 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
MS Access Forum / Forms Programming / July 2005What is the correct syntax...
For a parameterized INSERT Query, aka With cmdCommand.Parameters .Append (cmdCommand.CreateParameter("@ClientName", adChar, adParamOutput, 50, Me.ClientName.Value)) .Append (cmdCommand.CreateParameter("@Website", adChar, adParamOutput, 50, Me.website.Value)) End With cmdCommand.CommandText = "INSERT INTO tblClients (ClientName, Website) VALUES (@ClientName, @Website)" cmdCommand.ActiveConnection = cnxn cmdCommand.Execute This doesn't work. Thanks. Aaron Aaron I think you may be working to hard. Wouldn't it just be easier to use the execute method of currentdb and build a sql insert into statement on the fly. Might look like this: currentdb.execute "insert into tblclients (clientname, website) " _ & "values ('" & me.clientname.value _ & "', '" & me.website.value & "')" I am petty sure the above will work, it doesn't need to create and destroy any objects, and it is self documenting. Ron W > For a parameterized INSERT Query, aka > [quoted text clipped - 13 lines] > > Aaron Hi Ron, Thanks for the advice. Your code looks good. The only thing is I would still have to deal with is the apostrophe problem, which I know is relatively simple with a replace function. The reason I wanted to use a parameterized query is that my background is in ASP.NET, in which we are encouraged to always use parameters for queries to (1) automatically deal with any apostrophes in the input, and (2) protect against SQL Injection attacks. Thanks. Aaron >Aaron > [quoted text clipped - 16 lines] >> >> Aaron |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.