ms-access + vb6: parameterized queries without stored queries

StackOverflow https://stackoverflow.com/questions/14647251

Question

I was wondering if in ms-access through vb6 (ADODB) i can have the security benefits of parameterized queries

    Set Prm = CmdEnn.CreateParameter("pText1", adBSTR, adParamInput)
    Prm.Value = pText1
    Cmd.Parameters.Append Prm

without using stored procedures. So having something like:

    Cmd.CommandText = "select * from ..."
    Cmd.CommandType = adCmdText

instead of

    Cmd.CommandText = "stored_query_name"
    Cmd.CommandType = adCmdStoredProc
Was it helpful?

Solution

@KekuSemau,

Cmd.CommandText = "select * from tablename where column like @pText1"
Cmd.CommandType = adCmdText
Set Prm = CmdEnn.CreateParameter("pText1", adBSTR, adParamInput)
Prm.Value = random_variable
Cmd.Parameters.Append Prm

it worked like this, but in the end of the day, i didn't use it for other reasons. i don't recall if i had to use single quotes around it or not.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top