Tomilee (Tomilee@discussions.microsoft.com) writes:
[quoted text, click to view]

The link http://www.karaszi.com/SQLServer/info_datetime.asp works for me.

[quoted text, click to view]

This is where you go wrong. When you build your SQL statements, do always
use parameters, never build complete strings. What you should do is this:

cmd.CommandText = &_
"SELECT * FROM session WHERE GuiAktiv > @oneminuteago ORDER BY id DESC"
cmd.Parameters.Add("@oneminuteago", SqlDbType.DateTime)
cmd.Parameters(0).Value = Now.AddSeconds(-60))

In this particular case, this has the effect that the date is passed as a
binary value to SQL Server, and there can never be any misunderstanding
about the format.

The above is even more important if your data comes from user input. If
you build strings, a malicious user could enter data with a single quote
in it which would close the string. Then the user can add a completely
other SQL statement that does evil things. Don't laugh. This is called
SQL injection, and is a commonly used by intruders.

What happens now is that you pass a formatted date to SQL Server. Most
date formats in SQL Server are interpreted according to dateformat and
language settings. YYYY-MM-DD does not work with a German dmy setting.
If you are absolute dead set on using strings, you should use any of the
formats:

YYYYMMDD [HH:MM:SS.mmm]
YYYY-MM-DDTHH:MM:DD[.mmm]

T here stands for itself. Brackets show optional components. These are
the only two format that SQL Server will always understand.
--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at

Thank you for this useful information!

Tom

[quoted text, click to view]