问题
I'm currently building a system with Ms Access. Since it's important to avoid sql injection, I want to use paramerters as VB.NET too, but I wonder if it could be or not. If so, I would be appreciate if you show me at least the sql statement inserting data from controls to the database using parameters, and If it can't be, would anyone show me the other ways?
I would be appreciate for any recommendation, thanks..
回答1:
This INSERT statement declares a Date/Time PARAMETER using a text box "txtStartDate" on an open form named "frmDatePicker", and inserts that value into MyTable.
PARAMETERS [Forms]![frmDatePicker]![txtStartDate] DateTime;
INSERT INTO MyTable ( date_field )
VALUES ([Forms]![frmDatePicker]![txtStartDate]);
来源:https://stackoverflow.com/questions/6764509/can-vba-in-ms-access-using-parameter-to-prevent-sql-injection