0

I'm trying to pass values from a Form into my database, via SQL:

Private Sub Befehl4_Click()

Dim SQL As String
Dim unique As String

unique = Forms!frm_test!PN

SQL = "INSERT INTO tab_test (Feld1) VALUES (unique)"
DoCmd.RunSQL SQL

End Sub

When I execute this code from my button in my Form, unique isn't passed to the SQL-command. I have to type it in. When writing the SQL-command this way: 

SQL = "INSERT INTO tab_test (Feld1) VALUES (Forms!frm_test!PN)"

It works how expected.

What am I missing or doing wrong?

halfer
  • 19,824
  • 17
  • 99
  • 186
Hubschr
  • 1,285
  • 6
  • 18
  • 35

1 Answers1

0

SQL = "INSERT INTO tab_test (Feld1) VALUES ('" & Forms!frm_test!PN & "')"

Nathan_Sav
  • 8,466
  • 2
  • 13
  • 20
  • 3
    That opens up the application to SQL injection, and `unique` is dimmed as a string, so this'll likely not work too, because you haven't used string delimiters. – Erik A Aug 15 '18 at 08:53