Results 1 to 13 of 13

Thread: [RESOLVED] Learn about parameterized queries...

  1. #1

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Resolved [RESOLVED] Learn about parameterized queries...

    This morning Techgnome suggest me to learn about "Parameterizez queries"... http://www.vbforums.com/showpost.php...64&postcount=4

    Are there suggestions where I can find a newbie tutorial for this...

    Thanks in advance !
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  2. #2
    I'm about to be a PowerPoster! Hack's Avatar
    Join Date
    Aug 2001
    Location
    Searching for mendhak
    Posts
    58,333

    Re: Learn about parameterized queries...

    Just be patient. Tg has said that he will be putting one together and when it is finished it will either be posted in our CodeBank or Tutorial section, whichever would be the most appropriate.

  3. #3
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: Learn about parameterized queries...

    Search MSDN for Command.Parameters.... you may need to adjust the search so that you get back info on ADO (and not ADO.NET)... but it's out there...

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  4. #4

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Quote Originally Posted by techgnome
    Search MSDN for Command.Parameters.... you may need to adjust the search so that you get back info on ADO (and not ADO.NET)... but it's out there...

    -tg
    I found this link but not really simple for someone who begin with SQL queries...

    http://msdn.microsoft.com/library/de...tml/vb00j1.asp

    Is it the link you talked about ???
    Last edited by DubweiserTM; Sep 5th, 2006 at 01:57 PM.
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  5. #5
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: Learn about parameterized queries...

    Quote Originally Posted by Hack
    Just be patient. Tg has said that he will be putting one together and when it is finished it will either be posted in our CodeBank or Tutorial section, whichever would be the most appropriate.
    Oooh, owch... that was another dig wasn't it?

    I just need to have one day to myself to write it out properly. I've got a bunch of notes and an outline (I don't want to jsut throw it together like I did the other ones) I just need the time to actualy put it down.

    Dub - no, that's not quite the one I was talking about.... hmmm.....

    Go to MSDN, and put this into the search:
    Command.Parameters AND ADO AND VB

    just like that, the entire line "AND"s and all.

    -tg

    PS: it's going to be a tutorial.... won't be in the codebank.
    Last edited by techgnome; Sep 5th, 2006 at 02:22 PM.
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  6. #6

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Quote Originally Posted by techgnome
    Dub - no, that's not quite the one I was talking about.... hmmm.....

    Go to MSDN, and put this into the search:
    Command.Parameters AND ADO AND VB

    just like that, the entire line "AND"s and all.

    -tg

    PS: it's going to be a tutorial.... won't be in the codebank.
    Im asking me if Im stupid ??? I found nothing clear, maybe because Im a french person...

    http://search.msdn.microsoft.com/sea...AND+ADO+AND+VB

    Could you give me a little example...Sorry if I disturb you with this...
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  7. #7
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: Learn about parameterized queries...

    no, it's not you.... it's MS.... they've totaly dumped all the VB6 stuff.... which means all that comes back is irrelevant .NET stuff. I think it's time I finaly write that tutorial. Stay tuned, watch this space and the Tutorials section too.... I'll be posting something tonight or tomorrow.

    Using the SQL sample in from the other post.

    Create a Command object, set the commandText to the SQL statement,
    set the CommandType to adCommandText. Then:
    dbCommand.Parameters.Add dbCommand.CreateParameter("@FldParam",adVarChar, adParameterInput, 255, adoCombo.Text)
    Lastly, set the Command object's .ActiveConnection to your connection object, then finaly:
    Set rstResults = dbCommand.Execute

    And you should have your results in the recordset.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  8. #8

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Quote Originally Posted by techgnome
    no, it's not you.... it's MS.... they've totaly dumped all the VB6 stuff.... which means all that comes back is irrelevant .NET stuff. I think it's time I finaly write that tutorial. Stay tuned, watch this space and the Tutorials section too.... I'll be posting something tonight or tomorrow.
    -tg
    Cool, thanks !
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  9. #9

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Quote Originally Posted by techgnome

    Create a Command object, set the commandText to the SQL statement,
    set the CommandType to adCommandText. Then:
    dbCommand.Parameters.Add dbCommand.CreateParameter("@FldParam",adVarChar, adParameterInput, 255, adoCombo.Text)
    Lastly, set the Command object's .ActiveConnection to your connection object, then finaly:
    Set rstResults = dbCommand.Execute

    And you should have your results in the recordset.

    -tg
    Here it's my code, sorry some words are in french...

    I got an error on this line (bold and underlined) ???

    Code:
    Public Sub SearchTable(adoSource As String, adoTable As String, adoField As String, adoCombo As ComboBox, intNbrField As Integer)
    '****************************
    'TITRE: Search Table
    '****************************
    'DESCRIPTION:
    'Recherche la table cible à l'intérieur d'une base de données
    'La base de données servant à la recherche, correspond à celle lié au control
    '****************************
    'ARGUMENTS:
    'adoSource ---> Source de la base de données concernée
    'adoTable ---> Table concernée dans la base de données
    'adoField ---> Field concerné dans la base de données
    'adoCombo ---> Rechercher l'item sélectionné dans ce ComboBox
    'intNbrField ---> Nombre de field recherché
    '****************************
        'Déclarations des variables
        Dim cn As ADODB.Connection
        Dim rs As ADODB.Recordset
        Dim cmdSQL As ADODB.Command
        Dim prmSQL As ADODB.Parameter
        
        Set cmdSQL = New ADODB.Command
        Set cn = New ADODB.Connection
        Set rs = New ADODB.Recordset
        Set prmSQL = New ADODB.Parameter
        
