What is the correct syntax...

[Aaron E via AccessMonster.com]

For a parameterized INSERT Query, aka

With cmdCommand.Parameters
.Append (cmdCommand.CreateParameter("@ClientName", adChar, adParamOutput,
50, Me.ClientName.Value))
.Append (cmdCommand.CreateParameter("@Website", adChar, adParamOutput,
50, Me.website.Value))
End With

cmdCommand.CommandText = "INSERT INTO tblClients (ClientName, Website) VALUES
(@ClientName, @Website)"
cmdCommand.ActiveConnection = cnxn
cmdCommand.Execute

This doesn't work. Thanks.

Aaron

 

[Ron Weiner]

Aaron

I think you may be working to hard. Wouldn't it just be easier to use the
execute method of currentdb and build a sql insert into statement on the
fly. Might look like this:

currentdb.execute "insert into tblclients (clientname, website) " _
& "values ('" & me.clientname.value _
& "', '" & me.website.value & "')"

I am petty sure the above will work, it doesn't need to create and destroy
any objects, and it is self documenting.

Ron W

 

[Aaron E via AccessMonster.com]

Hi Ron,

Thanks for the advice. Your code looks good. The only thing is I would
still have to deal with is the apostrophe problem, which I know is relatively
simple with a replace function.

The reason I wanted to use a parameterized query is that my background is in
ASP.NET, in which we are encouraged to always use parameters for queries to
(1) automatically deal with any apostrophes in the input, and (2) protect
against SQL Injection attacks.

Thanks.

Aaron

Aaron

I think you may be working to hard. Wouldn't it just be easier to use the
execute method of currentdb and build a sql insert into statement on the
fly. Might look like this:

currentdb.execute "insert into tblclients (clientname, website) " _
& "values ('" & me.clientname.value _
& "', '" & me.website.value & "')"

I am petty sure the above will work, it doesn't need to create and destroy
any objects, and it is self documenting.

Ron W

For a parameterized INSERT Query, aka

[quoted text clipped - 13 lines]

Aaron