a Validator to check the format and save a
server round trip.
The second should not be an issue if you use parameters. If you don't
use parameters then use an unambigous format.
SqlCommand.Text = "SELECT ... FROM ... WHERE ( START_DATE = '" +
myDate.ToString("yyyy/MM/dd") + "')"
- but its better to use parameters
Charles
"Tim Marsden" <TM@UK.COM> wrote in message
news:Or**************@TK2MSFTNGP11.phx.gbl...
Hello,
I am building a parameterised query in vb.net for execution against
a SQL server database.
I am using a OLEDB command and OLEDB parameters. If one of the
parameters is a date I sometimes experience a problem in the interpretation of the
format. I populate the parameter value from a user input text box. I am in
the UK so the use inputs in the format dd/mm/yy. I know SQL user the US format
of mm/dd/yy.
Is there any simple way of telling the query or the the connection
or anything, the data format I am using is dd/mm/yy.
I could convert the date to mm/dd/yy before setting the parameter
value, but the same logic is used for all data types.
Regards Tim.
