Excel VBA MySql 参数化更新 'invalid parameter type'
Excel VBA MySql parameterised update 'invalid parameter type'
我正在创建一个界面,用户可以在其中使用 excel 无缝更改 SQL 数据库。我可以很好地检索数据,但是在更新记录时我得到一个 'invalid parameter type'.
只需将值连接到查询中就可以正常工作,但是为了防止 SQL 注入,我需要一个参数化查询。我尝试用值替换 ADO 数据类型,但这并没有改变任何东西。我尝试过未命名的参数,它总是向数据库提交值 16 而不是所需的字符串值
Private Sub Worksheet_Change(ByVal Target As Range)
ID = Cells(Target.Row, 1).Value
Dim locValue As String
locValue = Cells(Target.Row, 2).Value
Dim Cm As ADODB.Command
Set Cm = New ADODB.Command
Cm.NamedParameters = True
Cm.CommandText = "UPDATE issues SET " _
& "location = @location " _
& "WHERE id = " & ID
Dim locationParameter As ADODB.Parameter
Set locationParameter = Cm.CreateParameter("@location", adVarChar, adParamInput, 255)
Cm.Parameters.Append locationParameter
locationParameter.Value = locValue
SqlConnection(Cm)
End Sub
(我知道 ID 尚未参数化,问题在于位置)
Public Function SqlConnection(Cm As ADODB.Command) As ADODB.Recordset
Dim Cn As ADODB.Connection
Dim Server_Name As String
Dim Database_Name As String
Dim User_ID As String
Dim Password As String
Dim SQLStr As String
Server_Name = "127.0.0.1" ' Enter your server name here
Database_Name = "issues_and_outages" ' Enter your database name here
User_ID = "root" ' enter your user ID here
Password = "password" ' Enter your password here
Set Cn = New ADODB.Connection
Cn.Open "Driver={MySQL ODBC 8.0 ANSI Driver};Server=" & Server_Name & ";Database=" & Database_Name & _
";Uid=" & User_ID & ";Pwd=" & Password & ";"
Cm.CommandType = adCmdText
Cm.ActiveConnection = Cn
Set SqlConnection = Cm.Execute
End Function
服务器 MySQL 具有 issues_and_outages table,具有以下列:
id(整数,无符号,密钥,auto_increment)
位置(varchar(255),可为空)
更新单元格时,应该更新位置列,错误
"运行-时间错误'-2147217887 (80040e21)':
[MySQL][ODBC 8.0(a) 驱动程序][mysqld-8.0.16] 参数类型无效
给出,Cm.Execute 行有错误。但是数据库有一个大小为 255 的 varchar 类型的列,它应该是一个 adVarChar,所以我预计不会出错。
正如经常讨论和总结的那样 SO answer,大多数 providers/drivers 的 ADO API 不支持 non-stored 过程 SQL 语句的命名参数.而是使用 qmark,位置参数样式。
Set Cm = New ADODB.Command
With Cm
.ActiveConnection = Cn
.CommandType = adCmdText
.CommandText = "UPDATE issues SET location = ? WHERE id = ?"
.Parameters.Append .CreateParameter("loc_param", adVarChar, adParamInput, 255, locValue)
.Parameters.Append .CreateParameter("id_param", adInteger, adParamInput,, ID)
.Execute
End With
我正在创建一个界面,用户可以在其中使用 excel 无缝更改 SQL 数据库。我可以很好地检索数据,但是在更新记录时我得到一个 'invalid parameter type'.
只需将值连接到查询中就可以正常工作,但是为了防止 SQL 注入,我需要一个参数化查询。我尝试用值替换 ADO 数据类型,但这并没有改变任何东西。我尝试过未命名的参数,它总是向数据库提交值 16 而不是所需的字符串值
Private Sub Worksheet_Change(ByVal Target As Range)
ID = Cells(Target.Row, 1).Value
Dim locValue As String
locValue = Cells(Target.Row, 2).Value
Dim Cm As ADODB.Command
Set Cm = New ADODB.Command
Cm.NamedParameters = True
Cm.CommandText = "UPDATE issues SET " _
& "location = @location " _
& "WHERE id = " & ID
Dim locationParameter As ADODB.Parameter
Set locationParameter = Cm.CreateParameter("@location", adVarChar, adParamInput, 255)
Cm.Parameters.Append locationParameter
locationParameter.Value = locValue
SqlConnection(Cm)
End Sub
(我知道 ID 尚未参数化,问题在于位置)
Public Function SqlConnection(Cm As ADODB.Command) As ADODB.Recordset
Dim Cn As ADODB.Connection
Dim Server_Name As String
Dim Database_Name As String
Dim User_ID As String
Dim Password As String
Dim SQLStr As String
Server_Name = "127.0.0.1" ' Enter your server name here
Database_Name = "issues_and_outages" ' Enter your database name here
User_ID = "root" ' enter your user ID here
Password = "password" ' Enter your password here
Set Cn = New ADODB.Connection
Cn.Open "Driver={MySQL ODBC 8.0 ANSI Driver};Server=" & Server_Name & ";Database=" & Database_Name & _
";Uid=" & User_ID & ";Pwd=" & Password & ";"
Cm.CommandType = adCmdText
Cm.ActiveConnection = Cn
Set SqlConnection = Cm.Execute
End Function
服务器 MySQL 具有 issues_and_outages table,具有以下列:
id(整数,无符号,密钥,auto_increment)
位置(varchar(255),可为空)
更新单元格时,应该更新位置列,错误
"运行-时间错误'-2147217887 (80040e21)': [MySQL][ODBC 8.0(a) 驱动程序][mysqld-8.0.16] 参数类型无效
给出,Cm.Execute 行有错误。但是数据库有一个大小为 255 的 varchar 类型的列,它应该是一个 adVarChar,所以我预计不会出错。
正如经常讨论和总结的那样 SO answer,大多数 providers/drivers 的 ADO API 不支持 non-stored 过程 SQL 语句的命名参数.而是使用 qmark,位置参数样式。
Set Cm = New ADODB.Command
With Cm
.ActiveConnection = Cn
.CommandType = adCmdText
.CommandText = "UPDATE issues SET location = ? WHERE id = ?"
.Parameters.Append .CreateParameter("loc_param", adVarChar, adParamInput, 255, locValue)
.Parameters.Append .CreateParameter("id_param", adInteger, adParamInput,, ID)
.Execute
End With