Solved Please Fix my Query

KitaYama said:
I have seen and studied your RC4 sample database. First time hearing AES. Do you have an article on this too?
Click to expand...

No I don't but an expert in encryption wrote an article on AES at Bytes.com some time ago

AES Encryption Algorithm for VBA and VBScript - Post.Byes

Introduction The Advanced Encryption Standard is the algorithm that won the National Insitute of Standards and Technology's (NIST) search for a standardized encryption algorithm in 2001. In 2002, it was adopted by the U.S. government as a stadard for encryption. It is based on the Rijndael...
bytes.com

The author of that article is the only person so far who has been able to crack my security challenge:
www.isladogs.co.uk

Encrypted Split No Strings

This example app shows how an Access database can be made reasonably secure against hackers whilst still allowing full functionality to authorised users.
www.isladogs.co.uk www.isladogs.co.uk
His solution didn't involve VBA but was remarkably clever.
 
Gents/Ladies, although I've elected to use a bound form for my 'registration' ,It still bugs me that I cannot derrive the correct SQL insert into string syntax.

This is my code & the project is for me to learn, but nothing important. I just don't wish to be beaten

And this is an example of the debug.print ;
"INSERT INTO MsysUsers (FirstName, LastName,PWD, PWDDate)"SELECT 'terry' AS firstName,'hill' AS LastName,'(vP.åŸ0è¢P¯Aºiµ#/Ñ' AS PWD,'#25/10/2022#' AS PWDDate;
"
The error message is also attached.

As I said, I'm just trying to learn why the string does not work.
Appreciate any assistance (go easy i'm still very much keen, but an amateur)

Code: 
Option Compare Database
Option Explicit

Private Sub AddNew_Click()
Dim txtPWD As String
Dim PWD As String
Dim Key As String
Dim strSQL As String

'On Error GoTo Error_Handler
 
    Key = GetKey
      
    txtPWD = fRunRC4(Me.[txtEmail], Key) ' this encrypts the users email address & gets filed 'Key' from a saved database property
    
    PWDdate = Date
        
strSQL = "INSERT INTO MsysUsers (FirstName, LastName,PWD, PWDDate)"
         Debug.Print strSQL
        
strSQL = strSQL & """SELECT '" & Me.[txtFirstName] & "' AS firstName,'"
        Debug.Print strSQL


strSQL = strSQL & Me.[txtLastName] & "' AS LastName,'"
        Debug.Print strSQL
        
strSQL = strSQL & txtPWD & "' AS PWD,'"
        Debug.Print strSQL
        
strSQL = strSQL & "#" & Format(PWDdate, "dd/mm/yyyy") & "#" & "' AS PWDDate;"
        Debug.Print strSQL
 strSQL = """" & strSQL
        Debug.Print strSQL
        
    CurrentDb.Execute strSQL, dbFailOnError
    
    Me.lblInfo.Caption = "New user " & " " & Me.[txtFirstName] & " " & Me.[txtLastName] & " " & "has been successfully added"

exit_proc::
      
    Exit Sub

Error_Handler:

[ATTACH type="full"]104084[/ATTACH]    Call DisplayErrorMessage(Err.Number, "Add New User")
    
    Resume exit_proc
End Sub
 

Attachments

  • test.jpg
    test.jpg
    590.7 KB · Views: 92
The reason is explained in Post #5

In access/jet/ace you must specify a FROM table when using INSERT ... SELECT syntax, and you are then likely to get as many records inserted as there are rows in the table.

To insert a single record use INSERT ... VALUES syntax instead:
Code: 
' ...
strSQL = "INSERT INTO MsysUsers (FirstName, LastName,PWD, PWDDate)"
strSQL = strSQL & " VALUES ('" & Me.[txtFirstName] & "','" & Me.[txtLastName] & "','" & Me.txtPWD & "',#" & Format(PWDdate, "yyyy-mm-dd") & "#);"
         Debug.Print strSQL
' ...
 
Note you must also pass dates to SQL in an unambiguous format (irrespective of you local regional date format), which means either US date format (mm/dd/yyyy) or ISO date format (yyyy-mm-dd)

With the date in your example you would have been lucky in using UK date format since it can only be interpreted as 25th October, but you would have come a cropper if you had tried to insert 11th October. It would have been interpreted as 10th November.
 
@cheekybuddha , thanks once again. I hate to be beaten by lack of understanding. I've elected to use a bound form, but was still not happy that i could not achieve my initial approach. Thanks will give it a go.
 
Equivalently, to insert only one record, you can use a Recordset-AddNew. This is somewhat clearer due to the omission of data type-specific formatting.
Code: 
Dim rs As DAO.Recordset
Set rs = CurrentDb.Openrecordset("SELECT FirstName, LastName, PWD, PWDDate FROM MsysUsers WHERE False", dbOpenDynaset)
With rs
   .AddNew
   .Fields("FirstName") = Me.txtFirstName
   .Fields("LastName") = Me.txtLastName
   .Fields("PWD") = Me.txtPWD
   .Fields("PWDDate") = Date
   .Update
   .Close
End With
Regardless of what else you do, you should definitely have the ability to write into a table.
 
@ebs17 , that is the reason i did not give up with my challenge. Thanks.
 
To all contributers. Got it working as an unbound form, but elected to go bound for simplicity. Something to be said in letting access manage it'self. Appreciate all recommendations and i achieved my 'learning' goal. Now onto the next challenge....
 
You must log in or register to reply here.

Similar threads

lacampeona
Format() function not changing date variable format or literal code
2
Replies
21
Views
1,957
lacampeona
lacampeona
JMongi
Public Variables in a module vs Dim variables in a form
Replies
17
Views
1,964
Pat Hartman
P
M
Text box AfterUpdate event need to populate a subform with records
Replies
6
Views
856
Manos39
M
zelarra821
Solved Get the last value from a query using VBA
Replies
10
Views
905
Pat Hartman
P
R
Solved INSERT Query not returning errors - yet not inserting into table
2
Replies
33
Views
2,786
Ryan142
R

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom