{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 趁早两清 的问题《parameterized query in ms access 2003 using vba》','https://www.manongdao.com/q-235176.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Ok. I want to use parameterized queries to avoid dealing with embedded double or single quotes (" or ') in my data.
As a simple example, what would the VBA code look like for the parameterized verion of this?
Dim qstr as String
Dim possiblyDangerousString as String
qstr = "SELECT MyTable.LastName from MyTable WHERE MyTable.LastName = '" & possiblyDangerousString & "';"
I did not cut and paste this from my code (on a different box right now), so there might be a typo.
Once I figure out this simple example, I need to move on to more complex statements (multiple parameters and joins). Thanks for any advice
In VBA, you can use something like:
This example is not much use, because what are you going to do with the query now? Note that you can store parameter queries and assign the parameters in VBA. Note also that memo fields become a problem because a parameter can only accept 255 characters.
The only trouble with using the Replace function is that anywhere there is "'" it will replace with "''" even if you have already qualified the single quotation with another single quotation after it: "''" becomes "''''" (and so on).
You could create a procedure or function to check for "'[!']" strings and replace those using a Like:
Public Function QualifySingleQuote(myStr as string) As String
End Function