Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

ADP - Must Declare the Scalar Varaible

Posted on 2007-11-22
6
Medium Priority
?
952 Views
Last Modified: 2013-12-05
I am having difficulty with a ADP project, specifically regarding ADO / SQL usage.

I'm currently in the process of writing a function to return a resultset from a SQL table (SQL Server 2005), the code is fairly simple (see attached example).

The problem line looks to be: "Set rs_ = .Execute"... it throws the following error: "Must Declare the Scalar Variable @id".

I have tried to use '?' marks instead, but no luck; does anyone have any ideas (short of creating a stored procedure!).

Cheers
Function Example()
On Error GoTo ErrorHandler:
 
Dim command_ As New ADODB.Command
Dim rs_ As ADODB.Recordset
 
    With command_
    
        .ActiveConnection = CurrentProject.Connection
        .NamedParameters = True
        .CommandType = adCmdText
        .CommandText = "SELECT t.* FROM ticket t WHERE t.id = @id"
        
        .Parameters.Append .CreateParameter("@id", adInteger, adParamInput, , 11)
        
        Set rs_ = .Execute
        
        With rs_
        
            If .State = adStateOpen Then
            
                ' TODO: this bit!
            
            End If
        End With
    End With
    
Tidy:
 
    Set command_ = Nothing
    Set rs_ = Nothing
    
Exit Function
ErrorHandler:
 
    Debug.Print Err.Description: GoTo Tidy
 
End Function

Open in new window

0
Comment
Question by:MISLtd
  • 2
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Kelvin Sparks
ID: 20333437
Replace "SELECT t.* FROM ticket t WHERE t.id = @id"

with

"SELECT t.* FROM ticket t WHERE t.id = " & the vale for @ID.

IF @ID is text then

"SELECT t.* FROM ticket t WHERE t.id = '" & @ID & "'"
0
 
LVL 1

Author Comment

by:MISLtd
ID: 20333538
While that would work, it leaves things a fairly open to SQL injection attacks as the @id parameter will be generated by user input.
0
 
LVL 22

Expert Comment

by:Kelvin Sparks
ID: 20333549
OK, but you haven't said where @ID is coming from. What you have in the adp is a statement that will be executed. Using ADO you have to pass these parameters in from somewhere.

You are using adCmdText. This just executes the string you create
0
 
LVL 1

Author Comment

by:MISLtd
ID: 20333617
I gave the '?' mark another go and seem to have solved the problem.
Function Example()
On Error GoTo ErrorHandler:
 
Dim command_ As New ADODB.Command
Dim rs_ As ADODB.Recordset
 
    With command_
    
        .ActiveConnection = CurrentProject.Connection
        .NamedParameters = True
        .CommandType = adCmdText
        .CommandText = "SELECT t.* FROM ticket t WHERE t.id = ?"
        
        .Parameters.Append .CreateParameter("id", adInteger, adParamInput, , 11)
        
        Set rs_ = .Execute
        
        With rs_
        
            If .State = adStateOpen Then
            
                ' TODO: this bit!
            
            End If
        End With
    End With
    
Tidy:
 
    Set command_ = Nothing
    Set rs_ = Nothing
    
Exit Function
ErrorHandler:
 
    Debug.Print Err.Description: GoTo Tidy
 
End Function

Open in new window

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 21641033
PAQed with points refunded (500)

Computer101
EE Admin
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
Sometimes MS breaks things just for fun... In Access 2003, only the maximum allowable SQL string length could cause problems as you built a recordset. Now, when using string data in a WHERE clause, the 'identifier' maximum is 128 characters. So, …
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question