1

On inserting the date via asp.net to SQL Server 2008 an error is happening.

Insert statement

Insert into comment(CommentFrom, CommentTo, Comment, Cmntonscrap, Cmnttime) 
Values('" + Session["UserName"] + "','" + email.Text.ToString() + "','"  + 
       txt.Text.ToString().Trim() + "','" + cscrap.Text.ToString().Trim()  + 
       "','" + DateTime.Now.ToString().Trim() + "')";

Error:

string or binary data would be truncated,Statement is terminating

Improve this question
2
  • 5
    Have you heard about SQL injection attacks?!?!? - you should never concatenate together a SQL statement like this! Use parametrized queries instead - always! Commented Aug 26, 2012 at 11:35
  • 1
    I agree with @marc_s, it's a very bad idea Commented Aug 26, 2012 at 12:02

3 Answers 3

Reset to default
3

Your problem is not with the date.
Its with the string data being too large for a column(probably a varchar), that you are trying to insert the data into.

I would check the length of your Comment and txt.Text and see that the data can be inserted.

Use a sql type datetime for your DateTime. Storing dates in a text column is inviting a lot of trouble.

  • It takes more storage space.
  • Searching through that data will be really difficult.
  • You will never be able to change timezones.
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Ya its varchar but previously it was inserting just now in other table it is creating problem
The size of the data you are inserting will not be the same. Use a column type Text or nvarchar(MAX) for data like this. If you are placing a limit, use the TextBox MaxLength property to ensure you do not allow too large data to be inserted.
YAa but it just creating the poblem with date on excluding date it is running
Edited my answer. Never stores dates in text.
now erro genratin is Conversion failed when converting date and/or time from character string.
|
1

It means that the data type of the field you have given for the date column or any other column(assuming varchar()) in your database table is less than the size your trying to insert. Increase the size you have assigned

Improve this answer

6 Comments

@jeneous How much size have you allocated for the column declared varchar()?
"20" for date but the same size is declared in other tables and they are not creating any problem
Are you sure in both the tables the data type, size specified are same?
I tried it now. The time and date are saved properly in the table, with the column as varchar(20). So I guess your problem is not with the date column, its some other column. Try increasing all other columns with varchar() with more amount of size
Recreate your table. And also does the error specifically points to date and time attribute? I think its not!
|
1

Concatinate an sql statement is a bad approch (Security problem), your database will be an easy target of the Sql injections.

I suggest you use a stored procedure to add the or modify the data you want, and use SqlParameters to send the inputs from the user interfaces.

May help : How to create stored procedure

Here's a code example to show you how to call the stored procedure with parameters using C#

//The method that call the stored procedure
public void AddComment()
{
    using(var connection = new SqlConnection("ConnectionString"))
    {
        connection.Open();
        using(var cmd = new SqlCommand("storedProcedure_Name", connection) { CommandType = CommandType.StoredProcedure })
        {
            cmd.Parameters.AddWithValue("@CommentFrom", commandFrom);
            cmd.Parameters.AddWithValue("@CommentTo", commentTo);
            //...And  so on

            cmd.ExecuteNonQuery();
        }
    }
}

A example on how to create a stored procedure

CREATE PROCEDURE storedProcedure_Name
    -- Add the parameters for the stored procedure here
    @CommentFrom nvarchar(255) = NULL,
    @CommentTo nvarchar(255) = NULL
AS
BEGIN
    -- SET NOCOUNT ON added to prevent extra result sets from
    -- interfering with SELECT statements.
    SET NOCOUNT ON;

    -- Insert statements for procedure here
    INSERT INTO Comments (CommentFrom, CommentTo) VALUES(@CommentFrom, @CommentTo)
END
GO
Improve this answer

4 Comments

While this is good info. It doesnt address the question in anyway.
it snot the answer of my question
You're welcome, in case you continue to use your approch, I suggest tou use String.Format() so the code will be ... well formated. Good luck
Check of typing mistakes. It is SqlCommand and not SqlCommane

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.