tags:

views:

36

answers:

3
Q: 

Use a VB variable in a SQL statement

I'm trying to create a sql statement but I require the use of a VB variable. The problem is, I keep getting an error about too few parameters when I try to just put the variable in. Is there some sort of format I need to use in order to add a VB variable into a SQL statement?

Set rs = CurrentDb.OpenRecordset("SELECT StartTime " & _
            "FROM tblLunchTime " & _
            "WHERE TimeID = (SELECT max(TimeID-count) FROM tblLunchTime);")

The variable in this situation is 'count'.

+1  A: 

concatenate the variable like so:

Set rs = CurrentDb.OpenRecordset("SELECT StartTime " & _
            "FROM tblLunchTime " & _
            "WHERE TimeID = (SELECT max(TimeID-" & count & ") FROM tblLunchTime);")
Tahbaza  2010-06-30 16:21:08
Screams bad practice. SQL injection anyone???
StingyJack  2010-06-30 16:22:23
Relax a bit. VB is typed. How exactly would you inject SQL in an int ?
renick  2010-06-30 16:25:55
This is probably the pattern that is repeated elsewhere, with strings.
StingyJack  2010-06-30 17:03:05
+1  A: 

Well... using non-parameterized sql like you want to is usually a very bad idea. There are many articles on how to parameterize a sql query or use stored procs for VB (6 and .NET).

StingyJack  2010-06-30 16:21:21
Don't really have a choice.
BioXhazard  2010-06-30 16:28:41
A: 

You need to concatenate it:

Set rs = CurrentDb.OpenRecordset("SELECT StartTime " & _
            "FROM tblLunchTime " & _
            "WHERE TimeID = (SELECT max(TimeID-" & count & ") FROM tblLunchTime);")
Evan Trimboli  2010-06-30 16:22:49

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP