How can I change the following code to write to the database null instead of empty strings?
Public Sub SetChangeRequest(ByVal referenceLeaseID As Integer, _
ByVal referenceCustomerID As Integer, _
Optional ByVal custUnitNum As Object = Nothing, _
Optional ByVal driverFirstName As Object = Nothing, _
Optional ByVal driverLastName As Object = Nothing, _
Optional ByVal driverEmail As Object = Nothing, _
Optional ByVal plateNumber As Object = Nothing, _
Optional ByVal plateProvince As Object = Nothing, _
Optional ByVal usageProvince As Object = Nothing, _
Optional ByVal invoiceGroups As Object = Nothing)
mcmd = New SqlCommand
mcmd.CommandType = CommandType.Text
mcmd.Connection = mcn
mcmd.CommandText = "IF EXISTS (SELECT * FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & ")" & vbNewLine & _
"DELETE FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & vbNewLine & _
"INSERT INTO ChangeRequest (ReferenceLeaseID, ReferenceCustomerID, CustomerUnitNum, DriverFirstName, DriverLastName, DriverEmail, PlateNumber, PlateProvince, UsageProvince, InvGroupID)" & vbNewLine & _
"VALUES ('" & referenceLeaseID & "', '" & referenceCustomerID & "', '" & custUnitNum & "', '" & driverFirstName & "', '" & driverLastName & "', '" & driverEmail & "', '" & plateNumber & "', '" & plateProvince & "', '" & usageProvince & "', '" & invoiceGroups & "')"
mcn.Open()
mcmd.ExecuteScalar()
mcn.Close()
End Sub
Cheers,
Mike
They way you're constructing your query is inefficient, hard to read, error prone, and worst of all open to SQL injection attacks. You should use SQL parameters:
mcmd.CommandText = "IF EXISTS (SELECT * FROM ChangeRequest WHERE ReferenceLeaseID = #referenceLeaseID") " _
"DELETE FROM ChangeRequest WHERE ReferenceLeaseID = #referenceLeaseID " & _
"INSERT INTO ChangeRequest (ReferenceLeaseID, ReferenceCustomerID, CustomerUnitNum, DriverFirstName, DriverLastName, DriverEmail, PlateNumber, PlateProvince, UsageProvince, InvGroupID) " & _
"VALUES (#referenceLeaseID, #referenceCustomerID, #custUnitNum, #driverFirstName, #driverLastName, #driverEmail, #plateNumber, #plateProvince, #usageProvince, #invoiceGroups)"
You can specify values for parameters like:
mcmd.Parameters.Add("#parameterName", If(ParameterValue Is Nothing, DBNull.Value, ParameterValue))
Biggest thing I'd suggest is you use a parameterised sql statement as you're opening up yourself to sql injection.
e.g.
command.CommandText = "INSERT SomeTable (SomeField) VALUES (#SomeField)";
And then add the named parameters to the command using command.Parameters.Add
For values you want to store as NULL, set the parameter value to DBNull.Value.
You can use DBNull.Value.
http://msdn.microsoft.com/en-us/library/system.dbnull.value.aspx
Use a parameterized query instead of putting the values in SQL. Besides fixing the nulls issue, it will also protect against SQL injection.
Public Sub SetChangeRequest(ByVal referenceLeaseID As Integer, _
ByVal referenceCustomerID As Integer, _
Optional ByVal custUnitNum As Object = Nothing, _
Optional ByVal driverFirstName As Object = Nothing, _
Optional ByVal driverLastName As Object = Nothing, _
Optional ByVal driverEmail As Object = Nothing, _
Optional ByVal plateNumber As Object = Nothing, _
Optional ByVal plateProvince As Object = Nothing, _
Optional ByVal usageProvince As Object = Nothing, _
Optional ByVal invoiceGroups As Object = Nothing)
mcmd = New SqlCommand
mcmd.CommandType = CommandType.Text
mcmd.Connection = mcn
mcmd.CommandText = "IF EXISTS (SELECT * FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & ")" & vbNewLine & _
"DELETE FROM ChangeRequest WHERE ReferenceLeaseID = " & referenceLeaseID & vbNewLine & _
"INSERT INTO ChangeRequest (ReferenceLeaseID, ReferenceCustomerID, CustomerUnitNum, DriverFirstName, DriverLastName, DriverEmail, PlateNumber, PlateProvince, UsageProvince, InvGroupID)" & vbNewLine & _
"VALUES (#ReferenceLeaseID, #ReferenceCustomerID, #CustomerUnitNum, #DriverFirstName, #DriverLastName, #DriverEmail, #PlateNumber, #PlateProvince, #UsageProvince, #InvGroupID)"
mcmd.Parameters.AddWithValue("ReferenceLeaseID", referenceLeaseID)
mcmd.Parameters.AddWithValue("ReferenceCustomerID", referenceCustomerID )
mcmd.Parameters.AddWithValue("CustomerUnitNum", custUnitNum)
mcmd.Parameters.AddWithValue("DriverFirstName", driverFirstName)
mcmd.Parameters.AddWithValue("DriverLastName", driverLastName)
mcmd.Parameters.AddWithValue("DriverEmail", driverEmail)
mcmd.Parameters.AddWithValue("PlateNumber", plateNumber)
mcmd.Parameters.AddWithValue("PlateProvince", plateProvince)
mcmd.Parameters.AddWithValue("UsageProvince", usageProvince)
mcmd.Parameters.AddWithValue("InvGroupID", invoiceGroups)
mcn.Open()
mcmd.ExecuteScalar()
mcn.Close()
End Sub
If you really, really wanted to, you make the query you're constructing work by doing something like the following:
"VALUES (" & IIf(referenceLeaseID Is Nothing, "NULL", "'" & referenceLeaseID & "'"))
...but please, please don't do that. The code is ugly, hard to maintain, and allows for all kinds of unpleasantness like SQL injection.
Instead, use a parameterized query -- the entire process is pretty well explained in this MSDN article.
After the first pass, your code will then look something like this:
Dim cmd = New SqlCommand(".... VALUES (#p0)")
cmd.Parameters.Add(New SqlParameter("#p0", referenceLeaseID))
...which is still not pretty: the long multi-line SQL queries will continue to clutter your code.
To fix that issue as well, move your query into a stored procedure. This has the huge advantage of being able to compose your SQL in an editor that is intended for this purpose, instead of kludging it up in code. If you use a recent version of SQL Server Studio, or of course the indispensable SQL Prompt utility, you'll even have some nice Intellisense support.
The stored procedure will be pretty much identical to your current query, with some additional parameter declarations:
CREATE PROCEDURE UpdateDriverRecord
#referenceLeaseID NVARCHAR(42)
BEGIN
...VALUES(referenceLeaseID = #referenceLeaseID)
END
Your final code will the look something like:
Dim cmd = New SqlCommand("UpdateDriverRecord")
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.Add("#referenceLeaseID", SqlDbType.NVarChar, 42)
This may seem like a lot of changes to work around a simple issue, but your code will be much more secure, readable and maintainable.
Related
I need to get data from a recordset. The SQL query works fine in MS Access and returns exactly the expected values, but when the same query is lunched in VBA Excel, I get the following error:
No value given for one or more required parameters
Do you have any ideas why this problem occurs?
Thank you.
Philippe-Olivier Roussel
Private Sub CBtype_AfterUpdate()
Dim strConnexion As String
Dim connexion As New ADODB.Connection
strConnexion = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source= " & Database & ""
connexion.Open strConnexion
Dim rsMarque As New ADODB.Recordset
Dim seltype As String
seltype = CBtype.Value
rsMarque.Open "SELECT DISTINCT tblMarque.marque_nom FROM tblMarque, tblModele WHERE " & _
" tblMarque.marque_id = tblModele.marque_id AND tblModele.marque_id IN " & _
" (SELECT DISTINCT tblModele.marque_id FROM tblModele, tblType " & _
" WHERE tblModele.type_id = tblType.type_id AND tblModele.type_id = " & _
" (SELECT tblType.type_id FROM tblType WHERE " & _
" (tblType.type_nom = " & seltype & ")))", connexion, adOpenStatic
rsMarque.MoveFirst
With UserForm2.CBmarque
.Clear
Do
.AddItem rsMarque!marque_nom
rsMarque.MoveNext
Loop Until rsMarque.EOF
End With
End Sub
This error message looks like an output from the DBMS rather than Excel
I think you might be missing the apostrophe before and after your string variable. See if
" (tblType.type_nom = '" & seltype & "')))" works (I'm assuming the column you're querying is varchar type, since you declared seltype as string)
I'm working in a small SQL Database program. The programs just there to view, edit and update the database records. Everything is working remarkably well considering I've never tried something like this before. I've managed to get the Add Records, Refresh Records and Delete Records functions working flawlessly. However, I've hit a little bump when trying to UPDATE a selected record.
To clarify, the SQL Table is displayed in a list view, from this list view the end-user can select a particular-record and either edit or delete it.
The edit button opens a new form window with text fields which are automatically filled with the current information of that record.
The code for the edit record form is:
Private Sub frmEdit_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
intDB_ID_Selected = CInt(frmMain.lvRec.SelectedItems(0).Text)
Call dispCaption()
Call dispInfo() 'Display the info of the selected ID
End Sub
Private Sub dispInfo()
SQL = "Select * from PersonsA " & _
"where Members_ID=" & intDB_ID_Selected & ""
With comDB
.CommandText = SQL
rdDB = .ExecuteReader
End With
If rdDB.HasRows = True Then
rdDB.Read()
Me.midtxt.Text = rdDB!Members_ID.ToString.Trim
Me.gttxt.Text = rdDB!Gamer_Tag.ToString.Trim
Me.sntxt.Text = rdDB!Screenname.ToString.Trim
Me.fntxt.Text = rdDB!First_Name.ToString.Trim
Me.lntxt.Text = rdDB!Last_Name.ToString.Trim
Me.dobtxt.Text = rdDB!DoB.ToString.Trim
Me.dobtxt.Text = rdDB!DoB.ToString.Trim
Me.emailtxt.Text = rdDB!E_Mail_Address.ToString.Trim
Me.teamptxt.Text = rdDB!Position.ToString.Trim
Me.ugctxt.Text = rdDB!Cautions.ToString.Trim
Me.recordtxt.Text = rdDB!Record.ToString.Trim
Me.eventatxt.Text = rdDB!Event_Attendance.ToString.Trim
Me.Mstattxt.Text = rdDB!Member_Status.ToString.Trim
End If
rdDB.Close()
End Sub
Private Sub dispCaption()
End Sub
Private Sub cmdUpdate_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdUpdate.Click
Call disControl()
'Validation
If invalidUpdateEntry() = True Then
Call enaControl()
Exit Sub
End If
'Prompt the user if the record will be updated
If MsgBox("Are you sure you want to update the selected record?", CType(MsgBoxStyle.YesNo + MsgBoxStyle.DefaultButton2 + MsgBoxStyle.Question, MsgBoxStyle), "Update") = MsgBoxResult.Yes Then
'Update query
SQL = "Update PersonsA" & _
"SET Members_ID='" & Me.midtxt.Text.Trim & "'," & _
"Gamer_Tag='" & Me.gttxt.Text.Trim & "'," & _
"Screenname='" & Me.sntxt.Text.Trim & "'," & _
"First_Name='" & Me.fntxt.Text.Trim & "'," & _
"Last_Name='" & Me.lntxt.Text.Trim & "'," & _
"DoB='" & Me.dobtxt.Text.Trim & "'," & _
"E_Mail_Address='" & Me.emailtxt.Text.Trim & "'," & _
"Position='" & Me.teamptxt.Text.Trim & "'," & _
"U_G_Studio='" & Me.ugptxt.Text.Trim & "'," & _
"Cautions='" & Me.ugctxt.Text.Trim & "'," & _
"Record='" & Me.recordtxt.Text.Trim & "'," & _
"Event_Attendance='" & Me.eventatxt.Text.Trim & "'," & _
"Member_Status='" & Me.Mstattxt.Text.Trim & "'" & _
"WHERE Members_ID='" & intDB_ID_Selected & "'"
Call execComDB(SQL) 'Execute the query
Me.Close()
'*** Refresh the list
SQL = "Select * from PersonsA "
Call frmMain.dispRec(SQL)
'--- End of refreshing the list
Exit Sub
Else
Call enaControl()
End If
End Sub
As I've said, I've been able to do everything else using an extremely similar method, but when I try to UPDATE the record I get an error saying
An unhandled exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll
Additional information: Incorrect syntax near 'Members_ID'.
I know it's this line that's the problem
"WHERE Members_ID='" & intDB_ID_Selected & "'"
Call execComDB(SQL) 'Execute the query
But referencing 'intDB_ID_Selected' has always worked before, and it's been set-up on the update form records load as intDB_ID_Selected = CInt(frmMain.lvRec.SelectedItems(0).Text)
I know this is a huge thread but if anyone could steer me in the right direction WITHOUT telling me to re-write the entire statement I'd be forever grateful.
