Using access 2010, windows 7, SQL Server
Can't get the hang of this. Have an SQL query that was generated in the qbe grid then put in VBA. The version that runs has a literal Transaction_Table.Account_Number and looks like:
"WHERE (((dbo_Transaction_Table.Sku)=""Transfer"")
AND ((dbo_Transaction_Table.Description) Like ""%TO%"")
AND ((dbo_Transaction_Table.Account_Number)=""655812""));"
But when I try to replace the literal with the contents of a text box :
"WHERE (((dbo_Transaction_Table.Description) Like ""%Transfer To%"")
AND ((dbo_Transaction_Table.Account_Number)=& Chr$(34) & Me.accntNo & Chr$(34)));"`
I get a syntax err (missing operator) in query expression
(((dbo_Transaction_table.Description) like "%Transfer To%")
And ((dbo_Transaction_Table.Account_Number)= & Chr$(34) & Me.accntNo & Chr$(34))))`
It sounds like you're just missing quotes between the constant string and the injected values
"WHERE (((dbo_Transaction_Table.Description) Like ""%Transfer To%"")
AND ((dbo_Transaction_Table.Account_Number)=" & Chr$(34) & Me.accntNo & Chr$(34) & "));"
Although you might look into using parameters instead. I'm not an expert on doing those from VBA but there should be plenty of examples out there.
Related
I have searched for answers but the ones I have found I can't get working.
I have a database written in MS Access located on a network drive. The front-end has been written in Visual Studio 2010 (VB). I can get the data OK but I need to do a LIKE search to see if there is any records that might match what the user has entered.
Essentially the database is a list of barcodes provided on media. Users provide a list of barcodes but this is done by eye and the last two letters / numbers can be missed, due to size, location or not provided. When scanning the barcode it reads the full details. For example 'AIF00511L6'.
If there is a duplicate then I need to inform the user that there might be one or more records. Duplicate barcodes are possible (don't ask), so I need to provide the details to the user so that they can make the final decision as to if this is the same or different media.
The code I have in VB is:
Dim SQLString as String = "SELECT COUNT(*) AS Count1 " &
"FROM " & Table & " " &
"WHERE " & Column & " " &
"LIKE '*" & Search & "*';"
The code at runtime SQLString is:
SELECT COUNT(*) AS Count1 FROM Assets WHERE aItem LIKE '*IF00511L*';
This works OK in Access (returns 1) but it's not working from VS. I have tried using the '%' in place of '*' but this is not working either. In VS it returns 0.
Any help on this would be appreciated.
I saved and restarted my project and made the below change and now it's working!
Dim SQLString As String = "SELECT COUNT(*) AS Count1 " &
"FROM " & Table & " " &
"WHERE " & Column & " " &
"LIKE '%" & Search & "%';"
So it needed to be a % and not *, something I tried and didn't work, Oh well.
I've tried just about everything i can think of on why i would get this error, but i have had no luck. I wrote a similar code that references that same table with numerical values that works fine, but when searching for text it has problems. The error code says the missing operator lies here: [ExpendetureStore] = 'Lowe's
TotalCostTextBox = DSum("[ExpendetureCost]", "ProjectExpendetures", "[ExpendetureStore] = '" & Me.StoreNameCombo & "'")
Lowe's has an apostrophe in its name. Access query engine is reading that apostrophe as a special character (text delimiter) in the compiled search string. If your data includes apostrophes, one way to deal with is to 'escape' the character - double it in the data with Replace() function. This forces Access to treat the character as normal text.
TotalCostTextBox = DSum("[ExpendetureCost]", "ProjectExpendetures", "[ExpendetureStore] = '" & Replace(Me.StoreNameCombo, "'", "''") & "'")
The same will happen with quote marks and are more challenging to deal with. Note the escaping of quote between quotes.
Replace("somevalue", """", """" & """")
Or may be easier to understand using Chr() function.
Replace("somevalue", Chr(34), Chr(34) & Chr(34))
Side note: Expendeture is a misspelling of Expenditure.
I have run into a problem trying to get this code to work:
filereader.Replace(Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000000", Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000001")
I want it to replace a string which is !exaclty! looking like this, containing the quotation marks:
"SomeSetting"=dword:00000000
but what it does is looking for this string:
""SomeSetting""=dword:00000000
and i cant get it to work. Even if i tried this:
Dim Test As String = Chr(34)
Test will look like this:
""
instead of "
what am i missing here?
I think I see your problem... This is a quite common, accidental thing for people to do.
Strings are immutable, which means that once you've created them they cannot be changed without creating a new string instance.
The problem is this:
filereader.Replace(Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000000", Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000001")
The Replace() function returns the new string with the replaced value(s) (since it cannot change the original one), but you never use the instance it returns.
You should set your old string variable to the new string returned by Replace(), like this:
filereader = filereader.Replace(Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000000", Chr(34) & "SomeSetting" & Chr(34) & "=dword:00000001")
To avoid (or at least minimize the risk of) things like this happening, make sure you read the information that Visual Studio's IntelliSense shows you when writing the function call.
If you do bump into problems anyway, make sure to check the MSDN documentation to see if you missed anything. They usually also have examples showing how you can use the methods.
Getting this error when trying to add a new group using the information entered by the user.
Microsoft Access Database Engine error '80040e14'
Syntax error in INSERT INTO statement.
/student/s0190204/wip/group-add.asp, line 79
This is the sql, the session is getting the ID of the user logged in.
sql_comd="INSERT INTO group (grp_USERID, grp_name, grp_caption, grp_content, grp_DATECREATED, grp_OPEN) VALUES('" &_
session("usr_ID") & "','" & _
request("grp_name") & "','" & _
request("grp_caption") & "','" & _
request("grp_content") & "','" & _
date & "','" & _
request("grp_open") & "')"
Thanks
I suggest you trace this through, and post the output string that you're passing directly to SQL. Just put a breakpoint in there right as the string is created and check it out.
There's not much wrong with this code, persay, but you haven't made sure that your input strings are clean. It's probable that they have a quotation mark in them or the date isn't in the proper string format and so on.
Additionally, note that this query is highly susceptible to query injection because it seems to stuff input directly from the request through to the database.
OH, and. Your 'Insert INTO' needs Group in []. (like [Group]) And your dates should probably be DateTimes instead of strings. (if this works with just the brackets) See my note on your other question. (And avoid using these (http://technet.microsoft.com/en-us/library/ms189822.aspx) in your schema)
And you can set the 'default' of the date to '=GetDate()' instead of passing it through from the C# side, which I personally prefer.
Using MS Access, I am trying to search specific columns for strings. Using the WHERE argument of the DoCmd.OpenForm, I was able to get exact matches using "=". However, I need to use LIKE instead, since the end users will need to have a more liberal filter.
The problem is that I keep getting an error when I use % or * in the string making up the SQL:
stLinkCriteria = "[" & Combo_Filter_Name & "] Like %'" & Text_Filter_Name & "'%"
DoCmd.OpenForm stDocName, acFormDS, , stLinkCriteria
What am I doing wrong? The following code I was using before works perfectly, but again, I need to use LIKE:
stLinkCriteria = "[" & Combo_Filter_Name & "] = '" & Text_Filter_Name & "'"
DoCmd.OpenForm stDocName, acFormDS, , stLinkCriteria
Thanks
The problem here is that the % sign is outside the quotes.
You have written %'mysearch'%
You should write '%mysearch%'
(Where mysearch is the string you are searching for)
You may need to use * instead of % for MS Access though.
MS Access does not keep to the SQL standard, but uses * instead of % and ? instead of _ in like. See http://office.microsoft.com/en-us/access-help/like-operator-HP001032253.aspx