tags:

views:

68

answers:

2
Q: 

Trying to use VB to automate some queries. Running into what looks like a string problem

Hi there

I'm using MS Access 2003 and I'm trying to execute a few queries at once using VB. When I write out the query in SQL it works fine, but when I try to do it in VB it asks me to "Enter Parameter Value" for DEPA, then DND (which are the first few letters of a two strings I have). Here's the code:

Option Compare Database

Public Sub RemoveDupelicateDepartments()

Dim oldID As String
Dim newID As String
Dim sqlStatement As String


oldID = "DND-01"
newID = "DEPA-04"

sqlStatement = "UPDATE [Clean student table] SET [HomeDepartment]=" & newID & " WHERE [HomeDepartment]=" & oldID & ";"

DoCmd.RunSQL sqlStatement & ""

End Sub

It looks to me as though it's taking in the string up to the - then nothing else. I dunno, that's why I'm asking lol. What should my code look like?

+3  A: 

You probably want to insert quotes around the IDs.

Carl Manaster  2010-05-10 16:18:53
+5  A: 

Use (') character to set start and end of value

sqlStatement = "UPDATE [Clean student
table] SET [HomeDepartment]='" & newID
& "' WHERE [HomeDepartment]='" & oldID
& "';"
volody  2010-05-10 16:21:11
Ah that works. Any reason why?
Jeff  2010-05-10 16:24:53
Because the literal query is something like "...SET field = 'abc'..." instead of "...SET field = abc...". If you try to run the second (unquoted) query directly in Access, you will see the same error.
Carl Manaster  2010-05-10 16:46:20
Ah, thank you very much! This answers all my questions (except the one Mr. Coehoorn has me wondering about now :P )
Jeff  2010-05-10 16:52:47
Joel's point is that you are open to executing any arbitrary data that the user supplies for your variable. He assumes a lot but he has a point. See http://stackoverflow.com/questions/512174/non-web-sql-injection for a lengthy discussion of the issue.
David-W-Fenton  2010-05-12 22:47:21

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP