從字符串中轉換日期時SQL/C＃轉換失敗

Question

我改變了整個代碼。但現在看來錯誤..

轉換從字符串

轉換日期的時候失敗了，如果我改變DTP3.Value.Date到DTP3.Value.DateTime（）給了我一個不同的錯誤。

但是，如果您今天離開，它會插入數據。但是，如果他們改變並帶來其他數據，那麼會給我那個錯誤。

cn.Open(); 
      cmd.CommandText = "INSERT INTO info(fac,dom,spec,data,form_invat,nume_prenume,cod_legitimatie,localitate,judet,tara,strada,numar,bloc,scara,etaj,apartament,sector,cod_postal,data_n,loc_nastere,judet_n,tara_n,sexul,stare_civila,cetatenie,cetatenie_op,etnie,incadrare,cnp,serie,numar_cnp,eliberat_de_catre,data_eliberare,studii,unitate_invatamant,specializare,oras_studii,judet_studii,tara_studii,forma_invatamant,media,durata_studii,data_absolvirii,tipul_diploma,serie_diploma,numar_diploma,emis,data_emiterii,numarul_foii_matricole,diploma_original,adeverinta_absolvire_original,adeverinta_absolvire_copielegalizata,atestat_original,atestat_legalizat,certificat_nastere,certificat_casatorie,foto_3_4_da,foto_3_4_nu,adeverinta_med_da,adeverinta_med_nu,copie_buletin_da,copie_buletin_nu,foaie_matricola_da,foaie_matricola_nu,taxa_achitata_da,taxa_achitata_nu,introducere_date,semnatura) values('" + C1.Text + "','" + T1.Text + "','" + T2.Text + "','" + DTP1.Value.Date + "','" + C2.Text + "','" + T3.Text + "','" + T4.Text + "','" + T5.Text + "','" + T6.Text + "','" + T7.Text + "','" + T8.Text + "','" + T9.Text + "','" + T10.Text + "','" + T11.Text + "','" + T12.Text + "','" + T13.Text + "','" + T14.Text + "','" + T15.Text + "','" + DTP2.Value.Date + "','" + T16.Text + "','" + T17.Text + "','" + T18.Text + "','" + C3.Text + "','" + C4.Text + "','" + C5.Text + "','" + T19.Text + "','" + T20.Text + "','" + C6.Text + "','" + T21.Text + "','" + T22.Text + "','" + T23.Text + "','" + T24.Text + "','" + DTP3.Value.Date + "','" + C7.Text + "','" + T25.Text + "','" + T26.Text + "','" + T27.Text + "','" + T28.Text + "','" + T29.Text + "','" + C8.Text + "','" + T30.Text + "','" + C9.Text + "','" + DTP4.Value.Date + "','" + C10.Text + "','" + T31.Text + "','" + T32.Text + "','" + T33.Text + "','" + DTP5.Value.Date + "','" + T34.Text + "','" + diploma_org + "','" + adeverinta_ab + "','" + adeverinta_ab_leg + "','" + at_original + "','" + "','" + at_leg + cert_nastere_leg + "','" + cert_cas_leg + "','" + foto_3_4_da + "','" + foto_3_4_nu + "','" + adv_med_da + "','" + adv_med_nu + "','" + copie_ci_da + "','" + copie_ci_nu + "','" + foaie_matr_da + "','" + foaie_matr_nu + "','" + bon_taxa_da + "','" + bon_taxa_nu + "','" + T35.Text + "','" + T36.Text + "')"; 
       cmd.ExecuteNonQuery(); 
       cmd.Clone(); 
       MessageBox.Show("Adaugat cu succes !"); 
       C1.Text = ""; 
       T1.Text = ""; 
       T2.Text = ""; 

