Problem with 'Like' SQL filter

C

ChrisLeicester

Member
Local time
Today, 14:07
Joined
Feb 14, 2025
Messages
64
Hi All

I am trying to do a search button on a continuous form to search for records that contain some of what is entered in the textbox.

Code: 
Private Sub SearchBTN_Click()

Dim strSQL As String

strSQL = "[TransDesc] = " & "Like '*" & Me.SearchBox & "*'"

Me.Filter = strSQL

Me.FilterOn = True


End Sub

When running I get a syntax error saying missing operator.

Printing the strSQL in the imediate window shows;

[TransDesc] = Like '*zilch*'

which to me looks right. I do have the [TransDesc] field on the form

What have I done wrong now

Thanks in advance

Chris
 
Remove
= " & "
 
.. and now test this: write in Me.SearchBox: ' or 'a' like ' ;)

=> to avoid sql injection use:
Code: 
strSQL = "[TransDesc] Like '*" & replace(Me.SearchBox, "'", "''") & "*'"
 
Josef
your way works better, as you say. searching 'A' returns another syntax error, but your line doesnt.
Thanks
 
Briefly explained with sample code to be on the safe side:

Code: 
Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "abc"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & SearchBoxStringInsertedByUser & "*'"
Debug.Print strSQL
=> [TransDesc] = '*abc*' => as expected
But:
Code: 
Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "' or 'a' like '"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & SearchBoxStringInsertedByUser & "*'"
Debug.Print strSQL
=> [TransDesc] = '*' or 'a' like '*'
SQL is correct, but I don't think that was the developer's expected result. ;)
'a' like '*' is alway true.

Fix it:
Code: 
Dim SearchBoxStringInsertedByUser as String
SearchBoxStringInsertedByUser = "' or 'a' like '"
Debug.Print "User insered: "; SearchBoxStringInsertedByUser

Dim strSQL As String
strSQL = "[TransDesc] = '*"  & Replace(SearchBoxStringInsertedByUser, "'", "''") & "*'"
Debug.Print strSQL
=> [TransDesc] = '*'' or ''a'' like ''*'
This is exactly 1 filter expression with one filter value.
 
Last edited:
You must log in or register to reply here.

Similar threads

C
Date Filter not working
Replies
3
Views
513
Gasman
Gasman
C
Compile error
Replies
9
Views
538
ChrisLeicester
C
T
Can someone please assist with the VBA code Below - Error Message 3075
Replies
16
Views
1,005
CJ_London
C
D
Solved Open a report that filters off a form field
Replies
7
Views
644
dullster
D
F
Solved Form with subform filtered by two cascading combo boxes and a checkbox
2
Replies
26
Views
622
Faoineag
F

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom