Question Parametized Queries
Reference this thread from yesterday.
I'm trying to write my first parametized INSERT query. I have an ADODB.Command oject defined as cn. However, I'm getting no intellisense listings for ComandText or Parameters, etc. A snippet of the code from the referenced thread is
VB Code:
sSQL = "INSERT INTO movieInfo (title, actor, producer, comment) VALUES (?,?,?,?)
objCommand.CommandText = sSQL
objCommand.CommandType = adCommandText
objCommand.Parameters.Add objCommand.CreateParameter("title",advarchar,50, txtTitle.Text)
objCommand.Parameters.Add objCommand.CreateParameter("actor",advarchar,50, txtactor.Text)
objCommand.Parameters.Add objCommand.CreateParameter("producer",advarchar,50, txtproducer.Text)
objCommand.Parameters.Add objCommand.CreateParameter("comment",advarchar,50, txtComment.Text)
objCommand.Execute
Although I can't find where objCommand is declared in that thread, I assumed it was as ADODB.Connection. If not, then what is it? What do I need for the .Parameters.Add and .CommandType, etc?
Re: Question Parametized Queries
You've got it backwards - objCommand should be an ADODB.Command, and cn should be a connection (tho you dont seem to be using it).
Re: Question Parametized Queries
Quote:
Originally Posted by si_the_geek
You've got it backwards - objCommand should be an ADODB.Command, and cn should be a connection (tho you dont seem to be using it).
:confused: Now, I'm only semi confused.
So, I need a variable, call is adoCmd declared as ADODB.Command, and that is going to give me all of the things I need to build the query (I just tested it, and that works fine - thanks si_the_geek :) )
However, were I to not use a parametized (how do you spell that word anyway? :confused: ) query, I would write a standard INSERT INTO table (blah, blah) VALUES (text1.text, text2.text) and I would execute this using the execute method of the connection object: cn.Execute ssql
I can execute an INSERT query with a command object???? :confused: :eek:
Re: Question Parametized Queries
Sean - Yes you can....
In your referenced thread, objCommand is an ADODB.Command object (hence the Command part of objCommand). The other assumption in that thread is that you also set the objCommand.ActiveConnection to a valid, open connection before performing the execute.
If I can find a decent one, I'll post a real-world example of how this is all done.
-tg
Re: Question Parametized Queries
Quote:
Originally Posted by techgnome
If I can find a decent one, I'll post a real-world example of how this is all done.
-tg
That would be VERY cool. In addition to the security aspects that you and Shuja Ali pointed out in the other thread, the INSERT I have to do deals with 71 fields. It would be a whole heck of a lot easier to put 71 question marks in the VALUES clause that putting 71 textbox names in the VALUES clause and hope you got the right number, in the right order, with the right puncutation. :D
Re: Question Parametized Queries
Darn right it would be.... I'll get one as soon as I can...
I won't forget...
-tg
Re: Question Parametized Queries
Quote:
Originally Posted by techgnome
Darn right it would be.... I'll get one as soon as I can...
I won't forget...
-tg
Did you ever get a chance to put together some examples of using parameteized queries for UPDATES, DELETES, INSERTS and/or SELECTS?
Re: Question Parametized Queries
Quote:
Originally Posted by SeanK
Did you ever get a chance to put together some examples of using parameteized queries for UPDATES, DELETES, INSERTS and/or SELECTS?
He is putting together something for the codebank.
Re: Question Parametized Queries
It's been a slow painful process... life keeps getting in the way, it is certanly on my to do list.
-tg
