Setting of nls_date_format: MM/DD/YY
Setting format of DateTimePicker: DateTimePickerFormat.Custom
As I know, date format is just used to display the date information, doesnot affect to storage of it in database.
However, I cannot insert date into table with below query statements
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value + "')" 'Insert directly Date value from DateTimePicker
and
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value.ToString("dd/MM/yyyy") + "')" 'Insert string value with format dd/MM/yyyy
But can insert date into table with below queries
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "','" + dtpBirthday.Value.ToString("dd-MMM-yyyy") + "')" 'Insert string value with format dd-MMM-yyyy
and
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval,'" + txtUserID.Text.Trim() + "','" + txtUserName.Text.Trim() + "','" + txtPassword.Text.Trim + "',TO_DATE('" + dtpBirthday.Value.ToString("dd-MMM-yy") + "'))" 'Insert date value using TO_DATE function
Is there any differences between above statements that make the query work?
You should use none of your statements, use parameters and bind variables.
query = "INSERT INTO tuser (objectID, userID, userName, password, birthday) values (urObjID.nextval, :userID, :userName, :password, :birthday)"
cmd.CommandText = query
cmd.Parameters.Add("userID", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtUserID.Text.Trim()
cmd.Parameters.Add("userName", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtUserName.Text.Trim()
cmd.Parameters.Add("password", OracleDbType.Varchar2, ParameterDirection.Input).Value = txtPassword.Text.Trim
cmd.Parameters.Add("birthday", OracleDbType.Date, ParameterDirection.Input).Value = dtpBirthday.Value
Related
I use below query in my jsp page. but I'm not sure Is it true to use this query in jsp page.
int i = st.executeUpdate("'BEGIN TRANSACTION DECLARE #id [int] SELECT #id = SCOPE_IDENTITY() INSERT INTO Viewer(Reserve_ID, F_Name, L_Name, Competition_ID, City, Phone, [E-mail]) VALUES (#id, '" + fname + "','" + lname + "','" + 30 + "','" + city + "','" + phone + "','" + email + "' ) INSERT INTO Reservation_Inf(Reservation_Date, Competition_ID, NumberOfTicket, Position_ID) VALUES ('" + dNow + "','" + 30 + "','" + 1 + "','" + 8 + "' ) COMMIT TRANSACTION '" );
if (i > 0) {
response.sendRedirect("Success.jsp");
} else {
response.sendRedirect("Fail.jsp");
}
It gives this error :
Incorrect syntax near 'BEGIN TRANSACTION DECLARE #id [int] SELECT #id = SCOPE_IDENTITY() INSERT INTO Viewer(Reserve_ID, F_Name, L_Name, Competition_ID,'.
I want to update/assign a user an empID in Users table. My Update below update all rows/users with the empID and not just the selected user(cbArea.Text).
string update = "Update Users set First= '" + this.txtFirst.Text + "', empID =(SELECT DISTINCT ID from Employer where area= '" + this.cbArea.Text + "') WHERE First= '" + this.txtFirst.Text + "'" ;
First= '" + this.txtFirst.Text already in WHERE clause. When removed from set it works fine.
When adding rows to a table I am getting Error: column does not exist and I am not sure why. I know the table does and it is fairly straight forward. Here is what I have to add and here is what the table looks like. Any help would be great and let me know if you have any questions. Thanks!
Whatever value I have in emailField it is giving me the error that emailfield column does not exist
final String addemployee = "insert into employee values ('" + name_field.getText() + "', '" + usersSuper.getText() + "', '" + true + "' , md5('" + passwordField.getText() + "') , " + emailField.getText() + ");";
Here is the table
CREATE TABLE employee
(
name text NOT NULL,
manageremail text,
isadmin boolean NOT NULL,
userpassword text NOT NULL,
email text NOT NULL,
CONSTRAINT "user_Email" PRIMARY KEY (email)
)
Try
final String addemployee = "insert into employee values ('" + name_field.getText() + "', '" + usersSuper.getText() + "', '" + true + "' , md5('" + passwordField.getText() + "') , '" + emailField.getText() + "');";
You've missed quotes around emailField.getText()? it should be '" + emailField.getText() + "'
I have a form that users can use to edit data in my database. The database is structured like this:
If a user wants to edit both a FAVE_COLOR and a FAVE_FOOD, how would I go about doing that in my SQL statement? I can think of this, but is there a way to do this in one statement?
