Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 3 years ago.
Improve this question
So I can't for the life of me figure out what the heck I'm doing wrong. The words, A LOT, comes to mind. But right now I have got half of the UPDATE to work but can't get the rest of it to work.
DoCmd.SetWarnings True
If Me.butCompleteFlight.Value = True Then
SQL = "UPDATE tblFlightRecords SET strLand = values('" & Me.strStopTime & "') WHERE strWorkingRecord = TRUE"
SQL = "UPDATE tblFlightRecords SET strWorkingRecord = FALSE WHERE strWorkingRecord = TRUE"
DoCmd.RunSQL SQL
End If
DoCmd.SetWarnings True
the strWorkingRecord switching from TRUE to FALSE works. The issue I'm having is the strLand is not populating, I used the same syntax as the INSERT sql that I used in a different section of the database but can't find out what I'm messing up on this one.
Thanks
SQL is a string and you assign 2 values to it one after the other. When you execute DoCmd.RunSQL SQL it contains the last value that you have assigned to it.
Execute each statement separately:
SQL = "UPDATE tblFlightRecords SET strLand = '" & Me.strStopTime & "' WHERE strWorkingRecord = TRUE"
DoCmd.RunSQL SQL
SQL = "UPDATE tblFlightRecords SET strWorkingRecord = FALSE WHERE strWorkingRecord = TRUE"
DoCmd.RunSQL SQL
Or you can do it in 1 statement like this:
SQL = "UPDATE tblFlightRecords SET strLand = '" & Me.strStopTime & "', strWorkingRecord = FALSE WHERE strWorkingRecord = TRUE"
DoCmd.RunSQL SQL
Also the VALUES clause in an UPDATE statement is wrong. You can use it only in an INSERT statement.
Related
This question already has answers here:
Access DAO Inserting whole record into Another Recordset
(1 answer)
How to do INSERT into a table records extracted from another table
(9 answers)
Closed 1 year ago.
My question was deleted because of duplicate but this is not the case. My example uses an already made sql-string. The answer SO does not and where SO is referring to is way to complicated to implement in my solution. I try to edit my post and be more clearly about my issue. So I have a form which connects to an external database. My query qry_LIMS selects the relevant data.
LIDNUMMER = "([LIDNUMMER] = " & LIDNUMMER_Integer & ")"
MONSTERTYPE = "([MONSTERTYPE] = '" & Monstertype_String & "')"
MONSTERNDATUM = "([MONSTERNDATUM] = '" & Datum_String & "')"
strCriteria = LIDNUMMER & "And" & MONSTERTYPE & "And" & MONSTERNDATUM
task = "Select * from qry_LIMS where (" & strCriteria & ")"
Me.Form.RecordSource = task
What is the most easy way to insert all records from task into an other table named tbl_LIMS?
The named fields of my table tbl_LIMS are the same as qry_LIMS:
Lidnummer
Monstertype
Monsterndatum
I think the solution would rather easy but I do not seem to get it
INSERT INTO tbl_LIMS VALUES (task)
This question already has answers here:
How do I use parameters in VBA in the different contexts in Microsoft Access?
(2 answers)
Closed 4 years ago.
I'm trying to better understand parameterized sql as a solution to SQL injection.
Lets say I have a tblCustomer with the fields CustName, Phone and Address. Lets also say I have an input form for new customers to enter their data, with controls called txtName, txtPhone and txtAddress.
I could run the following vba code:
dim strName, strPhone strAddress, strSQL as string
strName = me.txtName
strPhone = me.txtPhone
strAddress = me.txtAddress
strSQL = "INSERT INTO tblCustomer (CustName, Phone, Address) _
VALUES (" & strName & ", " & strPhone & ", " & strAddress & ");"
DoCmd.RunSQL strSQL
But then if someone nominated the address "Robert'); DROP TABLE tblCustomer; --" (wink) I'd have some serious problems.
I've used vba parameters, but they aren't helping me. So when people say use parameters to fix the issue, what do they mean?
