由于是字符型的,这里关键的是引号。在引号内的其他符号都会被当做原意字符处理。一个变通的办法是,引号在数据库中照存不误,仅仅在组成 SQL 语句时处理一下。例如:tmp = txtType For i = 1 To Len(tmp) i = Instr(i, tmp, "'") If i = 0 Then Exit For If Mid(tmp, i + 1 , 1) <> "'" Then tmp = Left(tmp, i) & "'" & Mid(tmp, i + 1) End If i = i + 2 Next i For i = 1 To Len(tmp) i = Instr(i, tmp, """) If i = 0 Then Exit For If Mid(tmp, i + 1 , 1) <> """ Then tmp = Left(tmp, i) & """ & Mid(tmp, i + 1) End If i = i + 2 Next istrSQL = "SELECT * FORM tablename WHERE field1='" & tmp & "'"
For i = 1 To Len(tmp)
i = Instr(i, tmp, "'")
If i = 0 Then Exit For
If Mid(tmp, i + 1 , 1) <> "'" Then
tmp = Left(tmp, i) & "'" & Mid(tmp, i + 1)
End If
i = i + 2
Next i
For i = 1 To Len(tmp)
i = Instr(i, tmp, """)
If i = 0 Then Exit For
If Mid(tmp, i + 1 , 1) <> """ Then
tmp = Left(tmp, i) & """ & Mid(tmp, i + 1)
End If
i = i + 2
Next istrSQL = "SELECT * FORM tablename WHERE field1='" & tmp & "'"
---------------------------------
限制用户输入就行了...