EDIT1: I fixed the comma before the WHERE clause, but I'm still getting the same error.
Missing a space between
"Update PersonsA " & _
"SET Members_ID= ....
and (as already pointed out) a comma not needed before the WHERE
Said that, do a favor to yourself and to your users. Do not use string concatenation to build a sql command. Use always a parameterized query.
Just as an example
SQL = "Update PersonsA SET Members_ID=#id, Gamer_Tag=#tag, Screenname=#screen," & _
"First_Name=#fname,Last_Name=#lname,DoB=#dob,E_Mail_Address=#email," & _
"Position=#pos,U_G_Studio=#studio,Cautions=#caution,Record=#rec," & _
"Event_Attendance=#event, Member_Status=#stat " & _
"WHERE Members_ID=#id"
SqlCommand cmd = new SqlCommand(SQL, connection)
cmd.Parameters.AddWithValue("#id", Me.midtxt.Text.Trim)
..... so on for the other parameters defined above ....
cmd.ExecuteNonQuery();
Change "Member_Status='" & Me.Mstattxt.Text.Trim & "'," & _
to "Member_Status='" & Me.Mstattxt.Text.Trim & "'" & _
Looks like it was just an extra rogue comma!
On any error like this, use debugging provided with Visual Studio. Inspect the value of SQL, paste into MS SQL Management Studio - it has syntax highlight, and you should be able to spot the error easily.
To prevent further issues (including SQL injection vulnerability), separate this query into an embedded resource, and use parameters. Then it's easy to view, maintain (you can copy/paste between SQL Mgmt Studio and VS), and ultimately use it in code.
A side note, you don't need to use Call in VB.NET, just put a method name with parenthesis.
While debugging my code I found an inner exception which reads as:
In order to evaluate an indexed property, the property must be qualified and the arguments must be explicitly supplied by the user.
In sql the script runs smoothly returning all the rows, but in vb it's not returning or finding any rows. I have checked that the primary key is in the table and defined. How can I fix this? I had a proir query which returned rows, but as soon as I added this new query the inner exception came.... I didn't change anything except the querystring.
This is what I've done:
Public Sub BindDeliveredItems()
Proir if statemets....
Else
queryString = "select distinct LS.[Route], LS.[SubRoute], LS.[Truck], Convert(VARCHAR(10), LS.[Date], 121) AS Date, LS.[DriverAssistantContract]" & _
",((del.CT*100 )/ todel.TCT) as Score" & _
"from [Warehouse].[dbo].[LoadSheet] LS" & _
"left join (select [Truck],[Date],[Status], count([Status]) CT from [Warehouse].[dbo].[LoadSheet]" & _
"WHERE status='Delivered'" & _
"group by [Truck],[Date],[Status]) Del" & _
"on LS.truck=Del.truck and LS.[Date]=del.[Date]" & _
"left join (select [Truck],[Date], count([Truck]) TCT from [Warehouse].[dbo].[LoadSheet]" & _
"group by [Truck],[Date]) todel" & _
"on LS.truck=toDel.truck and LS.[Date]=todel.[Date]" & _
"WHERE ls.[Date] = '2013-07-03'" & _
"AND ls.[Truck] = 'BX 39 LK GP'"
End If
Dim ds As DataSet = GetData(queryString)
If (ds.Tables.Count > 0) Then
gvDeliveredItems.DataSource = ds
gvDeliveredItems.PageSize = (10)
gvDeliveredItems.AllowPaging = True
gvDeliveredItems.DataBind()
End If
End Sub
Function GetData(ByVal queryString As String) As DataSet
Dim ds As New DataSet()
Try
Dim adapter As New SqlDataAdapter(queryString, SQLCon)
adapter.Fill(ds)
Catch ex As Exception
MessageBox(ex.Message)
End Try
Return ds
End Function
EDIT:
The first time the I can see the exception is on this line
Dim ds As DataSet = GetData(queryString)
And on this line the exception shows as well:
If (ds.Tables.Count > 0) Then
My previous sql string work perfect without changing anything. The only thing I changed was the querystring when it started to give me this exception
I'd suggest adding more whitespace into your query, e.g.:
queryString = "select distinct LS.[Route], LS.[SubRoute], LS.[Truck], Convert(VARCHAR(10), LS.[Date], 121) AS Date, LS.[DriverAssistantContract]" & vbCrLf & _
",((del.CT*100 )/ todel.TCT) as Score" & vbCrLf & _
"from [Warehouse].[dbo].[LoadSheet] LS" & vbCrLf & _
vbCrLf is a VB-ism. If you prefer, you could use Environment.NewLine
At the moment, there are no new lines or spaces inside the string from this string concatenation, so for example, those second and third lines join together as:
,((del.CT*100 )/ todel.TCT) as Scorefrom [Warehouse].[dbo].[LoadSheet] LS
Which isn't what you wanted, presumably.
i am facing very strange problem , I am using the following piece of code but ds is not filled some times there is data in the ds but not always, I have change the connection pool and also restart the iis but no luck at all , I am not able to find where the problem is please help me out.
