1. 首頁
  2. 問答
  3. VBA中的語法錯誤SQL

VBA中的語法錯誤SQL

2016-05-10 65 views
0

從窗體上的各種文本框中獲取數據並更新SQL Server數據庫。這裏是SQL的創建:VBA中的語法錯誤SQL

Dim upDateStr As String 
upDateStr = "UPDATE dbo_Master_Accounts SET dbo_Master_Accounts.FirstName = " & Chr$(34) & Me.disFirstName & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.LastName = " & Chr$(34) & Me.disLastName & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Address_Line_1 = " & Chr$(34) & Me.disAddr1 & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.City = " & Chr$(34) & Me.disCity & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.State = " & Chr$(34) & Me.disState & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.PostalCode = " & Chr$(34) & Me.disPostalCode & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Phone_Number_1 = " & Chr$(34) & Me.disHomePhone & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Phone_Number_2 = " & Chr$(34) & Me.disCellPhone & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Gender = " & Chr$(34) & Me.disGender & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Date_Of_Birth = " & Chr$(34) & Me.disDateofBirth & Chr$(34) & ", " 
upDateStr = upDateStr + "dbo_Master_Accounts.Email = " & Chr$(34) & Me.disEmailAddress & Chr$(34) & ", " 
upDateStr = upDateStr + "WHERE (((dbo_Master_Accounts.Master_ID) = " & Chr$(34) & Me.frmoldCardno & Chr$(34) & ""

查看立即查詢和所有的數據在那裏,它看起來是正確的。這是直接的窗口。

UPDATE dbo_Master_Accounts 
SET dbo_Master_Accounts.FirstName = "John", 
     dbo_Master_Accounts.LastName = "Handy", 
     dbo_Master_Accounts.Address_Line_1 = "123 From", 
     dbo_Master_Accounts.City = "Somewhere", 
     dbo_Master_Accounts.State = "IL", 
     dbo_Master_Accounts.PostalCode = "50310", 
     dbo_Master_Accounts.Phone_Number_1 = "1234567890", 
     dbo_Master_Accounts.Phone_Number_2 = "", 
     dbo_Master_Accounts.Gender = "M", 
     dbo_Master_Accounts.Date_Of_Birth = "02/14/1967", 
     dbo_Master_Accounts.Email = "[email protected]", 
WHERE (((
      dbo_Master_Accounts.Master_ID 
     ) = "000055"

但我得到一個我看不到的語法錯誤。嘗試只運行第一行和最後兩行代碼,並得到相同的錯誤。

感謝事先通過嘗試這個,看看它是否工作

JPL

來源

2016-05-10 jpl458

+4

逗號在'where'之前。三'('在你的地方,只有一個')' – Ghost

+2

而你使用的是'''而不是''',但是如果你已經正確配置了odbc,那麼這個工作正常。 –

+2

你真的不應該相信用戶輸入,打開你自己到注射攻擊使用參數 – Ghost

回答

0

啓動(刪除逗號這裏之前,固定括號),然後使用參數做是正確的,因爲這樣一來你」重新打開SQL注入攻擊

Dim upDateStr As String 
upDateStr = "UPDATE dbo_Master_Accounts SET dbo_Master_Accounts.FirstName = '" & Me.disFirstName & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.LastName = '" & Me.disLastName & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Address_Line_1 = '" & Me.disAddr1 & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.City = '" & Me.disCity & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.State = '" & Me.disState & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.PostalCode = '" & Me.disPostalCode & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Phone_Number_1 = '" & Me.disHomePhone & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Phone_Number_2 = '" & Me.disCellPhone & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Gender = '" & Me.disGender & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Date_Of_Birth = '" & Me.disDateofBirth & "', " 
upDateStr = upDateStr + "dbo_Master_Accounts.Email = '" & Me.disEmailAddress & "' " 
upDateStr = upDateStr + "WHERE (dbo_Master_Accounts.Master_ID) = '" & Me.frmoldCardno & "' "

來源

2016-05-10 19:05:22 Ghost

+0

校正工作得很好但我不確定我是否明白你的意思是什麼參數查詢我假設你正在談論的東西比使用括號[]在查詢。感謝您的幫助。 – jpl458

相關問題

 相關問題