I'd like to create and open a select query based on the user's current form filters. I can do this in VBA by parsing the form's Me.Filter string, extracting the bits I need and building a WHERE statement. However, putting in the all the required logic, punctuation and syntax is going to be a pain.
So my question, before I do all that is: is there any existing function to do this?
Thanks.
Maybe my comment was a little cryptic.
Let's say the recordsource of your form is myQuery.
The form is filtered, Me.Filter = myQuery.field1 LIKE 'asdf*' AND myQuery.field2 = 42
So your select query is e.g.
SELECT field1, field3
FROM myQuery
WHERE myQuery.field1 LIKE 'asdf*' AND myQuery.field2 = 42
or
myQuerydef.SQL = "SELECT field1, field3 FROM " & Me.Recordsource & _
" WHERE " & Me.Filter
So I don't quite see where the problem is.
The answer to your question is no, there is no function - but you shouldn't need anything besides Me.Filter.
Edit as suggested by HansUp:
If the RecordSource of your form currently isn't a single query, but a SELECT statement, create a named query from that SELECT statement, and use that query as RecordSource.
Related
I have the correct result coming back. I just need to convert 6 abbreviations in that result to their correct names. There are 20k names assigned to 1 of 6 abbreviated names.
I tried aliasing but that seems to only work for table names.
I tried doing a case statement but that didn't work.
You need to provide more details (like some sample input and output), but if you have data like EM100, and you want to make it EMPLOYEE 100, then you could use an expression such as:
CASE WHEN ColumnName like 'EM%' THEN 'EMPLOYEE ' + SUBSTRING (ColumnName,3,100)
WHEN ColumnName like 'RN%' THEN 'REGNURSE' + SUBSTRING (ColumnName,3,100)
else ColumnName END
But providing more details will help provide a more specific answer.
I,m trying to get rid of linked tables and use only VBA code to generate recordset. I found that filtering data using where clause in my DoCmd.OpenForm command doesn't work this way. Is that expected behavior? Or maybe it should work and the problem is located somewhere else... Are OpenArgs the only thing that left me to do this?
To clarify my question:
I have two ms access forms:
One (continuous form) with hyperlink and on click code behind like follows
Private Sub txtPerson_Click()
DoCmd.OpenForm "frmPersonnelDetails", , , "PersonId = " & Me.txtPersonID, acFormReadOnly, acDialog
End Sub
and second one (frmPersonnelDetails), not connected to any recordsource, with recordset created with:
Private Sub Form_Load()
strQuery = "SELECT PersonID, Abbreviation, FirstName, LastName FROM SomeTable"
Set objDaoDb = GetDAODbConn 'function that returns database connection object
Set objDaoRS = objDaoDb.OpenRecordset(strQuery, dbOpenDynaset, dbSeeChanges)
Set Me.Form.Recordset = objDaoRS
End Sub
Now, where clause doesn't work. Second form is opening always on the first record. Is it normal? What is the best way to make it open on specified record?
this should be a simple thing but I've spent hours to no avail. Basically, I need to look up a salesrep # in a SQL database using the user's Window's user id. The format of the user id is
"Norstar\kjones" and I need the "kjones" portion of it.
using the split function, I am able to pull just the 'kjones' part out:
split(User!UserID,"\").GetValue(1)
I've created a parameter called SlsmnNum and created a dataset to be used to look up the salesrep # using the user id (the slsm_num field is a varchar, not an integer):
select slsm_num from Salesman_Msid where slsm_msid = ''' + split(User!UserID,"\").GetValue(1) + '''
However, I get no results. How can I get the select to work?
alternatively, I tried the following:
in parameter SlsmnNum, I set the default to an expression using:
split(User!UserID,"\").GetValue(1) and this returns 'kjones', as expected.
