我可以使用VBScript查找图像中的所有记录:
cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES"
这完美无缺。但是,我想将搜索从所有记录缩小到只有列B(ProjectName)==“spoon”的那些
Dim projName
projName = "spoon"
cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES" & " WHERE ProjectName=" & projName
但我收到错误:
没有给出一个或多个必需参数的值。
Mu SQL-fu很弱,不知道我哪里出错了。
答案 0 :(得分:0)
结束(并稍微减少):
Dim projName
projName = "spoon"
cn.Execute "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName='" & projName & "'"
答案 1 :(得分:0)
作为@allen-wang points out,错误的原因是缺少字符串值通过将其封装在单引号('...')中而被识别为字符串。
但是,使用ADODB.Command执行参数化查询可以避免此问题和其他问题,例如SQL注入漏洞。
Dim cmd, sql, exportDir, exportFile
'Shouldn't be configurable outside this procedure.
exportDir = "..."
exportFile = "..."
Const adCmdText = 1
Const adParamInput = 1
Const adCmdVarChar = 200
Const adExecuteNoRecords = &H00000080
Set cmd = CreateObject("ADODB.Command")
sql = "SELECT * INTO [text;HDR=Yes;Database=" & exportDir & _
";CharacterSet=65001]." & exportFile & " FROM IMAGES WHERE ProjectName = ?"
With cmd
Set .ActiveConnection = cn
.CommandType = adCmdText
.CommandText = sql
Call .Parameters.Append(.CreateParameter("@ProjName", adVarChar, adParamInput, 255))
Call .Execute(, , adExecuteNoRecords)
End With
请确保不公开exportDir和exportFile,或者将代码保持为SQL注入。