i have a class that takes search input and uses it to query a database table.
however when i press the button and call the class, i see that it shows that there is nothing in the input box ,and just shows me my messageBox message which says invalid search input(catering for nothing entered).
how can i make the class to read whats in the form search text box at the right time so that it can process further information to go on with its fucntion.
here is code for the class:
public static string s;
public static updateEmployeeForm uF = new updateEmployeeForm();
public static void selectAndDisplay()
{
if ((uF.textID.Text.Length==0))
{
MessageBox.Show("Enter valid input to search by");
}
else
{
try
{
if (uF.textID.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE id =" + int.Parse(uF.textID.Text);//declare variable called column that will contain a table column name set to be updated.
uF.colName = "id";
uF.updatingVar = uF.textID.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE id= '" + uF.updatingVar + "';";
}
else if (uF.idNumSearchTxtBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE id_num ='" + uF.idNumSearchTxtBox.Text + "';";
uF.colName = "id_num";
uF.updatingVar = uF.idNumSearchTxtBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE id_num= '" + uF.updatingVar + "';";
}
else if (uF.nameSearchTextBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE name ='" + uF.nameSearchTextBox.Text + "';";
uF.colName = "name";
uF.updatingVar = uF.nameSearchTextBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE name= '" + uF.updatingVar + "';";
}
else if (uF.surnameSearchTextBox.Text.Length > 0)
{
s = "select * FROM mydb.employees WHERE surname ='" + uF.surnameSearchTextBox.Text + "';";
uF.colName = "surname";
uF.updatingVar = uF.surnameSearchTextBox.Text;
uF.query4 = "Update mydb.employees SET name ='" + uF.nameTextBoxU.Text + "', surname='" + uF.surnameTextBoxU.Text + "', dept='" + uF.deptTextBoxU.Text + "', cost_center='" + uF.costCeTextBoxU.Text + "' ,address = '" + uF.addressTextBoxU.Text + "', dob= '" + uF.dobTextBoxU.Text + "', tel1= '" + uF.tel1TextBoxU.Text + "', tel2= '" + uF.tel2TextBoxU.Text + "' ,tel3= '" + uF.tel3TextBoxU.Text + "', email= '" + uF.emailTextBoxU.Text + "', commission= '" + uF.commTextBoxU.Text + "', total_commission= '" + uF.totalCommTextBoxU.Text + "', sick_leave= '" + uF.sickLTextBoxU.Text + "', annual_leave= '" + uF.annualLTextBoxU.Text + "', family_leave= '" + uF.familyLTextBoxU.Text + "', other_leave= '" + uF.otherLTextBoxU.Text + "',client_care_access='" + uF.clientCareChBox.Checked + "', sale_system_access='" + uF.StaffSystChBox.Checked + "', sale_system_access ='" + uF.SalesSystChBox.Checked + "', uploads_access='" + uF.UploadsChBox.Checked + "' WHERE surname= '" + uF.updatingVar + "';";
}
and here code for its call in the form im calling it with:
private void btnSearch_Click(object sender, EventArgs e)
{
updatingDatareadingClass.selectAndDisplay();
}
You are creating a new instance of the form and not using the original (Where the input value will be stored).
You could use the original textbox value textID.Text or ensure that your uF form is showing by doing:
uf.Show(); // This will then allow you to use `uF.textID.Text` correctly.
Also you should read up on SQL Injection as your form is injectable, for instance a user could enter their name as test or 1 = 1 which would allow then access to your application or even worse, DROP TABLE mydb.employees; which would delete your entire employees table.
Related
my command Text criteria must find the User ID and the date. the User ID works fine but not with Date criteria
the database will have multiple lines with the user id but the dates will be different
here is my code....
// UPDATE
var workingDate = dateTimePicker2.Value.ToString("yyyy/MM/dd").Trim();
OleDbCommand cmd15 = new OleDbCommand();
cmd15.Connection = connect;
cmd15.CommandText = "UPDATE WorkTable SET Actual_HoursWe1='" + Actual_HoursWe + "', Paid_HoursWE1='" + Paid_HoursWE + "', NSWE1='" + NSWE + "', OT1WE1='" + OT1WE + "', OT_21='" + OT1WE + "', PBWE1='" + PBWE + "', Actual_HoursTH1='" + Actual_HoursTH + "', Paid_HoursTH1='" + Paid_HoursTH + "', NSTH1='" + NSTH + "', OT1TH1='" + OT1TH + "', OT2TH1='" + OT2TH + "', PBTH1='" + PBTH + "', Actual_HoursFR1='" + Actual_HoursFR + "', Paid_HoursFr1='" + Paid_HoursFr + "', NSFR1='" + NSFR + "', OT2FR1='" + OT2FR + "', OT1FR1='" + OT1FR + "', PBFR1='" + PBFR + "', Actual_HoursSA1 ='" + Actual_HoursSA + "', Paid_HoursSA1='" + Paid_HoursSA + "', NSSA1='" + NSSA + "', OT1SA1='" + OT1SA + "', OT2SA1='" + OT2SA + "', PBSA1='" + PBSA + "', Actual_HoursSU1='" + Actual_HoursSU + "', OT2SU1='" + OT2SU + "', PBSU1='" + PBSU + "', Actual_HoursMO1='" + Actual_HoursMO + "', Paid_HoursMO1='" + Paid_HoursMO + "', NSMO1='" + NSMO + "', OT1MO1='" + OT1MO + "', OT2MO1='" + OT2MO + "', PBMO1='" + PBMO + "', Actual_HoursTU1='" + Actual_HoursTU + "', Paid_HourseU1='" + Paid_HourseU + "', NSTU1='" + NSTU + "', OT1TU1='" + OT1TU + "', OT2TU1='" + OT2TU + "', PBTU1='" + PBTU + "', Paid_Hrs1='" + Paid_Hrs + "', TotalOT151='" + TotalOT15 + "', TotalOT21='" + TotalOT2 + "', TotalNS1='" + TotalNS + "', TotalPB1='" + TotalPB + "' WHERE User_ID ='" + User_ID + "' AND DateWE =" + workingDate ;
cmd15.ExecuteNonQuery();
}
connect.Close();
}
it gives me an error on the end of the criteria
What is the correct syntax to use if I have a lot of data (100000+ rows) and I don't want to duplicate data when I add more data into the table?
This is how my insert data button looks like:
private void button8_Click(object sender, EventArgs e)
{
string constring = #"DELETED FOR SECURITY REASONS";
using (SqlConnection con = new SqlConnection(constring))
{
for (int i = 0; i < dgvEmployees.Rows.Count - 1; i++)
{
var str = #"INSERT INTO USERSTable VALUES ('" +
dgvEmployees.Rows[i].Cells["Issuer"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Customer"].Value + "'," +
dgvEmployees.Rows[i].Cells["Card"].Value + ",'" +
dgvEmployees.Rows[i].Cells["License plate No"].Value +
dgvEmployees.Rows[i].Cells["Transactiondate"].Value + "', '" + dgvEmployees.Rows[i].Cells["Product description (com.)"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Quantity"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Gross CC"].Value + "', '" +
dgvEmployees.Rows[i].Cells["VAT1"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Voucher"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Mileage"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Additional info"].Value + "', '" + dgvEmployees.Rows[i].Cells["Supply country"].Value + "', '" + dgvEmployees.Rows[i].Cells["Site Town"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Product DEL"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Unitprice"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Amount"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Discount"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Surcharge"].Value + "', '" +
dgvEmployees.Rows[i].Cells["VAT"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Suppliercurrency"].Value + "', '" + dgvEmployees.Rows[i].Cells["Invoice No"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Invoice date"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Invoiced?"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Vat2010"].Value + "', '" +
dgvEmployees.Rows[i].Cells["State"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Supplier"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Cost 1"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Cost 2"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Reference No"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Recordtype"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Amount other"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Is listprice ?"].Value + "', '" + dgvEmployees.Rows[i].Cells["Date to"].Value + "', '" +
dgvEmployees.Rows[i].Cells["Final Trx."].Value + "', '" +
dgvEmployees.Rows[i].Cells["LPI"].Value + "', '" + "');";
try
{
using (SqlCommand com = new SqlCommand(str, con))
{
con.Open();
com.ExecuteNonQuery();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message, "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
con.Close();
}
MessageBox.Show("Records uploaded.");
}
}
Any help will be appreciated...
Thank you...
If you choise to solve it on database side, just add unique constraint to a unique row as apomene mentioned in his comment.
For software side there are too much solutions like using DataTable.GetChanges to get added and edited rows or (if you just let users to add rows not edit) you can keep the old row count then use it in your for statement like:
for (int i = oldRowsCount-1; i < dgvEmployees.Rows.Count - 1; i++)
EDIT: For security reasons (and also it's easier) I strongly reccomend you not to use String.Format method for your queries, use SqlParameterCollection.AddWithValue.
Edit2: Thanks for commenting Patrick i missed "not" word.
Hi guys I have this problem in my string query in inserting data in c#. I know that my query is correct, because when I type some random words it saves. But when I typed the correct data in textbox it keeps getting error in the syntax. and my codes below
try
{
string connStr = "server = 127.0.0.1; uid = root; " + "pwd =; database = scco";
string Query = " insert into scco.m_information (accno,tom,sname,gname,mname,gender,cno,father,mother,bday,age,email,educattain,cstatus,preadd,proadd,yres,residency,toj,comname,comadd,ccno,mincome,oincome,moincome,daccepted,ICS,BOD,DOP,NOS,AOS,YA,spname,spdad,spmom,stoj,scname,scadd,sccno,smi,nc1,stat1,kind1,inc1,allow1,nc2,stat2,kind2,inc2,allow2,nc3,stat3,kind3,inc3,allow3,nc4,stat4,kind4,inc4,allow4,nc5,stat5,kind5,inc5,allow5,nc6,stat6,kind6,inc6,allow6,befname,befrel,refname,refcno) values ('" + this.txtID.Text + "','" + tom + "', '" + this.txtSname.Text + "', '" + this.txtGname.Text + "', '" + this.txtMname.Text + "', '" + gender + "', '" + this.txtCno.Text + "', '" + this.txtDad.Text + "', '" + this.txtMom.Text + "', '" + this.dBirth.Text + "', '" + this.txtAge.Text + "', '" + this.txtEmail.Text + "', '" + this.cmbEducAttain.Text + "', '" + cstatus + "', '" + this.rtbPreAdd.Text + "', '" + this.rtbProAdd.Text + "', '" + this.txtYRes.Text + "', '" + residency + "','" + toj + "', '" + this.rtbComp.Text + "', '" + this.rtbCadd.Text + "', '" + this.txtCCno.Text + "', '" + this.txtMincome.Text + "', '" + this.txtOSincome.Text + "', '" + this.txtIncome.Text + "','" + this.dAccepted.Text + "', '" + this.txtIcs.Text + "', '" + this.txtBod.Text + "', '" + this.txtdop.Text + "', '" + this.txtnos.Text + "', '" + this.txtaos.Text + "', '" + this.txtya.Text + "','" + this.txtSpName.Text + "', '" + this.txtSFname.Text + "', '" + this.txtSMname.Text + "', '" + stoj + "', '" + this.rtbpscomname.Text + "', '" + this.rtbspcomadd.Text + "', '" + this.txtspccno.Text + "', '" + this.txtspminc.Text + "', '" + this.txtChild1.Text + "', '" + this.cmbCStatus1.Text + "', '" + this.cmbKind1.Text + "', '" + this.txtA1.Text + "', '" + this.txtI1.Text + "', '" + this.txtChild2.Text + "', '" + this.cmbCStatus2.Text + "', '" + this.cmbKind2.Text + "', '" + this.txtA2.Text + "', '" + this.txtI2.Text + "', '" + this.txtChild3.Text + "', '" + this.cmbCStatus3.Text + "', '" + this.cmbKind3.Text + "', '" + this.txtA3.Text + "', '" + this.txtI3.Text + "', '" + this.txtChild4.Text + "', '" + this.cmbCStatus4.Text + "', '" + this.cmbKind4.Text + "', '" + this.txtA4.Text + "', '" + this.txtI4.Text + "', '" + this.txtChild5.Text + "', '" + this.cmbCStatus5.Text + "', '" + this.cmbKind5.Text + "', '" + this.txtA5.Text + "', '" + this.txtI5.Text + "', '" + this.txtChild6.Text + "', '" + this.cmbCStatus6.Text + "', '" + this.cmbKind6.Text + "', '" + this.txtA6.Text + "', '" + this.txtI6.Text + "','" + this.rtbBefName.Text + "','" + this.rtbBefRel.Text + "','" + this.rtbRefName.Text + "','" + this.rtbRefCno.Text + "');";
MySqlConnection conn = new MySqlConnection(connStr);
MySqlCommand MyCommand = new MySqlCommand(Query, conn);
MySqlDataReader MyReader;
conn.Open();
MyReader = MyCommand.ExecuteReader();
while (MyReader.Read())
{
}
conn.Close();
See this picture below.
Here's the output
To me it looks like something in your data has an apostrophe in it, so when it is being appended to your query string it is thinking that it is a SQL single quote. You will have to escape or translate the apostrophe first.
Use parameters to avoid SQL injection. Read below or the awesome comic above!
Good luck!
https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters(v=vs.110).aspx
add MyReader.Close() above conn.Close().
why i'm getting this error Must declare the scalar variable "#param2". for my code
string query = "INSERT INTO cdr_info VALUES(#param2,'" + Values[1] + "' , '" + Values[2] + "', '" + Values[3] + "', '" + Values[5] + "', '" + Values[7] + "', '" + Values[8] + "', '" + Values[9] + "'," + " '" + Values[10] + "', '" + Values[12] + "', '" + Values[13] + "', '" + Values[14] + "', '" + Values[17] + "', '" + Values[21] + "', '" + Values[23] + "', '" + Values[24] + "', '" + Values[25] + "','" + Values[26] + "', '" + Values[27] + "', '" + Values[28] + "', '" + Values[29] + "', " + " '" + Values[30] + "', '" + Values[31] + "', '" + Values[32] + "', '" + Values[34] + "'," + "'" + Values[35] + "', '" + Values[37] + "', '" + Values[38] + "','" + Values[39] + "', '" + Values[40] + "', '" + Values[41] + "','" + Values[45] + "', '" + Values[46] + "', '" + Values[47] + "', '" + Values[48] + "'," + " '" + Values[52] + "', '" + Values[53] + "', '" + Values[55] + "', '" + Values[59] + "', '" + Values[64] + "'," + "'" + Values[71] + "', '" + Values[75] + "', '" + Values[85] + "', '" + Values[93] + "', '" + Values[94] + "', '" + Values[95] + "', '" + Values[96] + "', '" + Values[97] + "', '" + Values[98] + "', '" + Values[105] + "', '" + Values[106] + "')";
cmd.Parameters.AddWithValue("#param2",Values[0]);
cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
Because you reassign the command after you added the parameter to it.
Try putting the instructions in this order:
cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("#param2",Values[0]);
Not perfect but to give you a good idea...
var sqlString = new StringBuilder();
sqlString.Append("INSERT INTO cdr_info VALUES(#param2,'");
sqlString.Append("Values[1] + "' , '" + Values[2] + "', '" + Values[3] + "', '" + Values[5] + "', '" + Values[7] + "', '" + Values[8] + "', '" + Values[9] + "',");
sqlString.Append("" '" + Values[10] + "', '" + Values[12] + "', '" + Values[13] + "', '" + Values[14] + "', '" + Values[17] + "', '" + Values[21] + "', '" + Values[23] + "', '"");
sqlString.Append("Values[24] + "', '" + Values[25] + "','" + Values[26] + "', '" + Values[27] + "', '" + Values[28] + "', '"");
sqlString.Append("Values[29] + "', " + " '" + Values[30] + "', '" + Values[31] + "', '" + Values[32] + "', '" + Values[34] + "'," + "'" + Values[35]");
sqlString.Append("Values[35] + "', '" + Values[37] + "', '" + Values[38] + "','" + Values[39] + "', '" + Values[40] + "', '" + Values[41] + "','" + Values[45] + "', '" + Values[46] + "', '" + Values[47] + "', '" + Values[48] + "'," + " '" + Values[52]);
sqlString.Append(""', '" + Values[53] + "', '" + Values[55] + "', '" + Values[59] + "', '" + Values[64]")
sqlString.Append("'," + "'" + Values[71] + "', '" + Values[75] + "', '" + Values[85] + "', '" + Values[93] + "', '" + Values[94] + "', '" + Values[95] + "', '" + Values[96])
sqlString.Append(""', '" + Values[97] + "', '" + Values[98] + "', '" + Values[105] + "', '" + Values[106] + "')""");
cmd = new SqlCommand(sqlString , con);
cmd.Parameters.AddWithValue("#param2",Values[0]);
cmd.ExecuteNonQuery()
Honestly though I find it hard to believe theres not a better way to do this.
PS- Whats all the white spaces for?
"Values[29] + "', " + " '" + Values[30]
This question already has answers here:
Why is SQL Server losing a millisecond?
(6 answers)
Closed 9 years ago.
i m using C# 4.0 and SQL server 2008 R2
i have a C# script like this:
string sSql = "";
foreach (var oItem in LeListVoit_End)
{
//insert into Lettrvoit
if (sSql != "") sSql += " UNION ALL ";
sSql += "SELECT '" + oItem.IdLettre + "', '" + oItem.FaClient +"', '" + oItem.Date_Cloture + "', '" + oItem.CodeDest + "', '" + oItem.ModalMode + "', '" + oItem.LibPort + "', '" + oItem.LibExpr + "', '" + oItem.LibUnite + "', '" + oItem.EnlvUnite + "', '" + oItem.NbrColis + "', '" + oItem.Poids.ToString().Replace(',', '.') + "', '" + oItem.LeCR.ToString().Replace(',', '.') + "', '" + oItem.LeVD.ToString().Replace(',', '.') + "', '" + oItem.CodeClient + "', '"
+ oItem.RsNom_Exp.Replace("'", " ") + "', '" + oItem.Addr_Exp.Replace("'", " ") + "', '" + oItem.CP_Exp + "', '" + oItem.Ville_Exp.Replace("'", " ") + "', '" + oItem.Tel_Exp + "', '" + oItem.Fax_Exp + "', '"
+ oItem.RsNom_Dest.Replace("'", " ") + "', '" + oItem.Addr_Dest.Replace("'", " ") + "', '" + oItem.CP_Dest + "', '" + oItem.Ville_Dest.Replace("'", " ") + "', '" + oItem.Tel_Dest + "', '" + oItem.Fax_Dest + "', '" + oItem.InseeDest + "', '"
+ Is_Print + "', '" + CHAUFFEUR + "', '" + oItem.Transporteur + "', '" + oItem.NoOrdreCumul + "', '" + oItem.CodeMag + "', '" + oItem.Facturation + "', '" + oItem.IsLiv_sign + "', '" + oItem.IsLiv_Samedi + "', '" + oItem.Observ + "', '" + oItem.LeAgence + "', '" + oItem.LibTourne + "', '" + oItem.Date_Clot_Reel + "'";
}
string sqlComm_Insert = "INSERT INTO LETTRE_VOIT_FINAL ([NOID],FA_CLIENT, [DATE_CLOTURE], [CODE_DEST] ,[MODAL_MODE], [LIBELLE_PORT] ,[LIBELLE_EXPR], [LIBELLE_UNITE],ENLEV_UNITE, [NBR_COLIS], [POID], [ENLEV_CREMB], [ENLEV_DECL], CODE_CLIENT, [RS_NOM_EXP] ,[ADDR_EXP] ,[CP_EXP] ,[VILLE_EXP] ,[TEL_EXP] ,[FAX_EXP],[RS_NOM_DEST] ,[ADDR_DEST] ,[CP_DEST] ,[VILLE_DEST] ,[TEL_DEST] ,[FAX_DEST],INSEE_DEST, IS_PRINT, CHAUFFEUR, TRANSPORTEUR, NO_ORDRE_CUMMUL, CODE_MAG, FACTURATION, LIVRS_SIGN, LIVRS_SAMD, OBS, LIB_AGENCE, LIB_TOURNE, DATE_CLOTUR_REEL) " + sSql;
SqlCommand comm_Insert = new SqlCommand(sqlComm_Insert, connectionWrapper.conn);
comm_Insert.ExecuteScalar();
it works well but i miss the millesecond value of oItem.Date_Clot_Reel
when i debug it, i got '2013-03-19 16:02:18.807'
but after i run this sql i got '2013-03-19 16:02:18.000'
how can i mis the millisecond 807 ?
thanks you in advance
PS: maybe it works fine when i use
comm_Insert.Parameters.AddWithValue("#NDATE_CLOTURE_REEL", oItem.Date_Clot_Reel);
but when i use like this, i can not use sSql += " UNION ALL ";
http://msdn.microsoft.com/en-us/library/aa258277(v=sql.80).aspx
Pay attantion that datetime accuracy is one three-hundredth of a second (equivalent to 3.33 milliseconds or 0.00333 seconds)
Small date time accuracy is a minute
Check the datatype in SQL Server. To store datetime in miliseconds its required to take DateTime datatype instead of smalldatetime.