How do I delete rows in ms access VBA based on multiple attributes?
I have written the code below, but it doesn't seem to work.
CurrentDb.Execute "DELETE * FROM StaffAtMeeting" & _
"WHERE RoomID =& Me.field1 AND MeetingDate = Me.field2 AND MeetingTime = Me.field3;"
Maybe I am missing some " (Double Quotes) and some & (Ampersands) ?
You are missing open/close " (Double Quotes) and some & (Ampersands)
currentdb.execute "DELETE * " & _
"FROM StaffAtMeeting " & _
"WHERE(((RoomID) =" & me.field1 & " AND (MeetingDate) =#" & me.field2 & "# AND (MeetingTime) =#" & me.field3 & "#));"
When you write a string statement in VBA you need an opening and closing double quotes, the ampersand acts as a concatenation. The underscore lets the code know to continue on the next line.
Since your variables are not part of the string, you have to end the string, concatenate the variable, then reopen the string. The # (pound sign/hash tag/Number sign) signifies SQL you are using a date or time.
I got some strings that contains a single quote (') like Mayor's Office:
Dim Str = "Insert into EntryTbl(Office, DateCreated, TimeCreated)" & _
"Values('" & OfficeBox.Text & "', " & _
" '" & Now.ToShortDateString & "', " & _
" '" & Now.ToString("HH:mm:ss") & "')"
and the officebox.text contains a string Mayor's Office
Glad for any help :)
IMO, parametrized query is better because it prevents SQL injection and it will handle escaping for you(no need to write additional method to handle escaping)
Dim cmd As New SqlCommand("", Conn())
With cmd
.CommandText = "Insert into tbl(Office, DateCreated, TimeCreated)" & _
"Values(#office,#DateCreated,#TimeCreated)"
.Parameters.AddWithValue("#office", OfficeBox.Text)
.Parameters.AddWithValue("#DateCreated", Now.ToShortDateString)
.Parameters.AddWithValue("#TimeCreated", Now.ToString("HH:mm:ss"))
.ExecuteNonQuery()
End With
Take a look at How do I create a parameterized SQL query? Why Should I? for more informations
The built in solution is to use
QUOTENAME(#string)
function to put the quotes.
Ive been trying to get a query I ran in Access to run in VBA but I keep getting errors due to the number of exclamation marks I've been using. The statement I am using is
SQLstat = "SELECT tbl_Date_Check.DateofChecklist, tbl_Tasks.QuestionNumber,tbl_Tasks.Frequency, tbl_Tasks.Questions " _
& "FROM tbl_Tasks, tbl_Date_Check " _
& "WHERE (((tbl_Date_Check.DateofChecklist)=""" & [Forms]![Daily_Checker]![TxtDate] & """) And ((tbl_Tasks.Frequency) = """ & [Forms]![Daily_Checker]![ComFreq]"""))"
Any help would be great thanks
This can possibly be explained by the following SO question: What is the difference between single and double quotes in SQL?
This explains that you need to utilize single quotes '' to surround text in SQL in almost every instance. The fact that you are using double quotes "" may be what is causing the error.
I hope this helps.
-C§
It must read like this for dates:
SQLstat = "SELECT tbl_Date_Check.DateofChecklist, tbl_Tasks.QuestionNumber,tbl_Tasks.Frequency, tbl_Tasks.Questions " _
& "FROM tbl_Tasks, tbl_Date_Check " _
& "WHERE ((tbl_Date_Check.DateofChecklist = #" & Format([Forms]![Daily_Checker]![TxtDate], "yyyy\/mm\/dd") & "#) And (tbl_Tasks.Frequency = " & [Forms]![Daily_Checker]![ComFreq] & "))"
Environement : Oracle 11gR2 , ASP .Net, VB
Aim: need to append text string to an existing record.
Problem: When using the following
strSQL += "Update table_name SET "
strSQL += " JOB = '" & Trim(Me.txtjob.Text) & "',"
strSQL += " NAME = '" & Trim(Me.txtname.Text) & "',"
strSQL += " REMARK = REMARK || ' " & Trim(Me.txtremark.Text) & "'"
It appends the already existing data along with the new data to the new data.
Example:
Contents before SQL Execution: ABC
Contents to append: DEF
Result after execution : ABCABCDEF
expected result: ABCDEF
I tried to use a few permutations to get the right result but to no avail.
Any suggestions/resolution will be appreciated.
Okay, it seems that this was a rather straight forward solution which i ended up over complicating.
IN my case:
I was reading the record and displaying it in a text box.
What i ended up doing was :
just update the entire contents of the text box again to the record.
Thus overwriting the already existing contents along with the modified contents of the textbox.
strSQL += " DOC_LOCATION = '" & System.Web.HttpUtility.HtmlEncode(Trim(Me.txtremark.Text)) & (" Last Edit: ") & temp & " " & DateTime.Now.ToString("yyyy/MM/dd HH:mm:ss") & "'"
Since this was a rather simple application, this solution worked for me.
