Fatal编程技术网
  • ms-access/
  • 用VBScript实现MS-Access-MDB查询

用VBScript实现MS-Access-MDB查询

ms-access vbscript

用VBScript实现MS-Access-MDB查询,ms-access,vbscript,Ms Access,Vbscript,我可以使用VBScript从图像中查找所有记录: cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _ ";CharacterSet=65001]." & exportFile & " FROM IMAGES" 这很好用。但是,我想将搜索范围从所有记录缩小到B列(ProjectName)=“spoon”的记录 但我得到了一个错误: 没有为一个或多个必需参数提供值 Mu SQL fu

我可以使用VBScript从图像中查找所有记录:

cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES"
这很好用。但是,我想将搜索范围从所有记录缩小到B列(ProjectName)=“spoon”的记录

但我得到了一个错误:

没有为一个或多个必需参数提供值

Mu SQL fu很弱,不确定我会错在哪里。

总结一下(并稍微减少):

因为错误的原因是缺少通过将字符串封装在单引号(
“…”
)中将其标识为字符串的字符串值

但是,通过使用
ADODB.Command
执行参数化查询,可以避免此问题和其他问题,如SQL注入缺陷

Dim cmd, sql, exportDir, exportFile

'Shouldn't be configurable outside this procedure.
exportDir = "..."
exportFile = "..."

Const adCmdText = 1
Const adParamInput = 1
Const adCmdVarChar = 200
Const adExecuteNoRecords = &H00000080

Set cmd = CreateObject("ADODB.Command")
sql = "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName = ?"
With cmd
  Set .ActiveConnection = cn
  .CommandType = adCmdText
  .CommandText = sql
  Call .Parameters.Append(.CreateParameter("@ProjName", adVarChar, adParamInput, 255))
  Call .Execute(, , adExecuteNoRecords)
End With
只需确保
exportDir
exportFile
都未公开,或者将代码保留为SQL注入打开状态。

确保在proj周围加引号,可能是这样:
“WHERE ProjectName=”&proj&“
”。如果projectname是字符串变量,这是必需的,因为您似乎暗示了其他原因(除了SQL注入)来避免字符串连接和使用SQL参数。另一个可能的问题:{Dim projName:proj=“spoon”}@Ekkehard.Horner尽管这看起来不像这里的问题,因为OP在SQL语句中使用了
proj
,不是
projName
@Ekkehard.Horner我错过了那一个谢谢-更新的代码!Dim projName=“spoon”应该是Dim projName:projName=“spoon”@Ekkehard.Horner:你说得对-我脑子里有VB.NET。谢谢 
Dim projName
projName = "spoon"

cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName='" & projName & "'"

Dim cmd, sql, exportDir, exportFile

'Shouldn't be configurable outside this procedure.
exportDir = "..."
exportFile = "..."

Const adCmdText = 1
Const adParamInput = 1
Const adCmdVarChar = 200
Const adExecuteNoRecords = &H00000080

Set cmd = CreateObject("ADODB.Command")
sql = "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName = ?"
With cmd
  Set .ActiveConnection = cn
  .CommandType = adCmdText
  .CommandText = sql
  Call .Parameters.Append(.CreateParameter("@ProjName", adVarChar, adParamInput, 255))
  Call .Execute(, , adExecuteNoRecords)
End With