我在SQL Server(2012)中有一个SP。它返回单行...使用SSMS验证
exec dbo.cpas_DeleteProjects N'3555,3565'
它会在列中返回一个记录计数信息的有效行。
从Access(2007),我使用adodb调用来调用它:
Sub DevolveProjects(ProjectIDs As String)
''
' Looking for a comma-delimited list of project IDs in string form: "34,52,14"
'
Dim cnn As New adodb.Connection
Dim rstReturnValues As adodb.Recordset
cnn.ConnectionString = "Provider=SQLOLEDB;Server=" & CurrentServerName() & ";Initial Catalog=" & CurrentDBName() & ";Integrated Security=SSPI;"
cnn.Open
Set rstReturnValues = cnn.Execute("exec dbo.cpas_DeleteProjects N'" & ProjectIDs & "'")
With rstReturnValues...
问题是,rstReturnValues已关闭。没有数据。
我已经验证了使用SQL事件探查器,如上所述,当从Access应用程序调用sp时,sp正在运行预期的SQL,并且似乎执行得很好,因此身份验证没有问题。我只是没有填充我的记录集。当我将SQL Profiler看到的确切SQL语句复制并粘贴到SSMS查询中时,它会完全返回我期望的内容....
我是否错误地编写了.execute调用?想法?
答案 0 :(得分:1)
代码看起来正确,尽管您可以尝试使用绑定参数而不是单个SQL字符串。对于快速和脏的东西,它没有任何区别,但这消除了SQL注入的可能性
Dim lConnection as new ADODB.Connection
Dim lCommand as new ADODB.Command
Dim lParameter as ADODB.Parameter
Dim lRecordset as ADODB.Recordset
lConnection.ConnectionString = "Provider=SQLOLEDB;Server=" & CurrentServerName() & ";Initial Catalog=" & CurrentDBName() & ";Integrated Security=SSPI;"
lConnection.Open
lCommand.ActiveConnection = lConnection
lCommand.CommandText = "dbo.cpas_DeleteProjects"
lCommand.CommandType = adCmdStoredProc
set lParameter = lCommand.CreateParameter(, adVarWChar, adParamInput, 200, ProjectIDs) 'replace 200 with parameter length, different syntax if nvarchar(max)
lCommand.Parameters.Append lParameter
Set lRecordset = lCommand.Execute()
Debug.Print lRecordset(0) 'Does the recordset contain anything?
...
lRecordset.Close
lConnection.Close