search data between two date give in c# and using msAcc [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

---

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 8 years ago.

Improve this question

the Following query give me a error how i can correct it ....

select * from invoice_master where  modify_date between '11/3/2013 5:54:55 PM' 
and '12/30/2013 5:54:55 PM';

String qu = "select * from invoice_master where  modify_date between '" + 
            dateTimePicker1.Value + "' and '" + dateTimePicker2.Value + "' ;";

DataTable d = new DataTable();

d = ds.get_date_Table(qu);

dataGridView1.DataSource = d;
dataGridView1.Show();

public DataTable get_date_Table(String query)
{
    OleDbConnection con = new OleDbConnection(connection);
    OleDbDataAdapter adapter = new OleDbDataAdapter(query, con);


    DataTable dt = new DataTable();

    try
    {
        adapter.Fill(dt);
    }
    catch (Exception ex)
    {
        throw ex;
    }

    return dt;
}

Answer 1

As always this kind of problem is due to string concatanation habits.
You should always use a parameterized query and leave the burden to correctly quote your parameters to the database engine code

String qu = "select * from invoice_master where  modify_date between ? and ?" + 
using(OleDbConnection con = new OleDbConnection(connection))
using(OleDbDataAdapter adapter = new OleDbDataAdapter(query, con))
{
    DataTable dt = new DataTable();
    adapter.SelectCommand.Parameters.AddWithValue("@p1", dateTimePicker1.Value)
    adapter.SelectCommand.Parameters.AddWithValue("@p2", dateTimePicker2.Value)
    adapter.Fill(dt);
}

In this way, whatever character is needed to enclose a date value (by the way with MSAccess it is the # symbol, but other database could have different requirements) it is added by the framework code that knows better than you and me how to pass a datetime value to the database engine.