开发者

problem in inserting the value in the database

Hi i am developing the android application. I am using sql server 2008 R2 database to store the data and retrieve the data. Now when i am inserting the value in the database i am inserting 4 dates in the table.

Here is the query:

"INSERT Into Task_Master VALUES ('1'," +
                "" +userId+"," +use开发者_如何学CrId+ ",'N','" +Subject+ "'," +
                "'" + serverdate + "','" + StartDate+ "','" + serverdate + "'," +
                "'"+" "+"'," +
                "'" +" "+ "','0'," +groupId+ ",0,0,1,0,'1/1/1900','','N','" +cal.getTime()+ "','')" +
                " Select Scope_Identity()";

In that "Serverdate" , StartDate,Cal.getTime() all have data type Date. And in database i have used the datetime data type. But still it gives me Exception which says "java.sql.sqlexception:Conversion failed when converting date or/and time from character string ". Do help me if you know the answer. I searched in googlwe but haven't got the answer.


Ok, let's do this.

First, and most important of all, your code is vulnerable to SQL Injection. You should work on that and start using parameters.

Second, by the time you start using parameters, your error will most likely disappear (or reappear somewhere else, this time clearer on what's wrong). That's because, probably, the server "doesn't like" your stringly typed date format, so it fails.

Update

About parameterized queries in java, read here:

  • https://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java
  • http://www.codinghorror.com/blog/2005/04/give-me-parameterized-sql-or-give-me-death.html
  • http://download.oracle.com/javase/tutorial/jdbc/basics/prepared.html
  • http://www.javaworld.com/javaworld/jw-04-2007/jw-04-jdbc.html


I would guess there's a date format mismatch.

Try looking here: http://www.coderanch.com/t/385771/java/java/java-sql-Date-dd-mm

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