• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 957
  • Last Modified:

ADP - Must Declare the Scalar Varaible

I am having difficulty with a ADP project, specifically regarding ADO / SQL usage.

I'm currently in the process of writing a function to return a resultset from a SQL table (SQL Server 2005), the code is fairly simple (see attached example).

The problem line looks to be: "Set rs_ = .Execute"... it throws the following error: "Must Declare the Scalar Variable @id".

I have tried to use '?' marks instead, but no luck; does anyone have any ideas (short of creating a stored procedure!).

Cheers
Function Example()
On Error GoTo ErrorHandler:
 
Dim command_ As New ADODB.Command
Dim rs_ As ADODB.Recordset
 
    With command_
    
        .ActiveConnection = CurrentProject.Connection
        .NamedParameters = True
        .CommandType = adCmdText
        .CommandText = "SELECT t.* FROM ticket t WHERE t.id = @id"
        
        .Parameters.Append .CreateParameter("@id", adInteger, adParamInput, , 11)
        
        Set rs_ = .Execute
        
        With rs_
        
            If .State = adStateOpen Then
            
                ' TODO: this bit!
            
            End If
        End With
    End With
    
Tidy:
 
    Set command_ = Nothing
    Set rs_ = Nothing
    
Exit Function
ErrorHandler:
 
    Debug.Print Err.Description: GoTo Tidy
 
End Function

Open in new window

0
MISLtd
Asked:
MISLtd
  • 2
  • 2
1 Solution
 
Kelvin SparksCommented:
Replace "SELECT t.* FROM ticket t WHERE t.id = @id"

with

"SELECT t.* FROM ticket t WHERE t.id = " & the vale for @ID.

IF @ID is text then

"SELECT t.* FROM ticket t WHERE t.id = '" & @ID & "'"
0
 
MISLtdAuthor Commented:
While that would work, it leaves things a fairly open to SQL injection attacks as the @id parameter will be generated by user input.
0
 
Kelvin SparksCommented:
OK, but you haven't said where @ID is coming from. What you have in the adp is a statement that will be executed. Using ADO you have to pass these parameters in from somewhere.

You are using adCmdText. This just executes the string you create
0
 
MISLtdAuthor Commented:
I gave the '?' mark another go and seem to have solved the problem.
Function Example()
On Error GoTo ErrorHandler:
 
Dim command_ As New ADODB.Command
Dim rs_ As ADODB.Recordset
 
    With command_
    
        .ActiveConnection = CurrentProject.Connection
        .NamedParameters = True
        .CommandType = adCmdText
        .CommandText = "SELECT t.* FROM ticket t WHERE t.id = ?"
        
        .Parameters.Append .CreateParameter("id", adInteger, adParamInput, , 11)
        
        Set rs_ = .Execute
        
        With rs_
        
            If .State = adStateOpen Then
            
                ' TODO: this bit!
            
            End If
        End With
    End With
    
Tidy:
 
    Set command_ = Nothing
    Set rs_ = Nothing
    
Exit Function
ErrorHandler:
 
    Debug.Print Err.Description: GoTo Tidy
 
End Function

Open in new window

0
 
Computer101Commented:
PAQed with points refunded (500)

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now