ACCESS/SQL - Too Few Parameters

Question

I am using the code below to create a new record in the \"transactions table\" the second line of the insert statement is throwing an error: Too few parameters. I have doubl

Answer 1

Do any of the text fields you're loading into your vbl fields contain special characters like these?

, ' " 

All of those in a text field in a perfectly good SQL Insert command could screw things up, I bet that's what happening here.

It would be better if you actually use parameters here to, rather than loading the text in textboxes directly into your SQL queries, since you're opening yourself up to SQL Injections. What if someone types

"; Drop Table dbo_Transactions;

in one of your textboxes and you run this query? Your database is then totally screwed up because someone just deleted one of your tables.

A few links to info on using Parameters to prevent this issue, which I'll bet will also fix the too few parameters issue you're having.

http://forums.asp.net/t/886691.aspx

http://sqlmag.com/blog/t-sql-parameters-and-variables-basics-and-best-practices

Answer 2

As others have suggested, using a parameterized query is a much better way of doing what you're attempting to do. Try something like this:

Dim qdf As DAO.QueryDef
Set qdf = dbs.CreateQueryDef("", _
        "PARAMETERS prmCustomerID Long, prmMealID Long, prmTransactionAmount Currency, prmTransactionDate DateTime;" & _
        "INSERT INTO dbo_Transactions (CustomerID, MealID, TransactionAmount, TransactionDate) " & _
        "VALUES ([prmCustomerID], [prmMealID], [prmTransactionAmount], [prmTransactionDate]) ")
qdf!prmCustomerID = txtCustomerID.Value
qdf!prmMealID = txtMealType.Value
qdf!prmTransactionAmount = txtCharge.Value
qdf!prmTransactionDate = Date()
qdf.Execute dbFailOnError
Set qdf = nothing