0

我正在尝试从 Access 中的表单遍历表内的列,以查明“案例名称”是否已经存在,如果不存在,则将新记录添加到表中。我希望标准基于文本框的输入值。好消息是我已经弄清楚如何使用下面的代码向表中添加新记录。我只是停留在如何遍历表以找出记录是否已经存在。提前致谢!

Private Sub SaveNewCase_Click()

If Me.txtNewCaseName.Value <> "Null" And Me.txtCaseDepth.Value <> "Null" And Me.txtCaseHeight2.Value <> "Null" And Me.txtCaseWeight.Value <> "Null" And Me.txtCaseWidth <> "Null" And Me.cboCaseCategory.Value <> "Null" Then
    'I think the loop should go here, but not sure'
    CurrentDb.Execute "INSERT INTO tblCases(CaseName, CaseWidth, CaseHeight, CaseCasters, CaseWeight, CaseDepth, CaseCategory) " & _
        " VALUES ('" & Me.txtNewCaseName & "'," & Me.txtCaseWidth & "," & Me.txtCaseHeight2 & ",'" & Me.chkboxCasters & "'," & Me.txtCaseWeight & "," & Me.txtCaseDepth & ",'" & Me.cboCaseCategory & "')"
Else
    MsgBox "Please enter all new case criteria."
End If

End Sub
4

1 回答 1

1

首先,使用参数

将用户提供的值直接连接到您的 SQL 语句中会暴露您的SQL 注入,无论是有意的(即用户输入他们自己的 SQL 语句来破坏您的数据库)还是无意的(例如,用户输入的值包含撇号或其他 SQL 定界符)。

相反,使用参数表示每个字段值,例如:

With CurrentDb.CreateQueryDef _
    ( _
        "", _
        "insert into " & _
        "tblcases (casename,  casewidth,  caseheight,  casecasters,  caseweight,  casedepth,  casecategory) " & _
        "values  (@casename, @casewidth, @caseheight, @casecasters, @caseweight, @casedepth, @casecategory) " _
    )
    .Parameters("@casename") = txtNewCaseName
    .Parameters("@casewidth") = txtCaseWidth
    .Parameters("@caseheight") = txtCaseHeight2
    .Parameters("@casecasters") = chkboxCasters
    .Parameters("@caseweight") = txtCaseWeight
    .Parameters("@casedepth") = txtCaseDepth
    .Parameters("@casecategory") = cboCaseCategory
    .Execute
End With

由于每个表单控件的值直接提供给 SQL 语句中的参数,因此该值将始终被解释为文字并且不能构成 SQL 语句本身的一部分。

此外,您不必担心用单引号或双引号将字符串值括起来,也不必担心格式化日期值 - 数据以其本机形式使用。

在涉及测试现有值的情况下,您可以使用域聚合函数,例如DLookup,或者您可以使用 SQLselect语句并测试没有返回记录,例如:

Dim flg As Boolean
With CurrentDb.CreateQueryDef _
    ( _
        "", _
        "select * from tblcases where " & _
        "casename     = @casename    and " & _
        "casewidth    = @casewidth   and " & _
        "caseheight   = @caseheight  and " & _
        "casecasters  = @casecasters and " & _
        "caseweight   = @caseweight  and " & _
        "casedepth    = @casedepth   and " & _
        "casecategory = @casecategory " _
    )
    .Parameters("@casename") = txtNewCaseName
    .Parameters("@casewidth") = txtCaseWidth
    .Parameters("@caseheight") = txtCaseHeight2
    .Parameters("@casecasters") = chkboxCasters
    .Parameters("@caseweight") = txtCaseWeight
    .Parameters("@casedepth") = txtCaseDepth
    .Parameters("@casecategory") = cboCaseCategory
    With .OpenRecordset
        flg = .EOF
        .Close
    End With
End With

If flg Then
    ' Add new record
Else
    ' Record already exists
End If

最后,您当前正在针对文字 string 测试表单控件的值,"Null"只有当用户将值输入控件时才会验证该值Null,而不是当控件为空白时。

相反,您应该使用 VBAIsNull函数来检查变量是否包含 Null 值。

于 2020-03-06T20:50:24.903 回答