如何转义 Access Jet SQL 中的所有特殊字符？

发布于 2024-08-08 06:33:52 字数 268 浏览 8 评论 0原文

我正在尝试使用 DDL 语句更改密码，例如：

CurrentProject.Connection.Execute "ALTER USER barney PASSWORD "[]!@#$%^ oldpassword"

是的，这是一个令人讨厌的密码，但有人尝试过类似的操作。请注意，密码的开头引号不是此处 sql 语法的一部分。我需要类似 mysql_real_escape_string() 但针对 VBA 的东西。有什么提示吗？

原文

I'm trying to change a password with a DDL statement like:

CurrentProject.Connection.Execute "ALTER USER barney PASSWORD "[]!@#$%^ oldpassword"

Yes, that's a nasty password, but someone tried something like that. Notice the beginning quote of the password is not part of the sql syntax here. I need something like mysql_real_escape_string() but for VBA. Any hints?

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

独夜无伴 2024-08-15 06:33:52

您似乎偶然发现了一些事情：您无法使用 SQL DDL 创建包含任何这些字符的（可用）密码（注意维基百科认为这是 SQL DCL）。

下面是一些重现测试场景的代码：

创建一个新的工作组（临时工作组）
文件夹）
使用以下命令创建一个新数据库
工作组
创建一个包含数据的新表
创建一个名为名称的新用户，
使用字母数字的密码和 PID
整个字符
将表上的特权授予
用户
使用新的打开测试连接
用户的凭据
测试用户可以查询
表

发布的代码工作正常。但是，在这两个位置（创建用户时和打开测试连接时）编辑密码以添加非字母字符（例如引号）会在其中一个位置引发错误。

On Error Resume Next
Kill Environ$("temp") & "\MyDatabase.mdb"
Kill Environ$("temp") & "\MyWorkgroup.mdw"
On Error GoTo 0

' Create workgroup and db
Dim cat 
Set cat = CreateObject("ADOX.Catalog")
With cat
  .Create _
      "Provider=Microsoft.Jet.OLEDB.4.0;" & _
      "Jet OLEDB:Engine Type=4;" & _
      "Data Source=" & _
      Environ$("temp") & "\MyWorkgroup.mdw;" & _
      "Jet OLEDB:Create System Database=-1"
  .Create _
      "Provider=Microsoft.Jet.OLEDB.4.0;" & _
      "Jet OLEDB:Engine Type=4;" & _
    "Data Source=" & _
    Environ$("temp") & "\MyDatabase.mdb;" & _
    "Jet OLEDB:System Database=" & _
    Environ$("temp") & "\MyWorkgroup.mdw;"

  ' Add table with data and user with privileges
  With .ActiveConnection
    .Execute "CREATE TABLE Test (data_col INTEGER);"
    .Execute "INSERT INTO Test VALUES (55);"
    .Execute "CREATE USER onedaywhen pwd H3sJaZ9k2m;"  ' <-- edit pwd
    .Execute "GRANT ALL PRIVILEGES ON Test TO onedaywhen;"
  End With
End With

' Test user can connect and SELECT
Dim con 
Set con = CreateObject("ADODB.Connection")
With con
  .ConnectionString = _
    "Provider=Microsoft.Jet.OLEDB.4.0;" & _
    "Jet OLEDB:Engine Type=4;" & _
    "Data Source=" & _
    Environ$("temp") & "\MyDatabase.mdb;" & _
    "Jet OLEDB:System Database=" & _
    Environ$("temp") & "\MyWorkgroup.mdw;" & _
    "User ID=onedaywhen;Password=pwd;"  ' <-- edit pwd
  .Open
  MsgBox .Execute("SELECT * FROM Test;")(0)
End With

由于无法转义“特殊”字符，因此似乎无法使用 SQL DDL/DCL 来完成此操作，我认为这意味着根本无法使用 ADO 来完成此操作。

那么，有人有替代方案，例如 DAO 吗？

You seem to have hit upon something: you cannot create a (usable) password containing any of those characters using SQL DDL (note Wikipedia considers this to be SQL DCL).

Below is some code to reproduce a test scenario:

creates a new workgroup (in temp
folder)
creates a new database using the
workgroup
creates a new table with data
creates a new user with name,
password and PID using alphanumeric
characters throughout
grants privileges on the table to the
user
opens a test connection using the new
user's credentials
tests that the user can query the
table

The code as posted works fine. However, editing the password in both places (when the user is created and when the test connection is opened) to add a non-alpha character (e.g. a quote) raises an error in one of those places.

On Error Resume Next
Kill Environ$("temp") & "\MyDatabase.mdb"
Kill Environ$("temp") & "\MyWorkgroup.mdw"
On Error GoTo 0

' Create workgroup and db
Dim cat 
Set cat = CreateObject("ADOX.Catalog")
With cat
  .Create _
      "Provider=Microsoft.Jet.OLEDB.4.0;" & _
      "Jet OLEDB:Engine Type=4;" & _
      "Data Source=" & _
      Environ$("temp") & "\MyWorkgroup.mdw;" & _
      "Jet OLEDB:Create System Database=-1"
  .Create _
      "Provider=Microsoft.Jet.OLEDB.4.0;" & _
      "Jet OLEDB:Engine Type=4;" & _
    "Data Source=" & _
    Environ$("temp") & "\MyDatabase.mdb;" & _
    "Jet OLEDB:System Database=" & _
    Environ$("temp") & "\MyWorkgroup.mdw;"

  ' Add table with data and user with privileges
  With .ActiveConnection
    .Execute "CREATE TABLE Test (data_col INTEGER);"
    .Execute "INSERT INTO Test VALUES (55);"
    .Execute "CREATE USER onedaywhen pwd H3sJaZ9k2m;"  ' <-- edit pwd
    .Execute "GRANT ALL PRIVILEGES ON Test TO onedaywhen;"
  End With
End With

' Test user can connect and SELECT
Dim con 
Set con = CreateObject("ADODB.Connection")
With con
  .ConnectionString = _
    "Provider=Microsoft.Jet.OLEDB.4.0;" & _
    "Jet OLEDB:Engine Type=4;" & _
    "Data Source=" & _
    Environ$("temp") & "\MyDatabase.mdb;" & _
    "Jet OLEDB:System Database=" & _
    Environ$("temp") & "\MyWorkgroup.mdw;" & _
    "User ID=onedaywhen;Password=pwd;"  ' <-- edit pwd
  .Open
  MsgBox .Execute("SELECT * FROM Test;")(0)
End With

With no means to escape 'special' characters then it seems this can't be done using SQL DDL/DCL, which I think means it cannot be done using ADO at all.

So, anyone got an alternative e.g. DAO?

回复收藏 0 原文

甚是思念 2024-08-15 06:33:52

您应该能够使用 Chr(34) 连接字符串：

  Dim strPassword As String

  strPassword = Chr(34) & "[]!@#$%^"
  CurrentProject.Connection.Execute "ALTER USER barney PASSWORD " & strPassword & " oldpassword"

这是执行此类操作的常用方法。不过，这可能不起作用，因为用户级安全用户界面可能不接受引号（我还没有尝试过）。

You should be able to concatenate in a string using Chr(34):

  Dim strPassword As String

  strPassword = Chr(34) & "[]!@#$%^"
  CurrentProject.Connection.Execute "ALTER USER barney PASSWORD " & strPassword & " oldpassword"

That's the usual way to do this kind of thing. That may not do the trick, though, as the user-level security UI may not accept quotes (I haven't tried it).

回复收藏 0 原文

~没有更多了~