Problem with inserting date value into MSSQL

Discussion in 'ASP General' started by Igal, Nov 19, 2006.

  1. Igal

    Igal Guest

    I'm trying to insert a date value into MSSQL, the type of the sql filed
    is: "smalldatetime"
    and i'm trying to insert a text Variable that looks like this:
    "19/02/2006".

    .... SET update_date='" & Update_Date & "' ...

    i get the message:

    The conversion of char data type to smalldatetime data type resulted in
    an out-of-range smalldatetime value
     
    Igal, Nov 19, 2006
    #1
    1. Advertising

  2. Igal wrote:
    > I'm trying to insert a date value into MSSQL, the type of the sql
    > filed is: "smalldatetime"
    > and i'm trying to insert a text Variable that looks like this:
    > "19/02/2006".
    >
    > ... SET update_date='" & Update_Date & "' ...
    >
    > i get the message:
    >
    > The conversion of char data type to smalldatetime data type resulted
    > in an out-of-range smalldatetime value


    Always use a universally standard format for supplying dates to a database.
    The ISO standard, YYYYMMDD works very well. Here are a couple articles about
    handling dates:
    http://www.aspfaq.com/show.asp?id=2313
    http://www.aspfaq.com/show.asp?id=2040
    http://www.aspfaq.com/show.asp?id=2260


    Further points to consider:
    Your use of dynamic sql is leaving you vulnerable to hackers using sql
    injection:
    http://mvp.unixwiz.net/techtips/sql-injection.html
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23

    See here for a better, more secure way to execute your queries by using
    parameter markers:
    http://groups-beta.google.com/group/microsoft.public.inetserver.asp.db/msg/72e36562fee7804e

    Personally, I prefer using stored procedures.
    http://groups.google.com/group/microsoft.public.inetserver.asp.general/msg/5d3c9d4409dc1701?hl=en&

    --
    Microsoft MVP - ASP/ASP.NET
    Please reply to the newsgroup. This email account is my spam trap so I
    don't check it very often. If you must reply off-line, then remove the
    "NO SPAM"
     
    Bob Barrows [MVP], Nov 19, 2006
    #2
    1. Advertising

  3. Igal

    Igal Guest

    in the end i used a functions that converts the date to SQL format
    (YYYY/MM/DD)
    and that worked fine.
    but for this application nothing much u can do, it's very old code, and
    i'm trying some how to polish, i'm php programmer, not asp actually :)
    will prolly write a new one in time for the whole system.

    this article is very interesting and helpful. thanks for the
    information.
    > http://mvp.unixwiz.net/techtips/sql-injection.html
     
    Igal, Nov 20, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Kristian
    Replies:
    0
    Views:
    553
    Kristian
    Nov 13, 2003
  2. Chris Bond
    Replies:
    0
    Views:
    392
    Chris Bond
    Apr 23, 2004
  3. Peter Grison

    Date, date date date....

    Peter Grison, May 28, 2004, in forum: Java
    Replies:
    10
    Views:
    3,361
    Michael Borgwardt
    May 30, 2004
  4. =?Utf-8?B?U3Jpbmk=?=

    Inserting into DB table with date from Generic List

    =?Utf-8?B?U3Jpbmk=?=, Nov 7, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    395
    =?Utf-8?B?U3Jpbmk=?=
    Nov 7, 2006
  5. moonhk
    Replies:
    5
    Views:
    572
    moonhk
    Oct 11, 2006
Loading...

Share This Page