Port Access to SQL Server

Access developers from SQL Server are faced with many difficulties. However, the most difficult problem is the handling of dynamic SQL. In Access, it is quite common to specify the row of the control as a string. For example, the form contains many selectors (SalesGroup, State/Province/Canton, Beginning Date, and Ending Date). Access developers generally check these controls to see which ones are Null, then write SQL statements to delete these Null values.

Connecting to SQL Server in this way has the following Disadvantages:

All processing is completed on the client, rather than on the server.

The code for parsing these controls and processing SQLq statements is lengthy.

This method can easily cause injection attacks ).

Access developers eager to expand to SQL Server must solve two problems:

1. Identify all records and row data sources that are not based on name queries.

2. Use name query to replace all queries.

For dynamic query processing, you can use the following code:

SELECT *

FROM SomeTables

WHERE ColumnOfInterest = Forms ("myForm"). ControlOfInterest

AND Column2OfInterest = Forms ("myForm"). Control2OfInterest

For simplicity, we assume that the Access form contains only two controls. The Access method parses the control value in the code, and then processes each dynamic SQL query using a non-zero value.

This is a method without a wizard. What you need is a storage program that is parameterized to receive all data from controls on the form. For example, if the given two controls are triggered by the stored program's own data, if the value is Null, the stored program will be intelligently executed.

Here is a simple technique for implementing this process:

SELECT *

FROM SomeTables

WHERE ColumnOfInterest = 12345 OR ColumnOfInterest is NULL