用VBScript实现MS-Access-MDB查询
我可以使用VBScript从图像中查找所有记录:用VBScript实现MS-Access-MDB查询,ms-access,vbscript,Ms Access,Vbscript,我可以使用VBScript从图像中查找所有记录: cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _ ";CharacterSet=65001]." & exportFile & " FROM IMAGES" 这很好用。但是,我想将搜索范围从所有记录缩小到B列(ProjectName)=“spoon”的记录 但我得到了一个错误: 没有为一个或多个必需参数提供值 Mu SQL fu
cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES"
这很好用。但是,我想将搜索范围从所有记录缩小到B列(ProjectName)=“spoon”的记录
但我得到了一个错误:
没有为一个或多个必需参数提供值
Mu SQL fu很弱,不确定我会错在哪里。总结一下(并稍微减少):
因为错误的原因是缺少通过将字符串封装在单引号(“…”
)中将其标识为字符串的字符串值
但是,通过使用ADODB.Command
执行参数化查询,可以避免此问题和其他问题,如SQL注入缺陷
Dim cmd, sql, exportDir, exportFile
'Shouldn't be configurable outside this procedure.
exportDir = "..."
exportFile = "..."
Const adCmdText = 1
Const adParamInput = 1
Const adCmdVarChar = 200
Const adExecuteNoRecords = &H00000080
Set cmd = CreateObject("ADODB.Command")
sql = "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName = ?"
With cmd
Set .ActiveConnection = cn
.CommandType = adCmdText
.CommandText = sql
Call .Parameters.Append(.CreateParameter("@ProjName", adVarChar, adParamInput, 255))
Call .Execute(, , adExecuteNoRecords)
End With
只需确保
exportDir
和exportFile
都未公开,或者将代码保留为SQL注入打开状态。确保在proj周围加引号,可能是这样:“WHERE ProjectName=”&proj&“
”。如果projectname是字符串变量,这是必需的,因为您似乎暗示了其他原因(除了SQL注入)来避免字符串连接和使用SQL参数。另一个可能的问题:{Dim projName:proj=“spoon”}@Ekkehard.Horner尽管这看起来不像这里的问题,因为OP在SQL语句中使用了proj
,不是projName
@Ekkehard.Horner我错过了那一个谢谢-更新的代码!Dim projName=“spoon”应该是Dim projName:projName=“spoon”@Ekkehard.Horner:你说得对-我脑子里有VB.NET。谢谢
Dim projName
projName = "spoon"
cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName='" & projName & "'"
Dim cmd, sql, exportDir, exportFile
'Shouldn't be configurable outside this procedure.
exportDir = "..."
exportFile = "..."
Const adCmdText = 1
Const adParamInput = 1
Const adCmdVarChar = 200
Const adExecuteNoRecords = &H00000080
Set cmd = CreateObject("ADODB.Command")
sql = "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName = ?"
With cmd
Set .ActiveConnection = cn
.CommandType = adCmdText
.CommandText = sql
Call .Parameters.Append(.CreateParameter("@ProjName", adVarChar, adParamInput, 255))
Call .Execute(, , adExecuteNoRecords)
End With