ms-access Parameterized Queries Vulnerable Approach: Concatenated SQL string with form references

Help us to keep this website almost Ad Free! It takes only 10 seconds of your time:
> Step 1: Go view our video on YouTube: EF Core Bulk Extensions
> Step 2: And Like the video. BONUS: You can also share it!

Example

This is the typical approach for novice developers building SQL action queries. They are vulnerable to the Bobby Tables type SQL Injection attacks.

Dim strSQL As String

strSQL = "INSERT INTO Employees chrFirstName, chrLastName, chrPhone " _
         & "VALUES ('" & Me!txtFirstName & "','" & Me!txtLastName & "','" & Me!txtPhone & "');"

CurrentDb.Execute strSQL


Got any ms-access Question?