I created a SECOND parameter (which is positioned BELOW the SlsmnNum parameter), SlsmnNum2, that has a default (and an available) value using a query, which is a dataset containing the following select statement:
select slsm_num from Salesman_Msid where slsm_msid = (#SlsmnNum)
When I run the query on the Data tab, when I type in 'kjones' into the parameter box, it returns '1366', the salesrep # I'm expecting.
But, when I Preview the report, all I get in SlsmnNum2 box is Select a Value and nothing is there (it should return '1366').
Any help would be greatly appreciated!
Try your first approach with Query Text as
="select slsm_num from Salesman_Msid where slsm_msid = '" & split(User!UserID,"\").GetValue(1) & "'"
I have a table that lists movies and I have incorporated a simple search function.
I have one text field in a form where a title or keyword can be entered and then the form is submitted.
php/mysql code that does the work is:
$find = $_POST['find'];
$find = mysql_real_escape_string($find);
$find = htmlspecialchars($find);
$sql = "SELECT * FROM tbl_buyerguide WHERE rel_date BETWEEN NOW() AND DATE_ADD(now(), INTERVAL 2 MONTH) AND title LIKE '%".$find."%' ORDER BY title";
where 'find' is the name of the text input in the search form.
This works well enough for the search functionality for the required purpose.
My question to all is:
Is the mysql_real_escape_string and htmlspecialchars enough to make my search form secure?
I have read all of the questions that I can find on stackoverflow about this, but I would really like someone in the know to just say to me "yes, that is all you need", or "no, you also need to take into account ...".
Thanks in Advance.
Cheers Al.
Remember the adage: Filter In, Escape Out.
You're not outputting the term there, so why are you escaping it for HTML purposes with htmlspecialchars()?
Instead, ONLY escape it for the database (you should be using prepared statements, but that's another point). So you should not be using htmlspecialchars there.
Instead, when you go to output the variable onto the HTML page, that's when you should escape it for HTML (again, using htmlspecialchars).
Right now, you're mixing database and html escaping, which is going to lead to neither being effective...
Yes it is enough to make it secure....you could always throw strip_tags() in there as well....
Although I would just do it in one line...instead of using three
$find = htmlspecialchars(mysql_real_escape_string($_POST['find']));
But to really make it secure and up to date, you should stop using mysql_* functions as they are deprecated, and will be removed in any future relases of PHP....
You should instead switch to either mysqli_* or PDO, and implement prepared statements which handles security for you.
Example...in PDO
$db = new PDO('mysql:server=localhost;dbname=test', 'username', 'password');
$find = $_POST['find'];
$query = $db->prepare('SELECT * FROM tbl_buyerguide WHERE rel_date BETWEEN NOW() AND DATE_ADD(now(), INTERVAL 2 MONTH) AND title LIKE :like ORDER BY title');
$query->bindValue(':like', '%' . $find . '%');
$query->execute();
I currently want to get a value from a form to set it in an SQL query I make in a module under Access using VBA. I tried to use
value = Forms![NameOfForm]![NameOfTextbox]
sqlquery = "...." & value & "....."
It make an error (2450) saying it cannot found the specified form. How can I get the value of this textbox so I could use it in my module?
Thx
Modify your VBA code to ensure the form is open.
DoCmd.OpenForm "NameOfForm"
That should prevent error #2450.
Afterwards, you don't need to store the value of [NameOfTextbox] to a variable, then use that variable to build your SQL statement. You can use its value directly.
sqlquery = "SELECT * FROM YourTable " & _
"WHERE some_field = '" & Forms![NameOfForm]![NameOfTextbox] & "';"
Or embed a reference to the textbox itself (instead of the textbox's value) in the query.
sqlquery = "SELECT * FROM YourTable " & _
"WHERE some_field = Forms![NameOfForm]![NameOfTextbox];"
I assumed some_field is a text data type field, so enclosed the textbox value with single quotes in the first query example. Notice the second example doesn't need the quotes because it refers to the textbox by name rather than its value.
However, should you continue with your original approach (storing the textbox value to a variable), don't name your variable "value" because value can be confused with a property of many objects.