Defining a String Value using SQL

In MS Access VBA, is it possible to define the value for a string using SQL? I keep getting errors trying to get this to work. I've got a bit rusty in the past 4 years... Here is an example of what I have been attempting:

Private Sub Command1_Click()

Dim strCCN as String, strDESCR as String

strCCN = " & FRM_MAIN.CCN & "
strDESCR = DoCmd.RunSQL("SELECT DESCR FROM TBL_INV_REPORT WHERE TBL_INV_REPORT.CCN = ' " & strCCN & " ' ; )
LVL 4
Stephen DaughertyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BembiCEOCommented:
strCCN = FRM_MAIN.CCN (assuming this is a text field)
 strDESCR = DoCmd.RunSQL("SELECT DESCR FROM TBL_INV_REPORT WHERE TBL_INV_REPORT.CCN = ' " & strCCN & " ' "; )
0
Gustav BrockCIOCommented:
You can use:

strDESCR = Nz(DLookup("DESCR", "TBL_INV_REPORT", "CCN = '" & FRM_MAIN.CCN & "'"))

Open in new window

/gustav
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Fabrice LambertFabrice LambertCommented:
Hi,

Building an SQL query with user input as strings can be a source of troubles:
What if the user enter something with quotes ? Double quotes ? Or a mix of both ?
Your query will become invalid, and MS Access will complain (by raising an unexpected and unpleasant error, or not running the query).

to prevent this, you can use an advanced technique: Parameterized query:
Dim db As DAO.Database
Dim qd As DAO.QueryDef
Dim strSQL As String

    '// First, define your SQL query, with parameters:
strSQL = vbNullString
strSQL = strSQL & "PARAMETERS CNNvalue Text(255); & vbcrlf
strSQL = strSQL & "SELECT DESCR" & vbcrlf
strSQL = strSQL & "FROM TBL_INV_REPORT" & vbcrlf
strSQL = strSQL & "WHERE TBL_INV_REPORT.CCN = [CNNvalue];"

    '// 2nd, create a temporary querydef object
    '// (name must be unique)
Set db = CurrentDb
Set qd = db.CreateQueryDef("tmpQry", strSQL)

    '// 3rd, fillup querydef parameters:
qd.Parameters("CNNvalue").Value = strCCN

    '// 4th, execute the querydef
qd.Execute dbFailOnError

    '// 5th: properly destroy objects
qd.Close
db.QueryDefs.Delete qd.Name
Set qd = Nothing
Set db = Nothing

Open in new window

Additional bonus: It protect from SQL injection.

Side notes:
Prefer using the Execute() function when running sql queries, so MS Access won't prompt you when running "Action queries", and you won't have to mess up with docmd.SetWarnings. Plus it can raise an error in case of troubles.
0
Gustav BrockCIOCommented:
It was a select task, not an action task.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.