I'm trying to use a VB button to insert data into a database, but it keeps bringing up the error message I have in place for exceptions.
Can anyone help me with why this does not update the database?
Protected Sub Button1_Click(sender As Object, e As System.EventArgs) Handles Button1.Click
Dim connetionString As String
Dim sqlCnn As SqlConnection
Dim sql As String
Dim adapter As New SqlDataAdapter
Dim Customer As String = TextBox1.Text
Dim Product As String = TextBox2.Text
Dim Location As String = TextBox3.Text
Dim Details As String = TextBox4.Text
Dim Owners As String = DropDownList1.Text
Dim Urgency As String = DropDownList2.Text
connetionString = "Data Source=ZUK55APP02;Initial Catalog=BugFixPortal;User ID=SLC***;Password=rep***"
sql = "INSERT INTO Requests (Owner, Customer, Product, Location, Urgency, Details) VALUES ('" & Owners & ", " & Customer & ", " & Product & ", " & Location & ", " & Urgency & ", " & Details & "')"
sqlCnn = New SqlConnection(connetionString)
Try
sqlCnn.Open()
adapter.UpdateCommand = sqlCnn.CreateCommand
adapter.UpdateCommand.CommandText = sql
adapter.UpdateCommand.ExecuteNonQuery()
sqlCnn.Close()
Catch ex As Exception
MsgBox("Unable to update Database with Request - Please speak to Supervisor!")
End Try
End Sub
I would not go down this road as your code is weak against SQL Injection
you should use parameters instead.Something like the below
c.Open();
string insertString = #"insert into YourTable(name, street, city,....) values(#par1, #par2, #parN,....)"
SqlCommand cmd = new SqlCeCommand(insertString, c);
cmd.Parameters.Add("#par1", SqlDbType.VarChar).Value = "MyName";
//etc
cmd.ExecuteNonQuery();
c.Close();
You are incorrectly quoting your values.
This string has an opening and closing single quote around ALL the values, which is incorrect.
VALUES ('" & Owners & ", " & Customer & ", " & Product & ", " & Location & ", " & Urgency & ", " & Details & "')"
Instead, put single quotes around character data, eg., if Product is a varchar, it would look like this:
VALUES (" & Owners & ", " & Customer & ", '" & Product & "', " & Location & ", " & Urgency & ", " & Details & ")"
The real problem, though, is that you should be using parameterized queries instead. This code is prone to SQL injection attacks.
Change this;
MsgBox("Unable to update Database with Request - Please speak to Supervisor!")
to Something like this;
MsgBox("Unable to update Database with Request - Please speak to Supervisor!" & ex.Message)
It will give you more details on the exception, however at a quick glance I can see a problem, the values you are trying to insert are strings, you've enclosed all your values in a single set of ' characters, rather than enclosing each string parameter in a pair of ' values, i.e.
sql = "INSERT INTO Requests (Owner, Customer, Product, Location, Urgency, Details) VALUES ('" & Owners & "', '" & Customer & "', '" & Product & "',' " & Location & "', '" & Urgency & "', '" & Details & "')"
You really should look at parameterizing your queries as you're wide open to SQL injection attacks. See HERE
In terms of your code itself, your SQL syntax is wrong as you need to put apostrophes around each value. Try this:
sql = "INSERT INTO Requests (Owner, Customer, Product, Location, Urgency, Details)
VALUES ('" & Owners & "', '" & Customer & "', '" & Product &
"', '" & Location & "', '" & Urgency & "', '" & Details & "')"
Here's an example using Parameters
sql = "INSERT INTO Requests (Owner, Customer, Product, Location, Urgency, Details)
VALUES ('#Owners', '#Customer', '#Product', '#Location', '#Urgency', '#Details')"
Then add parameters like so:
command.Parameters.AddWithValue("#Owners", Owners)
command.Parameters.AddWithValue("#Customer", Customer)
command.Parameters.AddWithValue("#Product", Product)
command.Parameters.AddWithValue("#Location", Location)
command.Parameters.AddWithValue("#Urgency", Urgency)
command.Parameters.AddWithValue("#Details", Details)
I think you want to use adapter.InsertCommand instead of adapter.UpdateCommand
in
Try
sqlCnn.Open()
adapter.UpdateCommand = sqlCnn.CreateCommand //(adapter.InsertCommand)
adapter.UpdateCommand.CommandText = sql //(adapter.InsertCommand)
adapter.UpdateCommand.ExecuteNonQuery() //(adapter.InsertCommand)
sqlCnn.Close()
Catch ex As Exception
MsgBox("Unable to update Database with Request - Please speak to Supervisor!")
End Try
and agree with parametrized sql query
see http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqldataadapter.aspx for more infos