        'Connection Database
        cn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" & adoSource
        cn.Open
        
        cmdSQL.CommandText = "SELECT * FROM adoTable WHERE adoField = ?"
        cmdSQL.CommandType = adCmdText
        cmdSQL.Parameters.Add cmdSQL.CreateParameter(adoField, adVarChar, adParamInput, 255, adoCombo.Text)
        cmdSQL.ActiveConnection
        
        Set rs = cmdSQL.Execute
        
        'Rechercher la ou les tables cibles (1,2,3)
        rs.MoveFirst
        Select Case intNbrField
            Case 1
                strTableCible1 = rs.Fields("RefTable").Value
            Case 2
                strTableCible1 = rs.Fields("RefTable").Value
                strTableCible2 = rs.Fields("RefTable1").Value
            Case 3
                strTableCible1 = rs.Fields("RefTable").Value
                strTableCible2 = rs.Fields("RefTable1").Value
                strTableCible3 = rs.Fields("RefTable2").Value
        End Select
        
    End Sub
    Thanks again !
    Last edited by DubweiserTM; Sep 6th, 2006 at 10:15 AM.
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  10. #10

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Now it's okay I made some change...

    Old version:
    cmdSQL.CommandText = "SELECT * FROM adoTable WHERE adoField = ?"
    cmdSQL.CommandType = adCmdText
    cmdSQL.Parameters.Add cmdSQL.CreateParameter(adoField, adVarChar, adParamInput, 255, adoCombo.Text)
    cmdSQL.ActiveConnection

    New version:
    Set cmdSQL.ActiveConnection = cn
    cmdSQL.CommandText = "SELECT * FROM " & adoTable & " WHERE " & adoField & " = prmSQL"
    cmdSQL.CommandType = adCmdText
    Set prmSQL = cmdSQL.CreateParameter(adoField, adVarChar, adParamInput, 255, adoCombo.Text)
    cmdSQL.Parameters.Append prmSQL
    Set rs = cmdSQL.Execute

    Now the big question ! What is the difference between that and a simple query ???

    I know what there's in this link:

    http://www.vbforums.com/showpost.php...64&postcount=4

    Thanks !
    Last edited by DubweiserTM; Sep 6th, 2006 at 10:34 AM.
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  11. #11
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: Learn about parameterized queries...

    Ok... first you can't pass in the field name as a parameter.... you have to have that already inthere.... otherwise it gets treated as a value, and that's not going to return the results you want.
    The problem you are experienceing with this is because you've over generalized the process. There's nothing wrong with that.... just need to make sure that it is set up right.

    Asuming adoTable and adoField are strings passed in, this is what your SQL string should look like

    VB Code:
    1. strSQL = "SELECT * FROM " & adoTable & " WHERE " & adoField & " = ?"

    Then set the command settings
    VB Code:
    1. cmdSQL.CommandText = strSQL
    2. cmdSQL.CommandType = adCmdText

    Now create your parameter and append it
    VB Code:
    1. Set prmSQL = cmdSQL.CreateParameter("SearchCrit", adVarChar, adParamInput, 255, adoCombo.Text)
    2. cmdSQL.Parameters.Append prmSQL

    You are probably now asking where did "SearchCrit" come from? I made it up. When dealing with parameterized queries in Access, it doesn't care what the name is. That's why we simply hold its place with a "?" .... since it uses ordinal positioning where the parameter holder and the appened parameter are matched up 1, 2, 3, it doesn't matter what we set as the parameter name. But with SQL Server, which uses named parameters, the names do matter. Again, since we are using Access, it doesn't matter at this point. You could call it coconuts, or CocoPuffs, or dipstick, or anything you like (I suggest something meaningful), just as long as you give it a name.

    Ok, now call it:
    VB Code:
    1. Set rs = cmdSQL.Execute

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

  12. #12

    Thread Starter
    Hyperactive Member DubweiserTM's Avatar
    Join Date
    Dec 2005
    Location
    St-Ferdinand, Québec
    Posts
    427

    Re: Learn about parameterized queries...

    Now my problem in this link is really resolved: http://www.vbforums.com/showpost.php...07&postcount=1

    Regarding the point #3 on this Reply, am I okay ? http://www.vbforums.com/showpost.php...64&postcount=4

    Thanks for all...
    DubweiserTM

    If your question has been answered, you can mark a thread as resolved...

  13. #13
    PowerPoster techgnome's Avatar
    Join Date
    May 2002
    Posts
    34,687

    Re: Learn about parameterized queries...

    Yes, you should be fine..... Use a drop down for the list of tables and fields.... and you;ll be OK... there's no way to parameterize tables or their fields, so to minimize injection attacks (which the problem I was explaining in the other thread), minimize how the user enters the data. By using a combo, it severly limits the data that the user has to select from and they can't just type anything in for the table/field names. The value being searched for then becomes the only problem, which is taken care of by using the parameterized query.

    -tg
    * I don't respond to private (PM) requests for help. It's not conducive to the general learning of others.*
    * I also don't respond to friend requests. Save a few bits and don't bother. I'll just end up rejecting anyways.*
    * How to get EFFECTIVE help: The Hitchhiker's Guide to Getting Help at VBF - Removing eels from your hovercraft *
    * How to Use Parameters * Create Disconnected ADO Recordset Clones * Set your VB6 ActiveX Compatibility * Get rid of those pesky VB Line Numbers * I swear I saved my data, where'd it run off to??? *

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width