Converting a string to a datetime in MS SQL Server showing 19th Century date
When I ran the below query in MS SQL Server 2019, it returned the correct date value:
SELECT CONVERT(DATETIME,'13/12/2019',103)
Output:
2019-12-13 00:00:00.000
But when I ran the below code block with the same query, I am not getting correct date value in the output. I am getting a 19th century date value.
DECLARE @BEFOREDATE varchar(30)
DECLARE @SqlStatment VARCHAR(1000)
BEGIN
SET @BEFOREDATE = '13/12/2019'
SET @SqlStatment = 'select CONVERT(DATETIME,' + @BEFOREDATE + ',103)'
EXECUTE( @SqlStatment )
END
Output:
1900-01-01 00:00:00.000
Please help to resolve this issue.
My SQL Server database has the below specifications:
The problem is injection, and bad injection at that. The best way to debug "dynamic" SQL is to PRINT/SELECT the dynamic statement. If we do that, we get the following:
select CONVERT(DATETIME,01/03/2023,103)
So, this means you want to convert the integer expression 01/03/2023 to a datetime, so that's 1/3/2023->0/2023->0, and 0 as a datetime is 1900-01-01.
Coincidentally, if you used date, which it appears you should be using, you would have got a "better" error that would have likely pointed you to the real problem:
Explicit conversion from data type int to date is not allowed.
As I stated though, the problem is injection, you should be parametrising the value. You can't do that with EXEC(<Variable>) syntax, and I actually stronly recommend against its use because of that; it promotes injection because it can't be parametrised. Instead use sys.sp_executesql and pass the variable to it as a parameter:
DECLARE @BeforeDate varchar(30);
DECLARE @SqlStatement nvarchar(MAX); --varchar is not a valid datatype for `sys.sp_exutesql`.
SET @BEFOREDATE = '01/03/2023';
SET @SqlStatement = 'SELECT CONVERT(datetime,@BeforeDate,103);';
EXEC sys.sp_executesql @SqlStatement, N'@BEFOREDATE varchar(30)', @BEFOREDATE;
Of course, this makes the whole "dynamic" statement pointless, as it's no longer dynamic.
- How to find which Database Roles are associated with a given User?
- Last executed queries for a specific database
- How important is the order of columns in indexes?
- EF Core: what exactly is the command timeout measured on?
- Maximum number of products for given amount from the product list in SQL server without using While/Cursor?
- sql server invalid object name - but tables are listed in SSMS tables list
- How to execute a stored procedure inside a select query
- Applying a rename migration with a temporal table throws SqlException (0x80131904) mismatching number of BEGIN and COMMIT statements
- Heterogeneous queries require the ANSI_NULLS
- Query to parse JSON using openrowset converting special characters
- How to delete cascade on Memory-Optimized tables?
- Object reference not set to an instance of an object: on Publish
- SSRS 2014 date range parameters not working with an OR clause
- Calculate duration using T-SQL
- Conversion failed when converting the nvarchar value to data type int while inserting records into table
- How to split a column into 2 different columns with condition
- How can I run just the statement my cursor is on in SQL Server Management Studio?
- SQL rollup to add a total row for multiple columns
- Select SQL Server database size
- INSERT INTO a temp table, and have an IDENTITY field created, without first declaring the temp table?
- Create single image for database diagram in SQL Server
- Automatically define the DataTable in C# from the schema of SQL server tables?
- TSQL: how to write this query?
- CREATE TABLE permission denied in database 'tempdb'
- The SELECT permission was denied on the object 'Users', database 'XXX', schema 'dbo'
- Does database compound index order matter if the first column is only queried with an equal operation?
- Difference between .NET, OLEDB, and Native Providers in SSIS
- Is there a way to populate a HTML table from a database? (SQL Server, VB.NET, ASP.NET)
- ExecuteScalar() not returning full contents of cell
- Why does normal execution resume after Raiserror in Catch block