ansaurus

Question

VBA sql query problem

Answer 1

+3 A:

If your EmpId is numerical, you probably want to remove the single-quotes:

lstResults.RowSource = "select EmpId from tblTesting where Empid = " & Me.txtSearchEmpId.Value

How does that work?

Adam Bernier 2009-07-14 06:46:52

Thanks for the help

2009-07-14 06:48:41

You're most welcome. Now you can call yourself EvenSmarterVEGA :)

Adam Bernier 2009-07-14 06:50:12

Answer 2

+1 A:

lavinio 2009-07-14 06:50:34

Exactly what could happen if they don't do that? Remember, the context is Access, and SQL injection risks are severely limited in Access as compared to other programming environments because of the fact that Access/Jet can't executed batched SQL statements.

David-W-Fenton 2009-07-14 23:35:43

@David W. Fenton: In the txtSearchEmpId.Value you could type x' = 'x and your assumption that the resultset will contain 1 or zero rows is blow out of the water e.g. could reveal information you were trying to restrict. Hard to be specific for a SQL statement targeting a table named tblTesting ;)

onedaywhen 2009-07-15 09:21:31

ansaurus

tags:

views:

answers:

VBA sql query problem

related questions