Getting this error when trying to add a new group using the information entered by the user.
Microsoft Access Database Engine error '80040e14'
Syntax error in INSERT INTO statement.
/student/s0190204/wip/group-add.asp, line 79
This is the sql, the session is getting the ID of the user logged in.
sql_comd="INSERT INTO group (grp_USERID, grp_name, grp_caption, grp_content, grp_DATECREATED, grp_OPEN) VALUES('" &_
session("usr_ID") & "','" & _
request("grp_name") & "','" & _
request("grp_caption") & "','" & _
request("grp_content") & "','" & _
date & "','" & _
request("grp_open") & "')"
Thanks
I suggest you trace this through, and post the output string that you're passing directly to SQL. Just put a breakpoint in there right as the string is created and check it out.
There's not much wrong with this code, persay, but you haven't made sure that your input strings are clean. It's probable that they have a quotation mark in them or the date isn't in the proper string format and so on.
Additionally, note that this query is highly susceptible to query injection because it seems to stuff input directly from the request through to the database.
OH, and. Your 'Insert INTO' needs Group in []. (like [Group]) And your dates should probably be DateTimes instead of strings. (if this works with just the brackets) See my note on your other question. (And avoid using these (http://technet.microsoft.com/en-us/library/ms189822.aspx) in your schema)
And you can set the 'default' of the date to '=GetDate()' instead of passing it through from the C# side, which I personally prefer.
Related
I am trying to build this query through VBA instead of building it in Access and running a docmd.openquery. That seemed to me like the easier route, but I wanted to work on my SQL. Obviously that didn't work as intended if I am here lol.
So, I am trying to take the Date values of 14 text boxes on our JobTicket form and insert them into another table, Tbl_Schedule. This table is not a part of the Query that is the record source for the JobTicket form. I am worried that attempting to add this table in will overload the Query, as it is already very full. When I try to quickly navigate to the last field in that Query the text writes on top of itself, and then Access goes not responding while it clears up the text and loads the last couple fields. Adding another 56 fields to that seems like a recipe for disaster. I will post the SQL I have written below.
DoCmd.RunSQL "INSERT INTO Tbl_Schedule (Date_Scheduled1, Date_Scheduled2, Date_Scheduled3, Date_Scheduled4, Date_Scheduled5, Date_Scheduled6, Date_Scheduled7, " & _
"(Date_Scheduled8, Date_Scheduled9, Date_Scheduled10, Date_Scheduled11, Date_Scheduled12, Date_Scheduled13, Date_Scheduled14)" & _
"VALUES (#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled1_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled2_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled3_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled4_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled5_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled6_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled7_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled8_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled9_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled10_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled11_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled12_JobTicket] & "#, " & _
"(#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled13_JobTicket] & "#,#" & [Forms]![Frm_JobTicket]![Txt_DateScheduled14_JobTicket] & "#)"
Table being inserted into: Tbl_Schedule
Fields being inserted into: Date_Scheduled1 -to- Date_Scheduled14
Getting data from text boxes: Txt_DateScheduled1_JobTicket -to- Txt_DateScheduled14_JobTicket on Frm_JobTicket
Any other questions that would assist you in assisting me please feel free to ask! Thanks in advance!
Dynamic SQL has its uses, but this is not one of them.
Using DAO methods makes your code so much simpler and easier to read and debug.
Dim db As DAO.Database
Dim rs As DAO.Recordset
Dim frm As Access.Form
' for readability
Set frm = Forms!Frm_JobTicket
' open table for adding record(s)
Set db = CurrentDb
Set rs = db.OpenRecordset("Tbl_Schedule", dbOpenDynaset, dbAppendOnly)
rs.AddNew
rs!Date_Scheduled1 = frm!Txt_DateScheduled1_JobTicket
rs!Date_Scheduled2 = frm!Txt_DateScheduled2_JobTicket
' etc.
rs.Update
rs.Close
With enumerated field names like these, you can also use a loop:
Dim i As Long
rs.AddNew
For i = 1 To 14
rs("Date_Scheduled" & i) = frm("Txt_DateScheduled" & i & "_JobTicket")
Next i
rs.Update
This is a good opportunity to consider normalizing your data so that part of your problem is removed entirely. Instead of having DateScheduled1_JobTicket, DateScheduled2_JobTicket etc., it might be better to have another table which fills vertically instead of horizontally, perhaps with fields like ID, Item, JobTicketNumber, ScheduledDate.
