Problem about date...

  • Thread starter Thread starter budi_s_ch
  • Start date Start date
B

budi_s_ch

strSQL = "INSERT INTO TrCS VALUES (" & _
Val(TxtTrId.Text) & ",'" & _

DtpTrDate.Value.ToShortDateString & "','"
& _

TxtCallerName.Text & "','" & _
CboProblem.Text & "','" & _
CboCauses.Text & "','" & _
TxtSolution.Text & "','Solve')"

Hi... This statement is wrong, how to solve it ???
Any one help please?
 
budi_s_ch said:
strSQL = "INSERT INTO TrCS VALUES (" & _
Val(TxtTrId.Text) & ",'" & _

DtpTrDate.Value.ToShortDateString & "','"
& _

TxtCallerName.Text & "','" & _
CboProblem.Text & "','" & _
CboCauses.Text & "','" & _
TxtSolution.Text & "','Solve')"

Hi... This statement is wrong, how to solve it ???
Any one help please?
Click to expand...

You shouldn't put the values into the SQL string directly. You leave
yourself open to quoting problems, SQL injection attacks, and the
formatting problem you're currently running into.

Instead, use parameters.

See http://www.pobox.com/~skeet/csharp/faq/#db.parameters for more
information.
 
Back
Top