I was giving the great advice from capricorn1 to use Chr(34) in VBA Recordset Where and Join conditions. It works great. I'm thinking of using it for all strings that are in Joins or Where conditions. Does anyone know of downsided (other than my time) in doing this. My users keep wanting to use single quotes and other special characters and I'm sick of trying to explain that they can't do it. Below is an example of how I am modifying my queries to make them safe. Does anyone know of any problems with this?
Note: the other part of this fix is that I don't allow the user to enter double quotes into my forms. My warning message tells them to use two single quotes next to each other instead of double quotes.
' strQuery = "SELECT Bulk, FDG FROM Components" & _
' " WHERE [Component_Num] = " & "'" & strComponentNum & "'" 'Unsafe with single quotes
strQuery = "SELECT Bulk, FDG FROM Components" & _
" WHERE [Component_Num] = " & Chr(34) & strComponentNum & Chr(34) & "" 'Safe with single quotes