和數據庫TABEL

CREATE TABLE [dbo].[info] (
    [Id]         INT   IDENTITY (1, 1) NOT NULL, 
    [fac]         VARCHAR (50) NULL, 
    [dom]         VARCHAR (50) NULL, 
    [spec]         VARCHAR (50) NULL, 
    [data]         DATE   NULL, 
    [form_invat]       VARCHAR (50) NULL, 
    [nume_prenume]       VARCHAR (50) NULL, 
    [cod_legitimatie]      VARCHAR (50) NULL, 
    [localitate]       VARCHAR (50) NULL, 
    [judet]        VARCHAR (50) NULL, 
    [tara]         VARCHAR (50) NULL, 
    [strada]        VARCHAR (50) NULL, 
    [numar]        INT   NULL, 
    [bloc]         VARCHAR (50) NULL, 
    [scara]        VARCHAR (50) NULL, 
    [etaj]         INT   NULL, 
    [apartament]       INT   NULL, 
    [sector]        INT   NULL, 
    [cod_postal]       INT   NULL, 
    [data_n]        DATE   NULL, 
    [loc_nastere]       VARCHAR (50) NULL, 
    [judet_n]        VARCHAR (50) NULL, 
    [tara_n]        VARCHAR (50) NULL, 
    [sexul]        VARCHAR (50) NULL, 
    [stare_civila]       VARCHAR (50) NULL, 
    [cetatenie]       VARCHAR (50) NULL, 
    [cetatenie_op]       VARCHAR (50) NULL, 
    [etnie]        VARCHAR (50) NULL, 
    [incadrare]       VARCHAR (50) NULL, 
    [cnp]         VARCHAR (13) NULL, 
    [serie]        VARCHAR (2) NULL, 
    [numar_cnp]       VARCHAR (6) NULL, 
    [eliberat_de_catre]     VARCHAR (50) NULL, 
    [data_eliberare]      DATE   NULL, 
    [studii]        VARCHAR (50) NULL, 
    [unitate_invatamant]     VARCHAR (50) NULL, 
    [specializare]       VARCHAR (50) NULL, 
    [oras_studii]       VARCHAR (50) NULL, 
    [judet_studii]       VARCHAR (50) NULL, 
    [tara_studii]       VARCHAR (50) NULL, 
    [forma_invatamant]      VARCHAR (50) NULL, 
    [media]        VARCHAR (5) NULL, 
    [durata_studii]      INT   NULL, 
    [data_absolvirii]      DATE   NULL, 
    [tipul_diploma]      VARCHAR (50) NULL, 
    [serie_diploma]      VARCHAR (10) NULL, 
    [numar_diploma]      VARCHAR (50) NULL, 
    [emis]         VARCHAR (50) NULL, 
    [data_emiterii]      DATE   NULL, 
    [numarul_foii_matricole]    INT   NULL, 
    [diploma_original]      VARCHAR (2) NULL, 
    [adeverinta_absolvire_original]  VARCHAR (2) NULL, 
    [adeverinta_absolvire_copielegalizata] VARCHAR (2) NULL, 
    [atestat_original]      VARCHAR (2) NULL, 
    [atestat_legalizat]     VARCHAR (2) NULL, 
    [certificat_nastere]     VARCHAR (2) NULL, 
    [certificat_casatorie]     VARCHAR (2) NULL, 
    [foto_3_4_da]       VARCHAR (2) NULL, 
    [foto_3_4_nu]       VARCHAR (2) NULL, 
    [adeverinta_med_da]     VARCHAR (2) NULL, 
    [adeverinta_med_nu]     VARCHAR (2) NULL, 
    [copie_buletin_da]      VARCHAR (2) NULL, 
    [copie_buletin_nu]      VARCHAR (2) NULL, 
    [foaie_matricola_da]     VARCHAR (2) NULL, 
    [foaie_matricola_nu]     VARCHAR (2) NULL, 
    [taxa_achitata_da]      VARCHAR (2) NULL, 
    [taxa_achitata_nu]      VARCHAR (2) NULL, 
    [introducere_date]      VARCHAR (50) NULL, 
    [semnatura]       VARCHAR (50) NULL, 
    PRIMARY KEY CLUSTERED ([Id] ASC) 
); 

Answer 1

的問題是，你使SQL Server解析你的約會對象，這是使用.NET的默認轉換方法轉換爲string。

您的方法引入了一個更大的問題 - 您的代碼容易受到SQL Injection Attack的影響，這非常危險。

您可以將您的SQL語句修復一次這兩個問題一個使用參數：

cmd.CommandText = "INSERT INTO info(fac,dom,spec,date,date2,...) values(@fac,@dom,@spec,@date1,@date2,...)"; 
cmd.Parameters.AddWithValue("@fac", C1.Text); 
cmd.Parameters.AddWithValue("@dom", T1.Text); 
... 
cmd.Parameters.AddWithValue("@date", DTP4.Value.Date); 
cmd.Parameters.AddWithValue("@date2", DTP7.Value.Date);