SQl Insert
Your missing this: docmd.runsql strsql
But you should be using ADO with Parameters
Sql injection is possible when you use strings to pass your values to parameters. Also excaping characters in your string must be done if your going to use strings to pass your values
Ado tutorial
http://www.functionx.com/vbaccess/Lesson04d.htm
dim strSQL as string
dim cn as adodb.connection
Dim str_Connect As String
Dim strSQLServer As String
strSQLServer = "SQL Server 2000"
dim DatabaseServer as string
dim DatabaseUsername as string
dim DatabasePassword as string
DatabaseServer = "DbServer"
DatabaseUsername = "User"
DatabasePassword = "Passwd"
'Create Connection string
If strSQLServer = "SQL Server 2000" Then
str_Connect = "Driver={SQL Server};SERVER=" & DatabaseServer & ";" & _
"DATABASE=" & DatabaseName & ";UID=" & DatabaseUsername & ";PWD=" & DatabasePassword & ";OPTION=35;"
ElseIf strSQLServer = "SQL Server 2005" Then
str_Connect = "Driver={SQL Native Client};SERVER=" & DatabaseServer & ";" & _
"DATABASE=" & DatabaseName & ";UID=" & DatabaseUsername & ";PWD=" & DatabasePassword & ";OPTION=35;"
Else
str_Connect = Application.CurrentProject.Connection
End If
cn.ConnectionString = str_Connect
cn.Open 'Open the Connection
'Example query
strSQL = "UPDATE Orders SET Orders.Comment=? WHERE Orders.OrderID=?;"
'Pass the parameters in the order that the question marks are parsed
dim Param as adodb.parameter 'Parameter object for passing values
dim cmd as new adodb.command
cmd.ActiveConnection = cn
cmd.CommandType = adCmdUnknown 'SQL Query not stored procedure (could be Select, Insert, Update, or Delete [Select statement will return a recordset] )
cmd.CommandText = strSQL
dim strValue as string
dim intValue as Long
strValue = "Comment" ' Value being passed to comments field
intValue = 1 'Order ID Parameter value being passed
'Get the Datatypes from your sql server table design (adChar, adInteger, etc.)
Set Param = cmd.CreateParameter(, adChar, adParamInput, 50, strValue)
cmd.Parameters.Append Param
set Param = nothing
Set Param = cmd.CreateParameter(, adInteger, adParamInput,, intValue)
cmd.Parameters.Append Param
set Param = nothing
cmd.Execute 'Runs the query
set cmd = nothing 'Clear the Memory of the command
cn.close 'Close the Connection
set cn = nothing 'Clear memory