Link to home
Start Free TrialLog in
Avatar of rwheeler23
rwheeler23Flag for United States of America

asked on

How to properly format date fields coming out of an MS SQL database

I have this SQL command and the aplydate and glpostdt fields are dates.

DataCommand.CommandText = "select aplydate,glpostdt,distref from job_linker where companyid = '" + CompanyID + "' and bchsourc = 'Apply_Documents' and transnmbr ='" + ApplyToVoucherNumber + "' and trxtype = 'Apply Payments ' and dstsqnum = 16384 and cntrltyp = 0 and aptvchnm = '" + ApplyToDocumentNumber + "' and spcldist = 0 and len(rtrim(jobnumber))>0";

I obtain the values with this code

                DataDataAdapter = new System.Data.SqlClient.SqlDataAdapter();
                DataDataAdapter.SelectCommand = DataCommand;
                DataDataAdapter.TableMappings.Add("Table", "DISTREF");

                this.txtApplyDate.DataBindings.Add("Text", DataDataSet.Tables["DISTREF"], "aplydate").ToString();
                this.txtApplyPostingDate.DataBindings.Add("Text", DataDataSet.Tables["DISTREF"], "glpostdt").ToString();

It is the last two lines where I am stumped. I want the format of the dates to be MM/dd/yyyy.  When I try
                this.txtApplyDate.DataBindings.Add("Text", DataDataSet.Tables["DISTREF"], "aplydate").ToString("MM/dd/yyyy")
I receive an error.

What is the correct way to format these date fields?
ASKER CERTIFIED SOLUTION
Avatar of Kyle Abrahams, PMP
Kyle Abrahams, PMP
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of rwheeler23

ASKER

Thanks. That is something else I need to read up on, sql injection.
So from a sql injection side, is it better to do the conversion on the data binding side? No data input is happening on the user side with this query.  Is it still susceptible to sql injection?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
If there's no user input then no need to worry about sql injection.  Saw the variables, didn't know where they were coming from.
Thnaks