I am running the same query in the TOAD and its giving result , I have also commit the transaction for if any thing in inconsistent.
Dim command As New OracleCommand
Dim ds As New DataSet
Try
Using connection As New OracleConnection
(ConfigurationManager.ConnectionStrings("CA").ConnectionString.ToString())
connection.Open()
command.Connection = connection
command.CommandText = "SELECT w.portfolio, w.appl_group,
tm.trng_title, p.tt_program_title," & _
" p.created_date,
p.tt_target_completion_date, p.tt_prog_status," & _
" w.emp_id, w.first_name || ' ' ||
w.last_name, ('Y') training_done_flag," & _
" t.actual_completion_date,
p.created_by, w.people_manager, " & _
" w.project_manager, w.flag" &
_
" FROM tt_training_done_records t," & _
" wsr_employee w, " & _
" tt_training_master tm, " & _
" tt_newprogram p" & _
" WHERE(w.emp_id = t.employee_id)" & _
" AND t.training_info_id = tm.trng_id"
& _
" AND p.tt_program_id(+) =
t.program_id" & _
" AND tm.trng_id IN ( 'TT_009' ) " & _
" AND t.actual_completion_date BETWEEN
TO_DATE('11-Mar-2009') AND TO_DATE('11-Mar-2013') " & _
" "
Dim adpt As New OracleDataAdapter(command)
adpt.AcceptChangesDuringFill = False
adpt.Fill(ds)
connection.Close()
End Using
Don't rely on the default behavior of casting a string into a date. Either use a date literal or provide the format string argument. This introduces a dependency on NLS environment settings your .NET code should not depend upon.
Instead of TO_DATE('11-Mar-2013')
Try date '2013-03-11' or TO_DATE('11-Mar-2013'), 'DD-Mon-YYYY')
I have an Access application where everytime a user enters the application, it makes a temp table for that user called 'their windows login name'_Temp. In one of my reports I need to query using that table, and I can't just make a query and set it as the recourdsource of the report, since the name of the table is always different.
What I tried then was to programatically set the recordset of the report by running the query and setting the form's recordset as the query's recordset. When I tried this, it kept giving me an error about the query.
I tried to debug, and I found that the string variable isn't able to contain the whole query at once. When I ran it with break points and added a watch for the string variable, it shows me that it cuts off the query somewhere in the middle.
I've experienced this problem before, but that was with an UPDATE query. Then, I just split it into two queries and ran both of them separately. This one is a SELECT query, and there's no way I can split it. Please help!
Thank you
Heres what I've tried doing:
ReturnUserName is a function in a module that returns just the login id of the user
Private Sub Report_Open(Cancel As Integer)
Dim strQuery As String
Dim user As String
user = ReturnUserName
strQuery = "SELECT " & user & "_Temp.EmpNumber, [FName] & ' ' & [LName] AS [Employee Name], " & _
"CourseName, DateCompleted, tblEmp_SuperAdmin.[Cost Centre] " & _
"FROM (tblCourse INNER JOIN (" & user & "_Temp INNER JOIN tblEmpCourses ON " & _
user & "_Temp.EmpNumber = EmpNo) ON tblCourse.CourseID = tblEmpCourses.CourseID) " & _
"INNER JOIN tblEmp_SuperAdmin ON " & user & "_Temp.EmpNumber = tblEmp_SuperAdmin.EmpNumber" & _
"WHERE (((" & user & "_Temp.EmpNumber) = [Forms]![Reports]![txtEmpID].[Text])) " & _
"ORDER BY CourseName;"
Dim rs As ADODB.Recordset
Set rs = New ADODB.Recordset
Dim rsCmd As ADODB.Command
Set rsCmd = New ADODB.Command
rsCmd.ActiveConnection = CurrentProject.Connection
rsCmd.CommandText = strQuery
rs.Open rsCmd
Me.Recordset = rs
rs.Close
End Sub
This what strQuery contains when I add a breakpoint on rsCmd.CommandText = strQuery:
SELECT myusername_Temp.EmpNumber, [FName]
& ' ' & [LName] AS [Employee Name],
CourseName, DateCompleted,
tblEmp_SuperAdmin.[Cost Centre] FROM
(tblCourse INNER JOIN (myusername_Temp
INNER JOIN tblEmpCourses ON
myusername_Temp.EmpNumber = EmpNo) ON
tblCourse.CourseID=
(It's all one line, but I've written it like this because the underscores italicize the text)
And the error I get says Run Time Error: Join not Supported.
