我在SQL端创建了表和字段。调试器指向cnn.Execute uSQL是问题所在。我正在尝试将访问表单的用户和计算机名称写入SQL。
Sub UpdateTable()
Dim cnn As ADODB.Connection
Dim uSQL As String
Dim strText As String
Dim strDate As Date
Dim strUsername As String
Dim strComputerName As String
strUsername = Environ("username")
strComputerName = Environ("Computername")
Set cnn = New Connection
cnnstr = "Provider=SQLOLEDB; " & _
"Data Source=icl-analive; " & _
"Initial Catalog=DW_ALL;" & _
"User ID=dw_all_readonlyuser;" & _
"Trusted_Connection=Yes;"
cnn.Open cnnstr
uSQL = "INSERT INTO Audit (UN,CN) VALUES StrUsername , strComputer"
Debug.Print uSQL
cnn.Execute uSQL
cnn.Close
Set cnn = Nothing
Exit Sub
End Sub
答案 0 :(得分:-1)
你的uSQL应该是这样的:
uSQL = "INSERT INTO Audit (UN,CN) VALUES " & StrUsername & "," & strComputer
编辑: 实际上是这样的:
INSERT INTO Audit (UN,CN) VALUES '" & StrUsername & "','" & strComputer & "'"
不同之处在于我们应该在SQL的引号中设置字符串。在评论中感谢@Tony Dong。
这个答案是SQL注入的易受攻击代码的典型示例。为了防止它,请考虑使用参数化查询,如下例所示: