0

I need to update a date field in a table that's of type DATE with data from DateTimePicker control

I changed the format of the control as updated the table as shown below

dtp1.Format = DateTimePickerFormat.Custom
    dtp1.CustomFormat = "yyy-MM-dd"

query = "INSERT INTO student_attendance_table(regno,date,year,batch) VALUES('1138M0343', " & dtp1.Text & ",  " & year & ",  " & batch & ")"
        con.Open()
        cmd = New SqlCommand(query, con)
        cmd.ExecuteNonQuery()
        con.Close()

But the table is not getting updated. Instead showing the following error

Operand type clash: int is incompatible with date

Improve this question
5
  • Please use sql parameters to prevent sql injection. Commented Jul 23, 2013 at 15:29
  • 1
    Can you explain more on what you just said. I can't understand Commented Jul 23, 2013 at 15:31
  • Maybe try dtp1.Value instead of dtp1.Text? Commented Jul 23, 2013 at 15:36
  • 1
    SQL Injection alert - you should not concatenate together your SQL statements - use parametrized queries instead to avoid SQL injection Commented Jul 23, 2013 at 15:42
  • Is this line correct? dtp1.CustomFormat = "yyy-MM-dd" Commented Jul 24, 2013 at 12:48

1 Answer 1

Reset to default
1

I found the solution 

' " & dtp1.Text & " '

Forgot to put the single quotation

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is what marc_s, and Brad M were talking about. You where concatenating your SQL statement together when you did not have the single quotations. That left your statement vulnerable to SQL injection.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.