I am using a ADODB connection to connect to an access database and am using an SQL string as the comandtext....but i need to check the validity of wat i have typed.....here is the sql statement..

dim cmdcommand as new adodb.command

With cmdCommand
.ActiveConnection = conConnection
.comanttext = "select * from Login where username = txusername.text"

.CommandType = adCmdText

End With

here i want to encorporate the use of check for a text feild...am i using the right Sql syntax here....as in can i jus refer to txtusername.text or do i have to use it like $txtusername.text or soemthing.....Plzz Help

9 Years
Discussion Span
Last Post by varun.coolmax

For starters lets look at the SQL statement line .comanttext = "select * from Login where username = txusername.text" This is not using the textbox value, the correct syntax for using the control is .comanttext = "select * from Login where username = " & txusername.text This still has a problem as SQL requires quote delimiters for string fields, hence we would add that to the string thus .comanttext = "select * from Login where username = '" & txusername.text & "'" And finally to safely pass this without allowing for a SQL injection attack we would ensure the textbox has no apostrophy that could damage the database .comanttext = "select * from Login where username = '" & replace(txusername.text, "'", "''") & "'" That should just about do it


This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.