Error writing new record to the Access database

3

I'm doing a CRUD with Winforms in C # , I'm having an error inserting the date in the date field. The following message appears when attempting to write the new record:

  

Operator syntax error missing in query expression '10 / 02/1986 00:00 '

Follow the code snippet below

string sql = "INSERT INTO Cliente (descCliente, nomefantasia, endereco, complemento, bairro, cep, estado, cidade, "
                + "telefone1, telefone2, celular1, email, CPF, RG, OEmissor, DtNasc)"
                //, CPF, RG, OEmissor, bloqueado, mensalista) "
                + "VALUES ('" + txtnome.Text + "', "
                + "'" + txtFantasia.Text + "', "
                + "'" + txtRua.Text + "', "
                + "'" + txtComplemento.Text + "', "
                + "'" + txtBairro.Text + "', "
                + "'" + mskCEP.Text + "', "
                + Convert.ToInt32(txtEstado.Text) + ", "
                + Convert.ToInt32(txtCidade.Text) + ","
                + "'" + mskFone1.Text + "', "
                + "'" + mskfone2.Text + "', "
                + "'" + mskcelular.Text + "', "
                + "'" + txtemail.Text + "', "
                + "'" + mskCPF.Text + "', "
                + "'" + mskRG.Text + "', "
                + "'" + txtEmissor.Text + "', "
                +  Convert.ToDateTime(mskDOB.Text) + "); ";    
                //+ false + ", "
                //+ false + ");";
            OleDbConnection conn = new OleDbConnection(connStr);
            OleDbCommand cmd = new OleDbCommand(sql , conn);
            cmd.CommandType = CommandType.Text;
            conn.Open();
            try
            {
                int i = cmd.ExecuteNonQuery();
                if (i>0)
                {
                    MessageBox.Show("inclusão efetuada com sucesso");
                }
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            finally
            {
                conn.Close();
            }
        }

Below the String SQL

  

"INSERT INTO Client (descClient, name, address, add, neighborhood, zip, city, phone1, phone2, cellular1, email, CPF, RG, OEmissor, DtNasc) VALUES ('fernando', ' 'lane 1', '' lime tree '', '00125-455', 2, 1960, '(11) 1111-1111', '(11) 91111-1111', 'me @ me .com ','. ',' 111.111.111-11 ',' SSP-PS ', 10/02/1986 00:00:00); "

What am I doing wrong?

    
asked by anonymous 24.10.2017 / 17:38

2 answers

1
  

Tip : It may be important for you to start working with queries parameters. In the current way, it's very easy for an attacker to get SQL injection (read about it, here and here ) in your code.

You need to enter the date in the format YYYY-MM-DD HH: MM: SS and circled by hash / sharp or # ) or single quotes

That is, insert should look like this

INSERT INTO Cliente (descCliente, nomefantasia, endereco, complemento, bairro, cep, estado, 
                  cidade, telefone1, telefone2, celular1, email, CPF, RG, OEmissor, DtNasc)
VALUES ('fernando', 'fer', 'rua 1', '', 'limoeiro', '00125-455', 2, 1960,
        '(11) 1111-1111', '( ) -', '(11) 91111-1111', '[email protected]', ' . . -', 
        '111.111.111-11', 'SSP-PS', #1986-02-10 00:00:00#); 

Or (just the end so you do not keep repeating everything)

'1986-02-10 00:00:00'

To format the date, just use .ToString() .

Convert.ToDateTime(mskDOB.Text).ToString("yyyy-MM-dd HH:mm:ss");
    
24.10.2017 / 17:48
0

I advise you not to use this way ... You are concatenating the values within the query. Try to impute the values using parameters. This will avoid problems that may come in the future SQL injection and will not give you these problems with date. The code looks like this:

string sql = "INSERT INTO Cliente (descCliente, nomefantasia, endereco, 
complemento, bairro, cep, estado, cidade, "
                + "telefone1, telefone2, celular1, email, CPF, RG, OEmissor, 
DtNasc)"
            //, CPF, RG, OEmissor, bloqueado, mensalista) "
            + "VALUES (@descCliente, @nomefantasia, @endereco, @complemento, @bairro, @cep, @estado, @cidade, "
            + "@telefone1, @telefone2, @celular1, @email, @CPF, @RG, @OEmissor, @DtNasc) ";
        //+ false + ", "
        //+ false + ");";
        OleDbConnection conn = new OleDbConnection(connStr);
        OleDbCommand cmd = new OleDbCommand(sql, conn);
        cmd.CommandType = CommandType.Text;

        cmd.Parameters.AddRange(new OleDbParameter[]
           {
               new OleDbParameter("@descCliente",  txtnome.Text),
               new OleDbParameter("@nomefantasia", txtFantasia.Text),
               ...
           });

        conn.Open();
        try
        {
            int i = cmd.ExecuteNonQuery();
            if (i > 0)
            {
                MessageBox.Show("inclusão efetuada com sucesso");
            }
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
        finally
        {
            conn.Close();
        }
    
24.10.2017 / 18:44