Then, fill this table with a row for each item/sku/product, and date. You'll have 14 rows for scheduled tickets for each item/sku/product instead of 14 columns, and this will also solve your future problem of adding 56 fields. The benefit is that you can present the job ticket schedule rows by using continuous forms (in a list). Even better, you can put this continuous form with dates as a subform on your item/sku/product main form, which will then show as a neat list of scheduled tickets that will automatically change as you scroll through item/sku/products.
If you don't use continuous forms, you can still use an unbound approach as you're using now. One benefit is that it will be much easier when you need to add future JobTicket numbers, since you can just add more rows instead of adding fields and having to do additional design work.
If you want to view data in the flattened way that you built your table, you can use a Crosstab query to present it as you have in your table, but the underlying data will be much better stored in a normalized format.
Note that you don't need to concatenate a string as you did above; just leave the Forms!Form!Control reference expression directly in the query and you have a nice parameterized query that will execute just fine, so long as there are dates in those controls (text box, drop down etc).
ex.
Insert Into (MyDateField) Values (Forms!MyForm!MyDateControl);
No dynamic SQL needed.
Trying to use a form named 'Customer Entry', that when clicked, enters the data that has been typed in said form into a table that is named 'CustomerRecord'. I keep getting errors and am at my wits end. Here is my code below, this is in VBA.
Public Sub Command19_Click()
CurrentDb.Execute "INSERT INTO CustomerRecord(Customer Name, APM, UAID, Context Code, Purpose Code, Context Description, Purpose Description) " & _
" VALUES (" & Me.txtCustomer Name & ", " & Me.txtAPM & ", " & Me.txtUAID & ", " & Me.txtContextCode & "," & Me.txtPurposeCode & ", " & Me.txtContext Description & ", " & Me.txtPurpose Description & ")"
frmCustomer
Entry.Form.Requery
End Sub
If you want to edit data from two tables on a single form you need to make an updatable query to base your form upon. Set your forms RecordSource property to be the updatable query. Now you can add form elements from the source that allow the user to edit all the fields directly.
See this list of pitfalls to ensure that your query is updatable:
http://allenbrowne.com/ser-61.html
If you absolutely must edit data elsewhere from your form, which you occasionally must do, don't use an SQL query execute statement to do so. Use a recordset object instead. This is both more secure, more reliable, and easier to read the code.
See this guide for an example of how it's done: https://learn.microsoft.com/en-us/office/vba/access/Concepts/Data-Access-Objects/modify-an-existing-record-in-a-dao-recordset
Additional reading: https://learn.microsoft.com/en-us/office/client-developer/access/desktop-database-reference/recordset-edit-method-dao
I am trying to create a login form using Visual Basic and MS Access as my database source but I keep getting error as ')'expected. Please find my code below and help me solve this, because I have spent the entire day trying to find solution to this error.
sql =("SELECT Username,Password from tblLogin")
Where Username= '" & Trim(txtUsername.text) & "'
And Password='" & trim(txtPassword.text) & "')';
NEVER concatenate user inputs into any SQL statement, use proper parameters instead.
This means your SQL should look like this:
sql = "SELECT [UserName], [Password] FROM tblLogin WHERE [UserName]=? AND [Password]=?;"
Note that there is no need to track whether a column wants single quotes or not, which makes things much more robust, not to mention much more secure. Also the unbalanced parentheses issue becomes irrelevant.
The sql string should be used in some ADO Command or DAO (? ...not really familiar with Access) QueryDef object, as the command's CommandText or the querydef's definition.
Then you add Parameters to the ADO command and supply their values in the order they appear in the SQL command string, or set the named querydef parameters' respective Value accordingly.
Exactly how that's done depends on what type of Connection you're working with; this answer shows how you can use DAO QueryDefs in Access to do this, and this answer shows how you can use ADO to do the same with a Command and Parameter objects.
