tags:

views:

32

answers:

4
Q: 

Use variable to enter into table values

I am unable to use a variable as the vale for a table, though direct values are stored. I get the error as "Syntax error in INSERT INTO Statement.How do I overcome this ?

sDBPAth = App.Path & "\SETMDBPATH.mdb"
sConStr = "Provider=Microsoft.Jet.OLEDB.4.0;" & _
                  "Data Source=" & sDBPAth & ";" & _
                 "Jet OLEDB:Engine Type=4;"
                 ' Type=4 to create an Access97 mdb, If omitted Access2000 mdb

' ------------------------
' Create New ADOX Object
' ------------------------
 Set oDB = New ADOX.Catalog
 oDB.Create sConStr

 Set oCn = New ADODB.Connection
 oCn.ConnectionString = sConStr
 oCn.Open

 Set oCM = New ADODB.Command
 oCM.ActiveConnection = oCn
 oCM.CommandText = "CREATE TABLE MDBPATH(" & _
        "MDBPATH TEXT(40)      NOT NULL," & _
        "pass  TEXT(10))"
 oCM.Execute

' Populate the table.
 oCn.Execute "INSERT INTO MDBPATH VALUES (sDBPAth, 1,)" 'If 'sDBPath' is used the word sDBPath is stored not the variable value
'
' ------------------------
' Release / Destroy Objects
' ------------------------
 If Not oCM Is Nothing Then Set oCM = Nothing
 If Not oCn Is Nothing Then Set oCn = Nothing
 If Not oDB Is Nothing Then Set oDB = Nothing

 End Sub
+2  A: 

Try

' Populate the table.
 oCn.Execute "INSERT INTO MDBPATH VALUES ('" & sDBPAth & "', 1)"

You had an extra comma at the end, and you need to pass the variable in outside of the string.

You're relatively save in this case since you're not pass in a user input, but if you continue to build INSERT statements like above, you'll be vulnerable to SQL Injection attacks.

LittleBobbyTables  2010-07-27 11:46:06
Ha, ha, that's hilarious (the fact that Little Bobby Tables is the one warning us about SQL injection attacks). Good one! +1 for that alone.
paxdiablo  2010-07-27 11:50:18
+1  A: 

You need to call the variable outside of the string.

oCn.Execute "INSERT INTO MDBPATH VALUES ('" & sDBPAth & "', 1)"
Laplace  2010-07-27 11:46:52
You still have the spare comma inside the parenthesis
LittleBobbyTables  2010-07-27 11:48:58
Woops:) Didn't catch that one
Laplace  2010-07-27 12:00:00
A: 

If sDBPAth is an actual VB variable, you need to use something like:

oCn.Execute "INSERT INTO MDBPATH VALUES ('" & sDBPAth & "', '1')"

so that the insert statement is constructed from the value of the variable rather than a fixed string.

In addition, you appear to have a superfluous comma in your statement and you may need quotes around both values since they're both text type.

paxdiablo  2010-07-27 11:46:54
+4  A: 

You need to amend your SQL statement to allow the application to substitute the sDBPath value

' Populate the table. 
 oCn.Execute "INSERT INTO MDBPATH VALUES ('" & sDBPAth & "', 1)"
Ardman  2010-07-27 11:47:47
Thanks for your answer Ardman.It worked perfectly
Dario Dias  2010-07-27 14:51:36
A small help, as it can be seen from the script it has a table named "MDBPATH" with two fields "MDBPATH" and "pass".What modification should be done only to write value only in the first fields value not in pass,not write blank also.
Dario Dias  2010-07-27 18:52:03
Ardman  2010-07-28 05:37:06
Thanks very much.Helped me a lot.
Dario Dias  2010-07-28 10:15:49

related questions

What is the operator precedence order in VB6?
VB6 Runtime Type Retrival
What could cause Run-time error 1012 Error accessing application data directories
How to do multi-column sorting on a Visual Basic 6 ListView?
Regex in VB6?
Classes in VB6
ActiveX control default property discovery
How do I click a button on a vb6 form?
VB6 NegotiateMenus
Check if a record exists in a VB6 collection?
What's the simplest .NET equivalent of a VB6 control array?
Calling DLL functions from VB6.
How would you extract data from a MS Project .mpp file?
When must I set a variable to "Nothing" in VB6?
Using Subversion with VB6
How to filter by 2 fields when loading data into an access database table from an excel spreadsheet
Local Currency String conversion VB6
Copying Files over an Intermittent Network Connection
Prevent a TreeView from firing events in VB6?
How to parse XML in VBA
How do I best share an embeddable form in VB6?
'Break' equivalent keyword for VB
How to use a mutex in Visual Basic
Unload a COM control when working in VB6 IDE
How do you migrate a large app from VB6 to VB .net ?