Tepken Vannkorn
Reputation: 9713
Can VBA in Ms Access using parameter to prevent sql injection?
I'm currently building a system with Ms Access. Since it's important to avoid sql injection, I want to use paramerters as VB.NET too, but I wonder if it could be or not. If so, I would be appreciate if you show me at least the sql statement inserting data from controls to the database using parameters, and If it can't be, would anyone show me the other ways?
I would be appreciate for any recommendation, thanks..
Upvotes: 0
Views: 3305
Answers (1)
HansUp
Reputation: 97101
This INSERT statement declares a Date/Time PARAMETER using a text box "txtStartDate" on an open form named "frmDatePicker", and inserts that value into MyTable.
PARAMETERS [Forms]![frmDatePicker]![txtStartDate] DateTime;
INSERT INTO MyTable ( date_field )
VALUES ([Forms]![frmDatePicker]![txtStartDate]);
Upvotes: 5
Related Questions
- Microsoft Access SQL Injection
- Sanitizing a string in Access 2003 SQL: Problem with '
- Non-web SQL Injection
- SQL injection and Access macros (not VBA)
- MS Access - prevent SQL injection in connection string
- SQL Injection on MS Access LogIn
- SQL Injection prevention with Microsoft Access and VB.NET
- Access VBA - Pass Param to SQL query?
- treating parameter as literal
- passing parameter from access into sql-server