问题描述
我有一个Access数据库,可用来跟踪出差人员。当我将某人添加到行程中时,它将某些信息项从主人员表中复制到另一个表中,该表将该人与该行程相关联,然后显示我需要跟踪的准备情况。我正在更新前端与后端的通信方式,以准备将其迁移到适当的sql Server上,而不仅仅是迁移到共享驱动器上的后端文件上,并且想知道是否有更好的编码方法这个。
这是原始代码:
Dim rst As DAO.Recordset
Set rst = CurrentDb.OpenRecordset("tblMsnPers")
rst.AddNew
rst![MsnID] = Me.ID
rst![EDIPI] = Me.PerSelect
rst![NameStr] = DLookup("[NameStr]","tblPersonnel","[EDIPI] = '" & Me.PerSelect & "'")
rst![PriAlt] = Me.cmbPriAlt
rst![Errors] = DLookup("[ScrubErrors]","[EDIPI] = '" & Me.PerSelect & "'")
rst![PT] = DLookup("[ScrubFitDate]","[EDIPI] = '" & Me.PerSelect & "'")
rst![vRED] = DLookup("[ScrubvRED]","[EDIPI] = '" & Me.PerSelect & "'")
rst![ISOPREP] = DLookup("[ISOPREP]","[EDIPI] = '" & Me.PerSelect & "'")
rst![2760] = DLookup("[Scrub2760]","[EDIPI] = '" & Me.PerSelect & "'")
rst![Checklist] = DLookup("[ScrubStatus]","[EDIPI] = '" & Me.PerSelect & "'")
rst![IMR] = DLookup("[ScrubShots]","[EDIPI] = '" & Me.PerSelect & "'")
rst![Review] = DLookup("[ReviewDate]","[EDIPI] = '" & Me.PerSelect & "'")
rst.Update
rst.Close
Set rst = nothing
这是我更新的代码:
DoCmd.SetWarnings False
sqlStr = "INSERT INTO tblMsnPers " _
& "(MsnID,EDIPI,PriAlt) VALUES " _
& "('" & Me.ID & "','" & Me.PerSelect & "','" & Me.cmbPriAlt & "');"
DoCmd.Runsql sqlStr
sqlStr2 = "UPDATE tblMsnPers INNER JOIN tblPersonnel ON tblMsnPers.EDIPI = tblPersonnel.EDIPI " _
& "SET tblMsnPers.NameStr = [tblPersonnel].[NameStr]," _
& "tblMsnPers.Errors = [tblPersonnel].[ScrubErrors]," _
& "tblMsnPers.PT = [tblPersonnel].[ScrubFitDate]," _
& "tblMsnPers.vRED = [tblPersonnel].[ScrubvRED]," _
& "tblMsnPers.ISOPREP = [tblPersonnel].[ISOPREP]," _
& "tblMsnPers.[2760] = [tblPersonnel].[Scrub2760]," _
& "tblMsnPers.Checklist = [tblPersonnel].[ScrubStatus]," _
& "tblMsnPers.IMR = [tblPersonnel].[ScrubShots]," _
& "tblMsnPers.Review = [tblPersonnel].[ReviewDate]," _
& "tblMsnPers.ATL1 = [tblPersonnel].[ATL1]," _
& "tblMsnPers.SERE = [tblPersonnel].[SERE]," _
& "tblMsnPers.CED = [tblPersonnel].[CED]," _
& "tblMsnPers.GTCexp = [tblPersonnel].[ScrubGTC] " _
& "WHERE ((tblMsnPers.MsnID = " & Me.ID & ") AND (tblMsnPers.EDIPI = '" & Me.PerSelect & "'));"
DoCmd.Runsql sqlStr2
DoCmd.SetWarnings True
我不禁觉得这里有一种更好的方法来写sql字符串,因为完全公开,作为反向工程和Google-Fu的学生,我对我在这里所做的工作几乎一无所知。有没有更好的方法在此处编写sql字符串?
解决方法
我会用这个
Dim rstPerson As Recordset
Dim rst As Recordset
Dim strSQL As String
strSQL = "SELECT * from tblersonal where EDIPI = '" & Me.PerSelect & "'"
Set rstPer = CurrentDb.OpenRecordset(strSQL)
Set rst = CurrentDb.OpenRecordset("tblMsnPers")
With rst
.AddNew
!MnID = Me.ID
!EDIPI = Me.PerSelect
!NameStr = rstPer!NameStr
!PriAlt = Me.cmbPriAlt
!Errors = rstPer!ScrubErrors
!PT = rstPer!ScrubFitDate
!vRED = rstPer!ScrubvRED
!ISOPREP = rstPer!ISOPREP
![2760] = rstPer!Scrub2760
!Checklist = rstPer!ScrubStatus
!IMR = rstPer!ScrubShots
!Review = rstPer!ReviewDate
.Update
.Close
End With
由于以下原因,效果很好:
- 所有数据类型检查均已为您完成。 (“,字符串,#个日期, 没有数字)
- 您没有混乱的连接。
- 您获得参数安全代码(无sql注入-至少对于更新部分而言)。
- 更少的代码。更具可读性。
如果将数据库转换为sql server,以上代码将继续起作用。