Using a prepared statement with positional parameters eliminates the chance that someone may SQL inject you:
strSQL = "INSERT INTO tblCustomer (CustName, Phone, Address) " &
"VALUES ([str_name], [str_phone], [str_address]);"
Set qdf = db.CreateQueryDef(vbNullString, strSql)
With qdf
.Parameters("str_name").Value = strName
.Parameters("str_phone").Value = strPhone
.Parameters("str_address").Value = strAddress
.Execute dbFailOnError
End With
See here:
https://msdn.microsoft.com/en-us/library/office/ff845220.aspx
A longer winded explanation is that a parameterized query allows you to use a variable within your SQL query, and that variable will be properly escaped if it's a string or matched to your data type (for type checking), and prevent the problem that you've listed.
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 6 years ago.
Improve this question
I am performing in VBA an SQL query selecting per date. Everything is working until I specify the dates, as the code below:
conn.Open dbConnectStr
StartDate = "01/01/2015"
SQL_String = "SELECT * FROM database " & _
"WHERE date BETWEEN to_date('01/01/2015','dd/mm/yyyy') and to_date('31/12/2016','dd/mm/yyyy')"
recset.Close
conn.Close
But, when I put in a variable instead of dates I obtain an error multiple-step operation completed with one or more errors. Check each status values.
conn.Open dbConnectStr
StartDate = "01/01/2015"
EndDate = "31/12/2016"
SQL_String = "SELECT * FROM database " & _
"WHERE date BETWEEN to_date('" & StartDate & "','dd/mm/yyyy') and to_date('" & EndDate & "','dd/mm/yyyy')"
recset.Close
conn.Close
Anybody could suggest how to proceed?
i am having an issue with writing an update query in SQL where there are two clauses one of which has two scenerarios identified with an AND function.
The run time error i am getting is 3075 stating there is syntax errors on the where expression. Loooking at it and after doing a lot of research, i imagine i am almost there.
Thanks, A
st_sql = "UPDATE tblSearchEngine01 SET tblSearchEngine01.Query01OpenItems =""" & _
"WHERE (((tblSearchEngine01.Status)='open')) OR (((tblSearchEngine01.Overall_status) <>'complete') AND ((tblSearchEngine01.Status) Is Null))"
Well, the error is not where you suspect. Two quotes inside a quoted string are interpreted as one quote. You need to double your quotes here :
st_sql = "UPDATE tblSearchEngine01 SET tblSearchEngine01.Query01OpenItems =""""" & _
Consider using single quotes for SQL statements, as this will improve readability.
st_sql = "UPDATE tblSearchEngine01 SET tblSearchEngine01.Query01OpenItems = ''" & _
Closed. This question is not reproducible or was caused by typos. It is not currently accepting answers.
This question was caused by a typo or a problem that can no longer be reproduced. While similar questions may be on-topic here, this one was resolved in a way less likely to help future readers.
Closed 8 years ago.
Improve this question
I'm making a library system which allows student assistants to log in to the system. I have a table for student information to pull out information of the student assistants from instead of putting that same information in the student assistants accounts table because that would be a bit too redundant.
sqlSearch = "select * from tblSALogin where SA_ID = '" & txtUserName.Text & _
"' inner join tblStudentInfo on tblSALogin.StudentID = tblStudentInfo.StudentID"
I'm using the above SQL query expression to do that but it gives me a missing operator error and i don't know why. The syntax of the expression is correct and all of the tables required for the expression have already been related and have the required records.
You need to put the where after the join:
sqlSearch = _
"select * from tblSALogin " & _
"inner join tblStudentInfo on tblSALogin.StudentID=tblStudentInfo.StudentID " & _
"where SA_ID = '" & txtUserName.Text & "'"
Also note that you are vulnerable to SQL injection with this query, and you should look into using parameterized queries.
the join should be in the FROM clause, not in the WHERE clause
Try Like this
sqlSearch = "select tblSALogin.*,tblStudentInfo.* from tblSALogin inner join tblStudentInfo on tblSALogin.StudentID = tblStudentInfo.StudentID where SA_ID = '" & txtUserName.Text &"' "
Where clause should be come after Join.