Help with an SQL statement...
-
I just need to know how to pass my Date over with the # sign on each side of it. If I run this in the Qurey Builder it works as long as I put # on each side of my date. So it needs to look something like this.... SQL = "DELETE FROM Pat20VisitDate WHERE (VisitMRNo = '" & MR & "') AND (VisitDate = "& #SelectedVisitDate# &")" but I have the syntax wrong or something. Is this some type of formatting issue? Does anyone have any suggestions? Thanks in advance!
-
I just need to know how to pass my Date over with the # sign on each side of it. If I run this in the Qurey Builder it works as long as I put # on each side of my date. So it needs to look something like this.... SQL = "DELETE FROM Pat20VisitDate WHERE (VisitMRNo = '" & MR & "') AND (VisitDate = "& #SelectedVisitDate# &")" but I have the syntax wrong or something. Is this some type of formatting issue? Does anyone have any suggestions? Thanks in advance!
I believe you want this. SQL = "DELETE FROM Pat20VisitDate WHERE (VisitMRNo = '" & MR & "') AND (VisitDate = #"& SelectedVisitDate &"#)"
topcoderjax - Remember, Google is your friend.
-
I just need to know how to pass my Date over with the # sign on each side of it. If I run this in the Qurey Builder it works as long as I put # on each side of my date. So it needs to look something like this.... SQL = "DELETE FROM Pat20VisitDate WHERE (VisitMRNo = '" & MR & "') AND (VisitDate = "& #SelectedVisitDate# &")" but I have the syntax wrong or something. Is this some type of formatting issue? Does anyone have any suggestions? Thanks in advance!
Oh and sorry that I never got around to checking back on your post from yesterday. It's been a busy day.
topcoderjax - Remember, Google is your friend.
-
Oh and sorry that I never got around to checking back on your post from yesterday. It's been a busy day.
topcoderjax - Remember, Google is your friend.
-
Yes you are right about that SQL statement. I just had the # in the wrong place. I went back to my code and just tried everything until I got it. Don't worry about not getting back to me. I got it figured out. Thanks for your help!!
CCG3 wrote:
Yes you are right about that SQL statement
But with that SQL Statement you are opening a big wide gaping security hole in your application. Read SQL Injection Attacks and Tips on How to Prevent Them[^]
Upcoming events: * Glasgow: SQL Server 2005 - XML and XML Query Plans, Mock Objects, SQL Server Reporting Services... Never write for other people. Write for yourself, because you have a passion for it. -- Marc Clifton My website
-
Yes you are right about that SQL statement. I just had the # in the wrong place. I went back to my code and just tried everything until I got it. Don't worry about not getting back to me. I got it figured out. Thanks for your help!!
If you used parameterized queries, you wouldn't have to worrdy about things like making sure the date is in the correct format, or if the # characters are in the correct place, or escaping other data in your parameters, ...
A guide to posting questions on CodeProject[^]
Dave Kreskowiak Microsoft MVP Visual Developer - Visual Basic
2006, 2007