Not quite what I was hoping for, but guessing, for:
strQuery = "long query goes here"
Try:
strQuery = "some long query goes here "
strQuery = strQuery & "more query goes here "
BASED ON NEW INFORMATION:
strQuery = "SELECT " & user & "_Temp.EmpNumber, [FName] & ' ' & [LName] AS [Employee Name], " & _
"CourseName, DateCompleted, tblEmp_SuperAdmin.[Cost Centre] " & _
"FROM (tblCourse " & _
"INNER JOIN tblEmpCourses ON tblCourse.CourseID = tblEmpCourses.CourseID) " & _
"INNER JOIN (Temp INNER JOIN tblEmp_SuperAdmin " & _
"ON Temp.EmpNumber = tblEmp_SuperAdmin.EmpNumber) " & _
"ON Temp.EmpNumber = tblEmpCourses.EmpNo " & _
"WHERE " & user & "_Temp.EmpNumber = " & [Forms]![Reports]![txtEmpID] & _
" ORDER BY CourseName;"
Note that in VBA:
& [Forms]![Reports]![txtEmpID].[Text] &
That is, the reference to the form must go outside the quotes so you get the value.
NEW INFORMATION #2
Your best bet would be to add these tables to the Access query design window and create the joins that you want, then switch to SQL view and use the string generated for you. I do not believe that the string is too long, only that the SQL is incorrect. The SQL I posted above should work, but it may not be what you want.
You can programmatically create a querydef that fits the user. So, when your report is called, you
Delete LoginName_Query_Temp (CurrentDb.QueryDefs.Delete), if it already exists.
Create the querydef (CurrentDB.CreateQueryDef), using LoginName_Temp as the table name.
Set the RecordSource of your Report to LoginName_Query_Temp.
Open the report.
I don't see what purpose the table myusername_Temp serves here. Is that where the name fields are? If so, avoid the join entirely:
Dim lngEmpNumber As Long
Dim strName As String
Dim strSQL As String
lngEmpNumber = Forms!Reports!txtEmpID
strName = DLookup("[FName] & ' ' & [LName]", "myusername_Temp", "EmpNumber=" & lngEmpNumber
strSQL = "SELECT " & Chr(34) & strName & Chr(34) & " AS [Employee Name], " & _
"CourseName, DateCompleted, tblEmp_SuperAdmin.[Cost Centre] " & _
"FROM tblCourse " & _
"INNER JOIN tblEmpCourses " & _
"ON tblCourse.CourseID = tblEmpCourses.CourseID) " & _
"INNER JOIN tblEmp_SuperAdmin " & _
"ON tblEmp_SuperAdmin.EmpNumber = tblEmpCourses.EmpNo " & _
"WHERE tblEmp_SuperAdmin.EmpNumber = " & lngEmpNumber & _
" ORDER BY CourseName;"
Now, the parentheses may need to be changed in the join (I always do my equi-joins in the Access QBE and let it take care of the getting the order and parens correct!), and my assumptions about the purpose of the temp table may be wrong, but I don't see it being used for anything other than as an intermediate link between tables, so I guessed it must be there to provide the name fields.
If that's wrong, then I'm at a loss as to why the temp table needs to be there.
Also, in your second post you referred to the control on the form as:
Forms!Reports!txtEmpID.Text
...the .Text property of Access controls is accessible only when the control has the focus. You could use the .Value property, but since that's the default property of Access controls, you should just stop after the name of the control:
Forms!Reports!txtEmpID
...you'll see this is how I did it in my suggested code.
I find the idea of your name-based temp table to be highly problematic to begin with. Temp tables don't belong in a front end, and it's not clear to me that it is actually a temp table. If it's temp data, put it in a shared table and key the record(s) to the username. Then you don't have to worry about constructing the table name on the fly.