0

I'm using MS Access 2003 and I'm trying to execute a few queries at once using VB. When I write out the query in SQL it works fine, but when I try to do it in VB it asks me to "Enter Parameter Value" for DEPA, then DND (which are the first few letters of a two strings I have). Here's the code:

Option Compare Database

Public Sub RemoveDupelicateDepartments()

Dim oldID As String
Dim newID As String
Dim sqlStatement As String


oldID = "DND-01"
newID = "DEPA-04"

sqlStatement = "UPDATE [Clean student table] SET [HomeDepartment]=" & newID & " WHERE [HomeDepartment]=" & oldID & ";"

DoCmd.RunSQL sqlStatement & ""

End Sub

It looks to me as though it's taking in the string up to the - then nothing else. I dunno, that's why I'm asking lol. What should my code look like?

Daniel Imms
  • 47,944
  • 19
  • 150
  • 166
Jeff
  • 25
  • 3

2 Answers2

5

Use (') character to set start and end of value

sqlStatement = "UPDATE [Clean student
table] SET [HomeDepartment]='" & newID
& "' WHERE [HomeDepartment]='" & oldID
& "';"
volody
  • 6,946
  • 3
  • 42
  • 54
  • Because the literal query is something like "...SET field = 'abc'..." instead of "...SET field = abc...". If you try to run the second (unquoted) query directly in Access, you will see the same error. – Carl Manaster May 10 '10 at 16:46
  • Ah, thank you very much! This answers all my questions (except the one Mr. Coehoorn has me wondering about now :P ) – Jeff May 10 '10 at 16:52
  • Joel's point is that you are open to executing any arbitrary data that the user supplies for your variable. He assumes a lot but he has a point. See http://stackoverflow.com/questions/512174/non-web-sql-injection for a lengthy discussion of the issue. – David-W-Fenton May 12 '10 at 22:47
3

You probably want to insert quotes around the IDs.

Carl Manaster
  • 39,912
  • 17
  • 102
  • 155