参数未添加到INSERT语句VBA的ADO字符串

时间:2016-09-20 22:55:54

标签: mysql excel vba

我正在尝试学习如何避免SQL注入,并使用VBA通过VB中的ADO连接到mysql数据库。

我遇到的问题是该行

Set rs = cmd.Execute 

我收到以下错误,我在两天内无法确定:"没有给出一个或多个必需参数的值"。

当然,在打印参数字符串时,它会返回:(我注意到params的区别......不知道为什么会发生这种情况)

INSERT INTO prm1=? VALUES prm2=?, prm3=?, prm4=?, prm5=?, prm6=?, prm7=?, prm8=?, prm9=?, prm10=?, prm11=?, prm12=?, prm13=?;

这是我用来澄清的代码:

Function addToServer(file As String, server As Integer, lastRow As Integer)

Sheets("usage").Select
Dim str As String
Dim i As Integer

Dim conn As ADODB.Connection
Set conn = DBConnection
Dim rs As ADODB.Recordset
Set rs = New ADODB.Recordset

Dim cmd As ADODB.Command
 Dim prm2 As ADODB.Parameter
  Dim prm3 As ADODB.Parameter
   Dim prm4 As ADODB.Parameter
    Dim prm5 As ADODB.Parameter
     Dim prm6 As ADODB.Parameter
      Dim prm7 As ADODB.Parameter
       Dim prm8 As ADODB.Parameter
        Dim prm10 As ADODB.Parameter
         Dim prm11 As ADODB.Parameter
          Dim prm12 As ADODB.Parameter
           Dim prm13 As ADODB.Parameter
            Dim prm14 As ADODB.Parameter
             Dim prm15 As ADODB.Parameter

Set cmd = New ADODB.Command
cmd.ActiveConnection = conn

    With cmd
        If server <> 0 Then
            .CommandText = "INSERT INTO NLVMerlinResults (Year, Month, Day, Lab, Station, IP, thisWeek, Week1, Week2, Week3, Week4, Week5, WeeksInMonth, SumOverWeeks) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?);"
        Else
            .CommandText = "INSERT INTO STMerlinResults (Year, Month, Day, Lab, Station, IP, thisWeek, Week1, Week2, Week3, Week4, Week5, WeeksInMonth, SumOverWeeks) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) ;"
        End If

        cmd.CommandType = adCmdText

        Set prm2 = .CreateParameter(Name:="year", Type:=adInteger, size:=4)
        .Parameters.Append prm2
        Set prm3 = .CreateParameter(Name:="month", Type:=adSmallInt, size:=2)
        .Parameters.Append prm3
        Set prm4 = .CreateParameter(Name:="day", Type:=adSmallInt, size:=2)
        .Parameters.Append prm4
        Set prm5 = .CreateParameter(Name:="lab", Type:=adVarChar, size:=30)
        .Parameters.Append prm5
        Set prm6 = .CreateParameter(Name:="cell", Type:=adVarChar, size:=30)
        .Parameters.Append prm6
        Set prm7 = .CreateParameter(Name:="ip", Type:=adVarChar, size:=20)
        .Parameters.Append prm7
        Set prm8 = .CreateParameter(Name:="week", Type:=adSmallInt, size:=2)
        .Parameters.Append prm8
        Set prm9 = .CreateParameter(Name:="1", Type:=adVarChar, size:=10)
        .Parameters.Append prm9
        Set prm10 = .CreateParameter(Name:="2", Type:=adVarChar, size:=10)
        .Parameters.Append prm10
        Set prm11 = .CreateParameter(Name:="3", Type:=adVarChar, size:=10)
        .Parameters.Append prm11
        Set prm12 = .CreateParameter(Name:="4", Type:=adVarChar, size:=10)
        .Parameters.Append prm12
        Set prm13 = .CreateParameter(Name:="5", Type:=adVarChar, size:=10)
        .Parameters.Append prm13
        Set prm14 = .CreateParameter(Name:="weeksinmonth", Type:=adTinyInt, size:=1)
        .Parameters.Append prm14
        Set prm15 = .CreateParameter(Name:="total", Type:=adVarChar, size:=10)
        .Parameters.Append prm15

    Dim j As Integer
    For i = 1 To lastRow
        For j = 1 To 15
            If (j = 1) Then
                prm2.value = CLng(cells(i, j))
            ElseIf (j = 2) Then
                prm3.value = CInt(cells(i, j))
            ElseIf (j = 3) Then
                prm4.value = CInt(cells(i, j))
            ElseIf (j = 4) Then
                prm5.value = CStr(cells(i, j))
            ElseIf (j = 5) Then
                prm6.value = CStr(cells(i, j))
            ElseIf (j = 6) Then
                prm7.value = CStr(cells(i, j))
            ElseIf (j = 7) Then
                prm8.value = CInt(cells(i, j))
            ElseIf (j = 8) Then
                If IsEmpty((cells(i, j))) Then
                    prm9.value = vbNullString
                Else
                    prm9.value = CStr(cells(i, j))
                End If
            ElseIf (j = 9) Then
                If IsEmpty((cells(i, j))) Then
                    prm10.value = vbNullString
                Else
                    prm10.value = CStr(cells(i, j))
                End If
            ElseIf (j = 10) Then
                If IsEmpty((cells(i, j))) Then
                    prm11.value = vbNullString
                Else
                    prm11.value = CStr(cells(i, j))
                End If
            ElseIf (j = 11) Then
                If IsEmpty((cells(i, j))) Then
                    prm12.value = vbNullString
                Else
                    prm12.value = CStr(cells(i, j))
                End If
            ElseIf (j = 12) Then
                If IsEmpty((cells(i, j))) Then
                    prm13.value = vbNullString
                Else
                    prm13.value = CStr(cells(i, j))
                End If
            ElseIf (j = 13) Then
                prm14.value = CByte(cells(i, j))
            ElseIf (j = 14) Then
                prm15.value = CStr(cells(i, j))
            End If
        Next j
           .Execute
    Next i

End With
Set cmd = Nothing
End Function

我上面使用了两种不同的方法,但两种方法似乎都没有。有人可以就我能做些什么来提供帮助吗?我尝试从.CreateParameter函数中取出params(http://www.w3schools.com/asp/met_comm_createparameter.asp表示它们是可选的),但这也没有用。

最好,

阿什利

编辑::我在上面添加了编辑。我尝试了一个测试插件,但它很成功。

INSERT INTO  `NLVMerlinResults` (Year, Month, Day, Lab, Station, IP, thisWeek, Week1, Week2, Week3, Week4, Week5, WeeksInMonth, SumOverWeeks) VALUES ("1", "2", "3", "4", "5", 1, 5, "5", "5", "6", 6, "5", "4", "5")

虽然奇怪的是它允许我在DB只接受varchar时输入整数和字符串...

1 个答案:

答案 0 :(得分:1)

删除“qualifer =?”来自SQL语句。 ODBC参数使用单个?指定,并且必须按照它们在语句中出现的顺序添加:

INSERT INTO  `NLVMerlinResults` (Year, Month, Day, Lab, Station, IP, 
thisWeek, Week1, Week2, Week3, Week4, Week5, WeeksInMonth, SumOverWeeks) 
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)

OP EDIT:问题陈述中提供的功能代码。