Problem with 'Like' SQL filter

ChrisLeicester · 2025-06-09T11:04:41+0100

Hi All

I am trying to do a search button on a continuous form to search for records that contain some of what is entered in the textbox.

Code:

Private Sub SearchBTN_Click()

Dim strSQL As String

strSQL = "[TransDesc] = " & "Like '*" & Me.SearchBox & "*'"

Me.Filter = strSQL

Me.FilterOn = True


End Sub

When running I get a syntax error saying missing operator.

Printing the strSQL in the imediate window shows;

[TransDesc] = Like '*zilch*'

which to me looks right. I do have the [TransDesc] field on the form

What have I done wrong now

Thanks in advance

Chris

XPS35 · 2025-06-09T11:07:25+0100

You need to remove the =.

MajP · 2025-06-09T11:09:53+0100

Remove
= " & "

ChrisLeicester · 2025-06-09T11:14:14+0100

Hi
Perfect, is working great now

Thanks a lot

Josef P. · 2025-06-09T11:24:10+0100

.. and now test this: write in Me.SearchBox: ' or 'a' like '

=> to avoid sql injection use:

Code:

strSQL = "[TransDesc] Like '*" & replace(Me.SearchBox, "'", "''") & "*'"

ChrisLeicester · 2025-06-09T13:12:24+0100

Josef
your way works better, as you say. searching 'A' returns another syntax error, but your line doesnt.
Thanks

Josef P. · 2025-06-09T13:38:18+0100

Briefly explained with sample code to be on the safe side:

Code:

Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "abc"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & SearchBoxStringInsertedByUser & "*'"
Debug.Print strSQL

=> [TransDesc] = '*abc*' => as expected
But:

Code:

Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "' or 'a' like '"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & SearchBoxStringInsertedByUser & "*'"
Debug.Print strSQL

=> [TransDesc] = '*' or 'a' like '*'
SQL is correct, but I don't think that was the developer's expected result.

'a' like '*' is alway true.

Fix it:

Code:

Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "' or 'a' like '"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & Replace(SearchBoxStringInsertedByUser, "'", "''") & "*'"
Debug.Print strSQL

=> [TransDesc] = '*'' or ''a'' like ''*'
This is exactly 1 filter expression with one filter value.

Problem with 'Like' SQL filter

ChrisLeicester

Member

XPS35

Active member

MajP

You've got your good things, and you've got mine.

ChrisLeicester

Member

Josef P.

Well-known member

ChrisLeicester

Member

Josef P.

Well-known member

Similar threads

Users who are viewing this thread