Ms Access中的VBA可以使用参数来防止SQL注入吗? [英] Can VBA in Ms Access using parameter to prevent sql injection?

问题描述

我目前正在使用Access女士构建一个系统.由于避免sql注入很重要，因此我也想将参数程序用作VB.NET，但我想知道是否可以.如果是这样，如果您至少向我展示了使用参数从控件向数据库中插入数据的sql语句，我将不胜感激；如果不能，那么有人会以其他方式向我展示吗?

I'm currently building a system with Ms Access. Since it's important to avoid sql injection, I want to use paramerters as VB.NET too, but I wonder if it could be or not. If so, I would be appreciate if you show me at least the sql statement inserting data from controls to the database using parameters, and If it can't be, would anyone show me the other ways?

谢谢您的推荐.

推荐答案

此INSERT语句在打开的窗体"frmDatePicker"上使用文本框"txtStartDate"声明日期/时间参数，并将该值插入MyTable. /p>

This INSERT statement declares a Date/Time PARAMETER using a text box "txtStartDate" on an open form named "frmDatePicker", and inserts that value into MyTable.

PARAMETERS [Forms]![frmDatePicker]![txtStartDate] DateTime;
INSERT INTO MyTable ( date_field )
VALUES ([Forms]![frmDatePicker]![txtStartDate]);

这篇关于Ms Access中的VBA可以使用参数来防止SQL注入吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！