Question : SQL statement not working

This code seems to be convincing itself that the text in the textbox is a column name.  Have been playing about with single qouotes, double quotes and all sorts but its no use.  At the moment it is just returning the password but will go on to check the password in txtPassword matches the value in the corresponding row in the SQL. 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:

Dim cnPubs As ADODB.Connection
Set cnPubs = New ADODB.Connection

'Now open the connection.
'On Error GoTo Error1
cnPubs.Open strConn
With rsPubs
    ' Assign the Connection object.
    .ActiveConnection = cnPubs
    ' Extract the required records.
    .Open "SELECT * FROM Users WHERE Username= 'frmLogin.txtUsername.Text'"
    ' Copy the records into cell A1 on Sheet1.
   ' Sheet1.Range("A1").CopyFromRecordset rsPubs
    Do Until .EOF
    MsgBox (!Password)
    .MoveNext
    Loop

Answer : SQL statement not working

It is possible for users to put single quotes in txtUserName by mistake or intentionally, so you need to protect the statement

    .Open "SELECT * FROM Users WHERE Username= '" & Replace(frmLogin.txtUsername.Text, "'", "''") & "'"

You are still open to SQL injection, so the better way would be to parameterize the query.
Random Solutions  
 
programming4us programming4us