the column type of stime and etime in Dabase both are datetime
------------------------------
public DateTime loginTime
{
get
{
//got user enter page's time
return DateTime.Now;
}
}
//record user's using time when user click exit button
protected void Button1_Click(object sender, EventArgs e)
{
int Member_No = Int32.Parse(cls_login2.GetCurrent_login_Member_no(this.Page));
int Lesson_No = Int32.Parse(Lesson_no);
int Prestep = 1;
string RemoteIp = Request.ServerVariables["REMOTE_ADDR"].ToString();
string sqlConn = "Insert into pro_Study_log (Member_no,Lesson_no,Study_log_stepid,Study_log_stime,Study_log_etime,Study_log_ip) ";
sqlConn += "values(" + Member_No + "," + Lesson_No + "," + Prestep + "," + loginTime + ", getdate(), '" + RemoteIp + "')";
SqlConnection connLog = new SqlConnection(StrConn);
SqlCommand cmdLog = new SqlCommand(sqlConn, connLog);
cmdLog.CommandType = CommandType.Text;
connLog.Open();
cmdLog.ExecuteNonQuery();
connLog.Close();
--------
and then I got error message on column Study_log_stime
I also trid set the dateimt tostring , still doesn't work..
I don't know where I did wrong... pleae help
many thanks
You need to put quotes around logintime. Also, I'd recommend using Parameterized Queries rather than concatenating strings. With what you have now there is a high potential for SQL Injection attacks.
|||it's helpless if we just put quotes around logintime ( cause another error message)
problem has been resolved by use stored procedure...
thank you very much
No comments:
Post a Comment