获取自动化错误 Excel VBA 尝试更新 SQL Db
Posted
技术标签:
【中文标题】获取自动化错误 Excel VBA 尝试更新 SQL Db【英文标题】:Getting Automation Error Excel VBA trying Update SQL Db 【发布时间】:2021-08-19 16:18:18 【问题描述】:非常感谢任何帮助!
Private Sub CommandButton1_Click()
'On Error GoTo ErrExit
Dim cn_ADO As ADODB.Connection
Dim cmd_ADO As ADODB.Command
Dim SQLUser As String
Dim SQLPassword As String
Dim SQLServer As String
Dim DBName As String
Dim DbConn As String
Dim SQLQuery As String
Dim strWhere As String
Dim i As Integer
Dim jOffset As Integer
Dim iStartRow As Integer
Dim strItmId As String
Dim strParentItm As String
Dim strName As String
Dim strValu As String
Dim strDateCreate As String
Dim strDateUpdate As String
jOffset = 1
iStartRow = 9
i = iStartRow
SQLUser = "sa"
SQLPassword = "xxx"
SQLServer = "xxx"
DBName = "TEST"
DbConn = "Provider=SQLOLEDB.1;Persist Security Info=True;User ID=" & SQLUser & ";Password=" & SQLPassword & ";Initial Catalog=" & DBName & ";" & _
"Data Source=" & SQLServer & ";User Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;" & _
"Use Encryption for Data=False;Tag with column collation when possible=False"
Set cn_ADO = New ADODB.Connection
cn_ADO.Open DbConn
Set cmd_ADO = New ADODB.Command
While Cells(i, jOffset).Value <> ""
strItmId = Cells(i, 0 + jOffset).Value
strName = Cells(i, 2 + jOffset).Value
strValu = Cells(i, 3 + jOffset).Value
strWhere = "ItmId = " & strItmId
SQLQuery = "update COCFG " & _
"set " & _
"[Name] = '" & strName & "', " & _
"[Valu] = '" & strValu & "', " & _
"where " & strWhere (AUTOMATION ERROR POINT, SYNTAX ISSUE AT 'where')
cmd_ADO.CommandText = SQLQuery
cmd_ADO.ActiveConnection = cn_ADO
cmd_ADO.Execute
i = i + 1
Wend
Set cmd_ADO = Nothing
Set cn_ADO = Nothing
Exit Sub
'ErrExit:
' MsgBox "Error: " & Err & " " & Error(Err)
' Application.StatusBar = False
' Application.Cursor = xlDefault
'
' If Not cn_ADO Is Nothing Then
' Set cn_ADO = Nothing
' End If
' If Not cmd_ADO Is Nothing Then
' Set cmd_ADO = Nothing
' End If
End Sub
【问题讨论】:
Sql 语法错误,尝试"[Valu] = '" & strValu & "' " & _ - where 之前没有逗号。注意力。您的代码受到 Sql 注入的影响。
哇!!!!!!我不敢相信这是问题!!!!!!!我是新手,所以可以理解,谢谢!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!
顺便说一句 - SQL 注入是什么意思?
【参考方案1】:
SQL Injection是用户在数据字段中插入恶意SQL语句执行的安全漏洞。防御是在查询中使用占位符 (?) 并将值放入参数中。
Option Explicit
Private Sub CommandButton1_Click()
Dim ws As Worksheet
Dim cn_ADO As ADODB.Connection, cmd_ADO As ADODB.Command
Dim dbConn As String
Dim strItmId As String, strName As String, strValu As String
Dim i As Long, n As Long, jOffset As Integer, iStartRow As Integer
Const SQLUser = "sa"
Const SQLPassword = "xxx"
Const SQLServer = "xxx"
Const DBName = "TEST"
Const SQLQuery = " UPDATE COCFG " & _
" SET [Name] = ?, [Valu] = ? " & _
" WHERE [ItmId] = ? "
dbConn = "Provider=SQLOLEDB.1;Persist Security Info=True;User ID=" & SQLUser & _
";Password=" & SQLPassword & ";Initial Catalog=" & DBName & ";" & _
"Data Source=" & SQLServer & _
";User Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;" & _
"Use Encryption for Data=False;Tag with column collation when possible=False"
Set cn_ADO = New ADODB.Connection
cn_ADO.Open dbConn
Set cmd_ADO = New ADODB.Command
With cmd_ADO
.CommandText = SQLQuery
.ActiveConnection = cn_ADO
.Parameters.Append .CreateParameter("P1", adVarChar, adParamInput, 50) ' 50 size
.Parameters.Append .CreateParameter("P2", adVarChar, adParamInput, 50)
.Parameters.Append .CreateParameter("P3", adVarChar, adParamInput, 50)
End With
jOffset = 1
iStartRow = 9
i = iStartRow
Set ws = ActiveSheet
With ws
While .Cells(i, jOffset).Value <> ""
strItmId = .Cells(i, jOffset).Value
strName = .Cells(i, jOffset + 2).Value
strValu = .Cells(i, jOffset + 3).Value
cmd_ADO.Execute n, Array(strName, strValu, strItmId) ' parameter values
i = i + 1
Wend
End With
Set cmd_ADO = Nothing
Set cn_ADO = Nothing
End Sub
【讨论】:
以上是关于获取自动化错误 Excel VBA 尝试更新 SQL Db的主要内容,如果未能解决你的问题,请参考以下文章
使用自动化/VBA 填充 Excel 时,Access O365 崩溃