Parameterised Queries in VB6
-
I'm trying to execute an SQL statement with parameters through a Command object. I've done it a thousand times through ADO.NETs SqlCommand object, but now i'm using ADOs Command object from vb6. Is it possible, cos its not working.
lEntry\_ID = 5 Dim cmd As Command Set cmd = New Command Set cmd.ActiveConnection = gConn cmd.CommandType = adCmdText cmd.Parameters.Append cmd.CreateParameter("@Entry\_ID", adInteger, adParamInput, , lEntry\_ID) cmd.CommandText = "SELECT \* FROM Entry WHERE ID = @Entry\_ID" If cmd.Execute.EOF then 'blah End IfI get the error "Must supply a value for variable: @Entry_ID". Any help would be appreciated. -- Dave
-
I'm trying to execute an SQL statement with parameters through a Command object. I've done it a thousand times through ADO.NETs SqlCommand object, but now i'm using ADOs Command object from vb6. Is it possible, cos its not working.
lEntry\_ID = 5 Dim cmd As Command Set cmd = New Command Set cmd.ActiveConnection = gConn cmd.CommandType = adCmdText cmd.Parameters.Append cmd.CreateParameter("@Entry\_ID", adInteger, adParamInput, , lEntry\_ID) cmd.CommandText = "SELECT \* FROM Entry WHERE ID = @Entry\_ID" If cmd.Execute.EOF then 'blah End IfI get the error "Must supply a value for variable: @Entry_ID". Any help would be appreciated. -- Dave
With VB6/ADO you do not use named parameters in the CommandText... you use positional parameters:
cmd.Parameters.Append cmd.CreateParameter("Entry_ID", adInteger, adParamInput, , lEntry_ID) cmd.CommandText = "SELECT * FROM Entry WHERE ID = ?"More or less the same was as with the ADO.NET ODBC provider. Regards, Rob -- RMTrack a new bug tracking tool. Available now from http://www.rmtrack.com -
With VB6/ADO you do not use named parameters in the CommandText... you use positional parameters:
cmd.Parameters.Append cmd.CreateParameter("Entry_ID", adInteger, adParamInput, , lEntry_ID) cmd.CommandText = "SELECT * FROM Entry WHERE ID = ?"More or less the same was as with the ADO.NET ODBC provider. Regards, Rob -- RMTrack a new bug tracking tool. Available now from http://www.rmtrack.comrmacfadyen wrote: With VB6/ADO you do not use named parameters in the CommandText... you use positional parameters Thats what I was afraid of. The parameters could appear in any order in the SQL (or might not be there at all). Oh well, i'll just have to do it myself with Replace Thanks :) -- Dave
-
rmacfadyen wrote: With VB6/ADO you do not use named parameters in the CommandText... you use positional parameters Thats what I was afraid of. The parameters could appear in any order in the SQL (or might not be there at all). Oh well, i'll just have to do it myself with Replace Thanks :) -- Dave
Umm... doing it with replace is may be a bad idea unless you're careful about escaping and formatting your parameters correctly (sql injection attacks can't happen if you use parameterized queries). Are you sure the parameters could appear in any order? Regards, Rob -- RMTrack a new bug tracking tool. Available now from http://www.rmtrack.com