error converting varchar to numeric : SQL Server 2008_问答_开发者

error converting varchar to numeric : SQL Server 2008

开发者 https://www.devze.com 2023-04-11 23:51 出处：网络

I have this SQL statement but it return :\"error converting varchar to numeric\" ADOTailles.SQL.Text := \'INSERT INTO tailles (numOF, taille, quantite, prixVente) VALUES(\'\'\' + numOF.Text + \'\'\',

I have this SQL statement but it return : "error converting varchar to numeric"

ADOTailles.SQL.Text := 'INSERT INTO tailles (numOF, taille, quantite, prixVente) VALUES(''' + numOF.Text + ''',''' + C.Caption + ''',''' + Q.Text + ''',''' + P.Text + ''')';
ADOTailles.ExecSQL

The numeric field is prixVente;

I used this but still the same error:

ADOTailles.SQL.Text := 'INSERT INTO tailles (numOF, taille, quantite, prixVente) VALUES(''' + numOF.Text + ''',''' + C.Caption + ''',''' + 开发者_运维知识库Q.Text + ''',CAST(''' + P.Text + ''' AS numeric(5, 2)))');
ADOTailles.ExecSQL

NOTE: If I put an INTEGER there is no error

The full code is:

var
     I: Int8;
     C: TCheckBox;
     Q, P: TEdit;
for I := 1 to 16 do Begin
                C := FindComponent('T' + IntToStr(I)) as TCheckBox;
                Q := FindComponent('Q' + IntToStr(I)) as TEdit;
                P := FindComponent('P' + IntToStr(I)) as TEdit;
                if C.Checked = True then begin
                     ADOTailles.SQL.Text := 'INSERT INTO tailles (numOF, taille, quantite, prixVente) VALUES(''' + numOF.Text + ''',''' + C.Caption + ''',''' + Q.Text + ''',''' + P.Text + ''')';
                     ADOTailles.ExecSQL
                end;
           End;

there is no SQL injection because I use this code:

StringReplace(aricleFilter.Text, '''', '', [rfReplaceAll]);

Don't create a SQL query by appending text; use parameters.

Or you'll fall into the Bobby Tables SQL injection trap.

It makes it way easier to get rid of these errors too.

Maybe your string contains not numeric symbols or incorrect decimal separator (for example "," instead of ".").

You are putting the value for the price between quotes

... ''',''' + P.Text + ''')';

This is what causes SQLServer to try a conversion from varchar to a number. To prevent that, you will have to leave of the quotes:

... ''',' + P.Text + ')';

and make sure that P.Text contains the decimal and thousands separators that SQL Server expects. Preferably only the decimal separator. You can always do the conversion yourself using StrToFloat or StrToFloatDef with P.Text as the input and then reformat that for SQLServer.

From what I can remember, SQL Server expects the US separators in SQL statements, which means you need to use a point as the decimal separator.