string sql1 = "UPDATE MYTABLE " +
"SET PROP_VALUE = '" + form["color"] + "' " +
"WHERE ID = " + form["id"] + " " +
"AND PROP_NAME = 'FAVE_COLOR'"
string sql2 = "UPDATE MYTABLE " +
"SET PROP_VALUE = '" + form["food"] + "' " +
"WHERE ID = " + form["id"] + " " +
"AND PROP_NAME = 'FAVE_FOOD'"
string sql = "UPDATE MYTABLE " +
"SET PROP_VALUE = CASE " +
"WHEN PROP_NAME = 'FAVE_COLOR' THEN '" + form["color"] + "' " +
"WHEN PROP_NAME = 'FAVE_FOOD' THEN '" + form["food"] + "' " +
"END " +
"WHERE ID = " + form["id"] + " " +
"AND PROP_NAME IN ('FAVE_COLOR', 'FAVE_FOOD')"
But beware of SQL injection! You really should be using prepared statements, into which you pass your variables as parameters that do not get evaluated for SQL. If you don't know what I'm talking about, or how to fix it, read the story of Bobby Tables.
You can use case statements:
UPDATE MYTABLE
SET PROP_VALUE = (
CASE favefood
WHEN PROP_NAME = 'FAVE_FOOD'
THEN 'PIZZA'
CASE favecolor
WHEN PROP_NAME = 'FAVE_COLOR'
THEN 'BLUE'
WHERE ID = #myIdValue
For MS SQL Server you can use an UPDATE FROM which will update two properties at the same time, like this:
CREATE TABLE MYTABLE (
ID INT,
PROP_NAME VARCHAR(20),
PROP_VALUE VARCHAR(20));
go
INSERT INTO MYTABLE VALUES (1, 'A','B')
go
INSERT INTO MYTABLE VALUES (1, 'C', 'D')
go
UPDATE MYTABLE
SET PROP_VALUE = X.PROP_VALUE
FROM MYTABLE MT JOIN (
SELECT 'A' AS PROP_NAME, 'F' AS PROP_VALUE
UNION
SELECT 'C' AS PROP_NAME, 'G' AS PROP_VALUE) AS X ON MT.PROP_NAME = X.PROP_NAME
WHERE ID = 1
For other SQL DB server the solution should be similar if not identical.
the UPDATE gives ???? if the updater field was written in Arabic and this is my query:
UPDATE students
SET first_name = 'الاسم' , last_name = 'الاسم الاخير' ,
father_name = 'الاسم الاخير' , mother_name = '',
birth_date = '1/1/1990 12:00:00 AM' , education_level = '' ,
address = '' , notes = ''
WHERE student_id = 33
And here is the result of the update:
student_id first_name last_name mother_name father_name birth_date
33 ????? ????? ?????? ??????????? 1990-01-01
//the answer is great and thank you people, another question is that I am using this UPDATE syntax in my C# program
command.CommandText = "UPDATE students SET " +
"first_name = " + "'" + first_name + "'" + " , last_name = " + "'" + last_name + "'" +
" , father_name = " + "'" + father_name + "'" + " , mother_name = " +
"'" + mother_name + "'" + ", birth_date = " + "'" + birth_date + "'" +
" , education_level = " + "'" + education_level + "'" +
" , address = " + "'" + address + "'" + " , notes = " + "'" + notes + "'" +
" WHERE student_id = " + id ;
//how to use the character N
You have forgotten the N prefix before your string literals which is required so they will be treated as nvarchar rather than varchar
SET first_name = N'الاسم' etc.
without that the text is coerced into whatever characters the code page of your default collation can deal with.
Create the database with this collation Arabic_CI_AS, you won't need to put N before the Arabic characters.