1

I have a list of users (as string variable) and want to use it as the criteria (one user at a time) for my SQL to pick the first item's code. So I put a SQL query as a string to run it later in the code.

I've tried this:

strSQL = "SELECT TOP 1 Item.Code FROM Item WHERE Item.User = '" 
strSQL = strSQL & strUserName & "' ORDER BY ID DESC"

If the strUserName = "A-user" for example, I only get this SQL string, according to "Quick Watch...":

SELECT TOP 1 Item.Code FROM Item WHERE Item.User = 'A-user

The part with "' ORDER BY ID DESC" isn't included in the SQL string at all!

And for running the SQL query by using "Set rst = CurrentDb.OpenRecordset(strSQL)", I get this error:

Run-time error '3075': Syntax error (missing operator) in query expression 'Item.User = "A-user"

How can I fix that?

Improve this question
1
  • Please show more of your code as the concatenation of your strings should work according to the currently shown code. However, building a SQL statement like so is the classic way of SQL injection ... Commented Jul 14, 2016 at 8:08

2 Answers 2

Reset to default
1

I don't see how your code triggers that 3075 error. However I would use a parameter query instead. That way you can avoid problems with quoted values in your SQL statement.

Dim qdf As DAO.QueryDef
Dim rs As DAO.Recordset
Dim strSelect As String
Dim strUserName As String

strUserName = "A-user"
strSelect = "SELECT TOP 1 i.Code FROM [Item] AS i WHERE i.User = [which_user] ORDER BY i.ID DESC"
Set qdf = CurrentDb.CreateQueryDef(vbNullString, strSelect)
qdf.Parameters("which_user").Value = strUserName
Set rs = qdf.OpenRecordset
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Thanks! I still have some question regarding your answer. The strSelect = "SELECT TOP 1 i.Code FROM [Item] AS i WHERE i.User = [which_user] ORDER BY i.ID would give me a SQL string with the fixed/non-variable [which_user] in the SQL, right?. And the qdf.Parameters("which_user").Value = strUserName would change this fixed [which_user] in the SQL string above? What do I put in the double-quote instead of "which_user"? The [which_user] variable from the SQL string? Thank!
which_user is a parameter. A query parameter is nothing more than a placeholder for a value which you must supply when the query is run. It should make more sense if you paste the SELECT statement into SQL View of a new Access query and then run that query: SELECT TOP 1 i.Code FROM [Item] AS i WHERE i.User = [which_user] ORDER BY i.ID DESC
Thanks HansUp. My problem is that I cannot manage to insert/change the variable "which_user" parameter into/in the strSelect. So my SQL string literally remains strSelect = "SELECT TOP 1 i.Code FROM [Item] AS i WHERE i.User = [which_user] ORDER BY i.ID. The [which_user] should be A_user right? So that the strSelect would be strSelect = "SELECT TOP 1 i.Code FROM [Item] AS i WHERE i.User = 'A_user' ORDER BY i.ID before the "qdf.OpenRecordSet", correct? Sorry, I am really a newbie:)
No, that's not correct. But I'm unsure how to approach this now. Have you tested the query in the Access query designer as I suggested yesterday?
Yes, I did. As I run the query, an input box pops up and I have to insert an user name for the parameter which_user. After insert the right user name into that box and click OK, I get the correct result. Does it has something to do with my user name, which is the Windows user name fetched by using this function: Private Declare Function apiGetUserName Lib "advapi32.dll" Alias _ "GetUserNameA" (ByVal lpBuffer As String, nSize As Long) As Long For now, I still stuck at the Set rs = qdf.OpenRecordset. The code run into an error there (Error 13, Type Mismatch)
|
0

Access sometimes complains about the use of single-quotes. And also add a semi-colon to the end of the statement. Try changing the code to this (where double-quotes are escaped with an extra double-quote:

strSQL = "SELECT TOP 1 Item.Code FROM Item WHERE Item.User = " 
strSQL = strSQL & """" & strUserName & """" & " ORDER BY ID DESC;"
Improve this answer

3 Comments

But as per DAXaholic's comment above, beware of SQL injection using this approach
I've tried these solutions but it did not help :( fontstuff.com/access/acctut15.htm The & """" & " ORDER BY ID DESC;" in my strSQL is still cut off!
Perhaps you have a typo in the variable name strSQL? Also notice that my example assigns the variable on the first line, and then appends to the variable on the second (i.e. the variable appears on both sides of the = sign on the second line).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.