As a security note, I need to mention that storing password in plain text in a database is a very bad idea. Best practice would be to salt+hash the passwords, and only store the resulting hashes in the database; login is successful not when the user input matches the stored password, but when the salted user input produces the same hash value as the one stored for the claimed login: neither the code, the database, nor the developer actually needs to know anyone's passwords. This is important, because humans have this tendency to reuse passwords elsewhere, so if weak security isn't a problem for this particular application, it becomes a problem when a user decides to reuse their Facebook login for it, or to reuse their password for [other app whose security is actually important].
Try with:
sql ="SELECT Username, [Password] from tblLogin " & _
"Where Username = '" & Trim(txtUsername.Text) & "' " & _
"And [Password] = '" & Trim(txtPassword.Text) & "'";
Password is a reserved word.
Try replacing your line with this one instead:
sql = "SELECT Username,Password from tblLogin Where Username= '" &
Trim(txtUsername.text) & "'" & " And Password= '" &
trim(txtPassword.text) & "'"
Using access 2010, windows 7, SQL Server
Can't get the hang of this. Have an SQL query that was generated in the qbe grid then put in VBA. The version that runs has a literal Transaction_Table.Account_Number and looks like:
"WHERE (((dbo_Transaction_Table.Sku)=""Transfer"")
AND ((dbo_Transaction_Table.Description) Like ""%TO%"")
AND ((dbo_Transaction_Table.Account_Number)=""655812""));"
But when I try to replace the literal with the contents of a text box :
"WHERE (((dbo_Transaction_Table.Description) Like ""%Transfer To%"")
AND ((dbo_Transaction_Table.Account_Number)=& Chr$(34) & Me.accntNo & Chr$(34)));"`
I get a syntax err (missing operator) in query expression
(((dbo_Transaction_table.Description) like "%Transfer To%")
And ((dbo_Transaction_Table.Account_Number)= & Chr$(34) & Me.accntNo & Chr$(34))))`
It sounds like you're just missing quotes between the constant string and the injected values
"WHERE (((dbo_Transaction_Table.Description) Like ""%Transfer To%"")
AND ((dbo_Transaction_Table.Account_Number)=" & Chr$(34) & Me.accntNo & Chr$(34) & "));"
Although you might look into using parameters instead. I'm not an expert on doing those from VBA but there should be plenty of examples out there.
Compile error:Argument not optional
I am getting the above error while executing the following query:
DoCmd.RunSQL = "insert into tblContract (Empid,testid,Start1,Finish1,Store1,Start2,Finish2,Store2 )values ('" & Me.txtEmpNo.Value & "','" & Me.txtAutoNumber.Value & "','" & Me.txtContSunStart1.Value & "', '" & Me.txtContSunFinish1.Value & "','" & Me.txtContSunStore1.Value & "','" & Me.txtContSunStart2.Value & "', '" & Me.txtContSunFinish2.Value & "','" & Me.txtContSunStore2.Value & "')"
Please help
DoCmd.RunSQL is a method not a property. You don't do "DoCmd.RunSQL = SomeSQL" You do "DoCmd.RunSQL someSQL" (no equals sign).
DoCmd.RunSQL has very poor error handling and comes back with uninformative error messages. You will find it much easier to debug or trap errors using CurrentDB.Execute
Have you really got DoCmd.RunSQL = someString ? With that = in there? It won't like that...
Assuming your syntax is correct, you most likely have a field that requires a value but you've omitted from your target field list. That is a field in the table designer has the "Required" set to Yes in the General tab.
If you don't think that this is it, I'd probably need a little more info on the schema or perhaps the query.
This may not be the issue. But you may want to make sure your input does not contain a single quote. For example, if Me.txtContSunStore1 equals something like "Bob's Store", that line will complain. Though it would probably give you a different error.
I usually wrap all SQL Values with a function that cleans up the data based on the data type.
Try add space before values.
As Oorang said remove the = sign
EDIT: Also please check if everyfields are text type. I would guess Empid and testid fields are numeric...