我正在创建一个界面,用户可以在其中使用 Excel 无缝更改 SQL 数据库。我可以很好地检索数据,但是在更新记录时我得到“无效的参数类型”。
只需将值连接到查询中就可以正常工作,但是为了防止 SQL 注入,我需要参数化查询。我尝试用该值替换 ADO 数据类型,但这并没有改变任何内容。我尝试过未命名的参数,它总是向数据库提交值 16,而不是所需的字符串值
Private Sub Worksheet_Change(ByVal Target As Range)
ID = Cells(Target.Row, 1).Value
Dim locValue As String
locValue = Cells(Target.Row, 2).Value
Dim Cm As ADODB.Command
Set Cm = New ADODB.Command
Cm.NamedParameters = True
Cm.CommandText = "UPDATE issues SET " _
& "location = @location " _
& "WHERE id = " & ID
Dim locationParameter As ADODB.Parameter
Set locationParameter = Cm.CreateParameter("@location", adVarChar, adParamInput, 255)
Cm.Parameters.Append locationParameter
locationParameter.Value = locValue
SqlConnection(Cm)
End Sub
(我知道 ID 尚未参数化,问题在于位置)
Public Function SqlConnection(Cm As ADODB.Command) As ADODB.Recordset
Dim Cn As ADODB.Connection
Dim Server_Name As String
Dim Database_Name As String
Dim User_ID As String
Dim Password As String
Dim SQLStr As String
Server_Name = "127.0.0.1" ' Enter your server name here
Database_Name = "issues_and_outages" ' Enter your database name here
User_ID = "root" ' enter your user ID here
Password = "password" ' Enter your password here
Set Cn = New ADODB.Connection
Cn.Open "Driver={MySQL ODBC 8.0 ANSI Driver};Server=" & Server_Name & ";Database=" & Database_Name & _
";Uid=" & User_ID & ";Pwd=" & Password & ";"
Cm.CommandType = adCmdText
Cm.ActiveConnection = Cn
Set SqlConnection = Cm.Execute
End Function
服务器是 MySQL,带有 issues_and_outages 表,其中包含以下列:
id(整数、无符号、密钥、自动增量)
位置(varchar(255),可为空)
更新单元格时,应更新位置列,出现以下错误
“运行时错误‘-2147217887 (80040e21)’:
[MySQL][ODBC 8.0(a) 驱动程序][mysqld-8.0.16] 参数类型无效”
给出,但 Cm.Execute 行出现错误。然而,数据库有一个大小为 255 的 varchar 类型的列,它应该是一个 adVarChar,所以我预计不会出现错误。
