我已经搜索了所有电路板,找不到有人问如何在INSERT INTO语句的代码中进行换行。我尝试了许多变体,但似乎可以使它们中的任何一个都起作用。他是我的代码以及我正在尝试的示例。我知道这只是放错逗号,引号或&符。
StrSQL = "INSERT INTO Tbl_Data_Shop & _
(ClaimNumber, ExposureNumber, ClaimSuffix, & _
Shop_Name, Shop_StreetAddress, Shop_City, & _
Shop_State, Shop_Zip, Shop_Phone) & _
"Values
('" & Forms!Frm_Data_Main!TBClaimNumber & "' & _
"'" & Forms!Frm_Data_Main!TBExposureNumber & "' & _
"'" & Forms!Frm_Data_Main!TBClaimSuffix & "'," & _
"'" & TBSShop_Name & "'," & _
"'" & TBSShop_StreetAddress & "'," & _
"'" & TBSShop_City & "'," & _
"'" & TBSShop_State & "'," & _
"'" & TBSShop_Zip & "'," & _
"'" & TBSShop_Phone & "'");"
答案 0 :(得分:2)
再一次,是一个使用parameterization行业最佳实践的经典示例,您可以在MS Access中使用QueryDefs.Parameters进行此操作。除了防止sql注入外,您还无需担心使用字符串插值引起的引号或“&”号,并且可以构建一个更具可读性和可维护性的代码块。
无论使用哪种语言(此处为VBA),该过程都涉及使用占位符设置准备好的SQL语句。然后在另一步骤中,将数据值绑定到占位符以执行。
SQL
在下面另存为已保存的MS Access查询(功能区>创建>查询> SQL视图)。此SQL查询使用PARAMETERS子句(在Access SQL方言中有效)定义占位符及其类型,然后使用占位符。您可以断开所有想要的行!
PARAMETERS TBClaimNumberParam TEXT(255), TBExposureNumberParam TEXT(255),
TBClaimSuffixParam TEXT(255), TBSShop_NameParam TEXT(255),
TBSShop_StreetAddressParam TEXT(255), TBSShop_CityParam TEXT(255),
TBSShop_StateParam TEXT(255), TBSShop_ZipParam TEXT(255),
TBSShop_PhoneParam TEXT(255);
INSERT INTO Tbl_Data_Shop (ClaimNumber, ExposureNumber, ClaimSuffix,
Shop_Name, Shop_StreetAddress, Shop_City,
Shop_State, Shop_Zip, Shop_Phone)
VALUES (TBClaimNumberParam, TBExposureNumberParam, TBClaimSuffixParam,
TBSShop_NameParam, TBSShop_StreetAddressParam, TBSShop_CityParam,
TBSShop_StateParam, TBSShop_ZipParam, TBSShop_PhoneParam)
VBA
在此步骤中,将上面保存的查询 mySavedQuery 引用到QueryDef对象中,然后将VBA值绑定到查询的命名参数(在上面的SQL中定义)。
Dim qdef As QueryDef
Set qdef = CurrentDb.QueryDefs("mySavedQuery")
' BIND VALUES TO PARAMETERS
qdef!TBClaimNumberParam = Forms!Frm_Data_Main!TBClaimNumber
qdef!TBExposureNumberParam = Forms!Frm_Data_Main!TBExposureNumber
qdef!TBClaimSuffixParam = Forms!Frm_Data_Main!TBClaimSuffix
qdef!TBSShop_NameParam = TBSShop_Name
qdef!TBSShop_StreetAddressParam = TBSShop_StreetAddress
qdef!TBSShop_CityParam = TBSShop_City
qdef!TBSShop_StateParam = TBSShop_State
qdef!TBSShop_ZipParam = TBSShop_Zip
qdef!TBSShop_PhoneParam = TBSShop_Phone
' EXECUTE ACTION
qdef.Execute dbFailOnError
Set qdef = Nothing
答案 1 :(得分:1)
单独为每行设置一个字符串-并纠正逗号和括号:
StrSQL = "INSERT INTO Tbl_Data_Shop " & _
"(ClaimNumber, ExposureNumber, ClaimSuffix, " & _
"Shop_Name, Shop_StreetAddress, Shop_City, " & _
"Shop_State, Shop_Zip, Shop_Phone) " & _
"Values (" & _
"'" & Forms!Frm_Data_Main!TBClaimNumber & "'," & _
"'" & Forms!Frm_Data_Main!TBExposureNumber & "'," & _
"'" & Forms!Frm_Data_Main!TBClaimSuffix & "'," & _
"'" & TBSShop_Name & "'," & _
"'" & TBSShop_StreetAddress & "'," & _
"'" & TBSShop_City & "'," & _
"'" & TBSShop_State & "'," & _
"'" & TBSShop_Zip & "'," & _
"'" & TBSShop_Phone & "');"
答案 2 :(得分:0)
引号和&缺少/放错了位置。但是,出于多种原因,我会使用prepared语句,即安全性和可管理性。
StrSQL = "INSERT INTO Tbl_Data_Shop & _
(ClaimNumber, ExposureNumber, ClaimSuffix, & _
Shop_Name, Shop_StreetAddress, Shop_City, & _
Shop_State, Shop_Zip, Shop_Phone) & _
Values ('" & Forms!Frm_Data_Main!TBClaimNumber & "', & _
'" & Forms!Frm_Data_Main!TBExposureNumber & "', & _
'" & Forms!Frm_Data_Main!TBClaimSuffix & "', & _
'" & TBSShop_Name & "', & _
'" & TBSShop_StreetAddress & "', & _
'" & TBSShop_City & "', & _
'" & TBSShop_State & "', & _
'" & TBSShop_Zip & "', & _
'" & TBSShop_Phone & "');"
尝试让我们知道。