Jeff,
It sounds like you are using String concatenation to build a Dynamic SQL
statement, where one of the "parameters" is a date.
As you found out this is not advisable for a number of reasons, including
but not limited to:
1: culture settings change, how one machine displays a date may be different
than another
2: quoting of string characters (How do you handle O'Brian as a parameter?)
3: SQL Injection attacks. If you use string concatenation to build an SQL
statement you are opening up a HUGE security risk in your app!
For information on SQL Injection attacks see:
http://msdn.microsoft.com/msdnmag/is...n/default.aspx
I would recommend you use a parameterized query instead, which eliminates
the above problems, and can also lead to faster code. For an example of a
parameterized query see "Avoid Dynamic SQL" in the above article.
Hope this helps
Jay
"jeff" <ir******@yahoo.com> wrote in message
news:uT**************@TK2MSFTNGP15.phx.gbl...
i have written a program with date format as m/d/yyyy
when i deploy it to client's machine, due to the client use d/m/yyyy
format
the Select SQL statement return some record wrongly.
how can i fix this problem ? set the user's locale / date format when
program launch and reset it during exit ?
Pls let me know your way to solve it.
many thanks