QueryDef 参数化查询方法
此方法将阻止用户在其输入中嵌入第二个 SQL 语句以供执行。
Dim strSQL As String
Dim db As DAO.Database
Dim qdf As DAO.QueryDef
strSQL = "PARAMETERS [FirstName] Text(255), [LastName] Text(255), [Phone] Text(255); " _
& "INSERT INTO Employees (chrFirstName, chrLastName, chrPhone) " _
& "VALUES ([FirstName], [LastName], [Phone]);"
Set db = CurrentDb
Set qdf = db.CreateQueryDef("", strSQL)
qdf.Parameters("FirstName") = Me!txtFirstName
qdf.Parameters("LastName") = Me!txtLastName
qdf.Parameters("Phone") = Me!txtPhone
qdf.Execute
Me!txtFirstName = vbNullString
Me!txtLastName = vbNullString
Me!txtPhone = vbNullString
qdf.Close
db.Close
Set qdf = Nothing
Set db = Nothing
有效参数类型:
DATETIME:用于日期(参数预计 VBADate)SHORT,LONG:对于整数(SHORT期望 Integer,LONG期望 Long)SINGLE,DOUBLE:浮点数(分别为 Single 和 Double)VARCHAR或TEXT:用于琴弦MEMO或LONGTEXT:对于长度超过 255 个字符的字符串